[ripa]

Maybe I'm missing something, but if an attacker can update the firmware without Apple's RSA key, then Apple (or you self) should be able to flash it in the same way the attacker did (even though the official update procedure is blocked) and "fix it", or?

[helper]

This attack "closes the door behind it" so that you can't use the same vector to undo it. Specifically it completely disables loading option ROMs.

[ripa]

I see, thanks for the explanation! Hopefully we'll see an EFI upgrade fixing it soon.

[userbinator]

The attacker can essentially "seal" the firmware in by writing a modified BIOS that either skips executing option ROMs, or write-protects the flash before executing them (as Apple's firmware should've originally done); then you'd need to use hardware to reflash.

[ripa]

I see, thanks for the explanation! As written in the other response, hopefully we'll see an EFI upgrade fixing it soon.