The host is installed with Apple Mac OS X or Server 10.10 before 10.10.2 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle crafted code in an Option ROM. Successful exploitation allows attackers to modify firmware during the EFI update process by inserting a Thunderbolt device.