https://trmm.net/Thunderstrike (2014)

Thunderstrike is the name for a class of Apple EFI firmware security vulnerabilities that allow malicious software or Thunderbolt devices to flash untrusted code to the boot ROM and propagate via shared devices. It was presented at 31C3. You can read an annotated version of the presentation or watch the hour long video. The FAQ answers common questions and I've also cataloged appearances in the media. There is now a no-hardware-required variant, Thunderstrike 2, which was presented at DefCon 23 / Blackhat 2015.

http://ho.ax/downloads/De_Mysteriis_Dom_Jobsivs_Black_Hat_Slides.pdf (2012)