Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Can my recovery partition get infected with malware?

Hey,


Hope everyone is doing well. My question is a stated in the discussion title, can my recovery partition get infected with malware? I recently had some security issues where one of my online account got compromised. I don't know how the person got my credentials, probably some exploit with my browser or its plugins. But the bottom line is I don't know so I want to do a fresh install and keep all my programs updated. Doing a fresh install of osx i believe is done via the recover partition, so I was wondering how hard would it be for a malware to infect the recovery partition?


One google search of "os x mount recovery partition" showed me that the recovery drive can be mounted. I have never mounted my recovery partition on osx (never found the need to). But I'm mentioning this because if a user can mount that partition then can't a malware mimic that action and write itself to the partition. But I'm just assuming this so I was wondering what are the chances of my recovery drive being infected with malware if possible?


Thanks in advance,


j3rg

iMac, OS X Yosemite (10.10.4)

Posted on Aug 5, 2015 9:39 AM

Reply
Question marked as Best reply

Posted on Aug 5, 2015 10:29 AM

I've never heard of any exploit that can affect a hidden partition, but that doesn't mean it isn't possible.


If you want to be sure, restart and boot into Internet Recover Mode (restart and hold Command+Option+R). You'll get the same basic work screen you see in Recovery Mode, except it's running from firmware; not the hidden partition on the drive.


Launch Disk Utility and highlight the hard drive's physical drive name at the far left so the Partition tab appears at the right. Choose that and change the drive layout to something other than Current. That means even if your drive is one partition now, and that's all you want, change the drop down menu to 1 Partition. This tells Disk Utility to completely repartition the drive which will wipe out not just the normal partition you start up to, but also the current hidden recovery partition.


Once DU is done repartitioning the drive (should only take 20 - 30 seconds), quit DU and choose to install OS X. The version of OS X your Mac came with will be installed, and a new hidden recovery partition will be created.

3 replies
Question marked as Best reply

Aug 5, 2015 10:29 AM in response to j3rg

I've never heard of any exploit that can affect a hidden partition, but that doesn't mean it isn't possible.


If you want to be sure, restart and boot into Internet Recover Mode (restart and hold Command+Option+R). You'll get the same basic work screen you see in Recovery Mode, except it's running from firmware; not the hidden partition on the drive.


Launch Disk Utility and highlight the hard drive's physical drive name at the far left so the Partition tab appears at the right. Choose that and change the drive layout to something other than Current. That means even if your drive is one partition now, and that's all you want, change the drop down menu to 1 Partition. This tells Disk Utility to completely repartition the drive which will wipe out not just the normal partition you start up to, but also the current hidden recovery partition.


Once DU is done repartitioning the drive (should only take 20 - 30 seconds), quit DU and choose to install OS X. The version of OS X your Mac came with will be installed, and a new hidden recovery partition will be created.

Aug 5, 2015 12:24 PM in response to Kurt Lang

I was referring to the exploit grabbing my credentials for instance some browser (or browser plugin) exploit the allows MITM. When I was referring to the partition I was referring to the a malware that's already on your system that will mount the partition, however your reply answered my question none the less. Its good to know that Internet Recovery Mode is ran from firmware.


Thanks


j3rg

Can my recovery partition get infected with malware?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.