This newly bug is more serious than the Thunderstrike which was discovered late last year. As both the bug give a attacker the same persistent and low-level control of a Mac, but the new bug didn't required any physical access to the attacker as like ThunderStrike.
Vilaca said -
"A remote exploit could simply deliver a payload that will either wait or test if a previous sleep existed and machine is vulnerable, or force a sleep and wait for a wakeup to resume its work,"
"After the BIOS protections are unlocked it can simply overwrite the BIOS firmware with something that contains an EFI rootkit and that's it.
" BIOS rootkits are more powerful than normal rootkits because they work at a lower level and can survive any machine reinstall and also BIOS updates." - he added.To work, an exploit would require a vulnerability that provides the attacker with unfettered "root" access to OS X resources. Such vulnerabilities aren't always easy to find, but they're by no means impossible, as demonstrated by the Rootpipe privilege escalation bug that came to light late last year. Vilaca said a drive-by exploit planted on a hacked or malicious website could be used to trigger the BIOS attack.
As this is Zero-Day vulnerability, so there is no patch available till yet. Apple team have also not commented on this issue, but the team will soon released a patch for this,