TidBITS security editor Rich Mogull responds to Monday's Wired article about Thunderstrike 2, a proof-of-concept firmware worm that infects attached Thunderbolt devices allowing for non-networked transmission to other Macs:
No, nearly everyone can ignore Thunderstrike 2 entirely. The research really is excellent, compelling work that the Wired piece unfortunately turned into a bit of a fright-fest. The Web attack vector, in particular, is blocked in OS X 10.10.4. The worm can’t automatically jump air gaps — those in sensitive environments can easily protect themselves by being careful where they source their Thunderbolt devices, and this entire family of firmware attacks is likely to become a lot more difficult as hardware improves, and as device manufacturers update their firmware code.
Blocked by Yosemite, Thunderbolt only. Assuming you don't deal in black or gray market external external devices, and you keep your Mac up-to-date, you're probably good.