EFI upgrade issues have left millions of Apple Macs vulnerable to targeted attacks, PCs are likely to be worse off: Study

Security firm Duo has published a report stating that Apple Macs are not getting critical firmware updates essential for system security.

Millions of Apple Macs are running aging firmware

Millions of Apple Macs are running aging firmware

According to the report, security experts examined the state of the EFI firmware on over 54,000 Macs currently supported by Apple. They were surprised to discover that a significant percent of these Macs are running out-of-date EFI firmware that was vulnerable to many known vulnerabilities.

EFI, like BIOS before it, is the interface that helps your operating system (OS) boot up for the first time. It’s like a liaison between the hardware and the software. An operating system cannot load without a functioning EFI.

The scary part of this news is the fact that if EFI is compromised, there’s nothing you can really do about it. Your antivirus and OS will not detect an issue and wiping your storage will not make a difference. EFI loads before most security protocols kick in, giving any EFI-based malware far more control over the infected system.

“There was a surprisingly high level of discrepancy between the EFI versions we expected to find running on the real-world Mac systems and the EFI versions we actually found running,” say the researchers.

The firmware issue isn’t just limited to Macs, however. As Wired notes, these experts simply targeted Macs because the hardware was easier to audit. EFI firmware on Windows and Linux-based PCs for example, is likely to be just as bad.

Macs (and PCs, for that matter), are supposed to receive regular firmware updates as part of the OS update process. These updates should, in theory, happen silently in the background. When an update fails, you get a notification that it failed. When an EFI update fails, however, there appears to be no such notification, note the researchers.

The problem isn’t that Apple is not listening to researchers and delivering firmware updates, it is, the problem is that these updates aren’t getting installed on an alarmingly large number of systems and there’s no way for a user to tell this is happening.

When contacted by Wired, Apple released a statement saying that macOS High Sierra, the current iteration of macOS, checks EFI for errors once a week. Wired notes that while it’s nice to have this feature, it doesn’t help much because it only checks if the firmware has been hacked, not if it’s out of date.

An security expert from Malwarebytes told Wired that he thinks the situation is significantly worse on Windows than on Mac, however.

The recent Thunderstrike and Thunderstrike 2 attacks revealed by Wikileaks highlights the hazards of running on out-of-date firmware. The CIA used these attacks to infect target computers, according to WikiLeaks.

Thankfully, the average user needn't worry too much about these vulnerabilities because EFI hacking, even in the case of Thunderstrike, requires physical access to the computer to be infected.

A tool for checking if your Mac’s firmware for vulnerabilities is available here. It’s open-source, so you can examine the code for yourself, if you’re so inclined.


Published Date: Sep 30, 2017 16:01 PM | Updated Date: Sep 30, 2017 16:01 PM