Study Finds Significant Number of Macs Running Out-of-Date Firmware Susceptible to Critical Exploits
one of the most common and important advice that every security expert heavily suggests you to follow to prevent yourself from above cyber attacks.
But, also if you try to install every damn/crack software update that lands to your system, there is a good chance of your computer stopping outdated and vulnerable.
Researchers at security firm Duo Labs analyzed over 73,000 Macs systems and discovered that a surprising number of Apple Mac computers either fails to install patches for EFI firmware vulnerabilities or doesn’t receive any update at all.
Apple accepts Intel-designed Extensible Firmware Interface (EFI) for Mac computers that work at a lower level than a computer’s OS and hypervisors—and controls the boot process.
“In addition to the ability to circumvent higher level security controls, attacking EFI also makes the adversary very stealthy and hard to detect (it’s hard to trust the OS to tell you the truth about the state of the EFI); it also makes the adversary very difficult to remove—installing a new OS or even replacing the hard disk entirely is not enough to dislodge them,” Duo researchers say.
Everything serious? In addition to missing to push out EFI updates to some systems, Apple does not even warn its users of the failed EFI update process or technical glitch, leaving millions of Macs users vulnerable to sophisticated and advanced persistent cyber attacks.
About normal, Duo said 4.2% of 73,324 real-world Macs used in the enterprise settings were found running a different EFI firmware version they should not be running—based on the hardware model, the operating system version, and the EFI version released with that OS.
You’ll be shocked by knowing the numbers for some specific Mac models—43% of the analysed iMac models (21.5″ of late 2015) were running outdated, insecure firmware, and at least 16 Mac models had never received any EFI firmware updates when Mac OS X 10.10 and 10.12.6 was available.
“For the main EFI vulnerabilities that were acknowledged by Apple and patched during the time of our analysis, there were surprising numbers of models of Macs that received no update to their EFI despite continuing to receive software security updates,” Duo researchers say.
“Even if you’re running the most recent version of macOS and have installed the latest patches that have been released, our data shows there is a non-trivial chance that the EFI firmware you’re running might not be the most up-to-date version,”
Duo more exposed 47 models that were running 10.12, 10.11, 10.10 versions of macOS and did not receive the EFI firmware update with patches to address the known vulnerability, Thunderstrike 1.
The Thunderstrike attacks, initially developed by the National Security Agency (NSA), were also exposed in the WikiLeaks Vault 7 data dumps, which also mentioned the attack relies on the outdated firmware.
According to the researchers, their research was focused on the Mac ecosystem as Apple is in a somewhat unique position of controlling the full stack, but it can be widely deployed.
“However, we are of the belief that the main issues we have discovered are generally relevant across all vendors tasked with securing EFI firmware and are not solely Apple,” the researchers said.
Enterprises with a large number of Mac computers should review their models outlined in the Duo Labs whitepaper, “The Apple of Your EFI: Findings From an Empirical Study of EFI Security,” to see if their models are out-of-date.
Mac users and administrators can also check if they are running the latest version of EFI for their systems by using free open-source tool , which will soon be made available by the company.