Many Patched Macs Still Vulnerable Via EFI Issues

Many Patched Macs Still Vulnerable Via EFI Issues

Security researchers have warned that countless Mac users are at risk because key firmware on the machine hasn’t been receiving security updates.

Duo Security analyzed 73,000 machines and found problems with the Extensible Firmware Interface (EFI), a pre-boot environment which has largely replaced BIOS.

It’s particularly important because if hackers manage to compromise EFI it will grant them a high level of privilege, allowing them to circumvent any security controls implemented at an OS and app level whilst making it extremely hard to detect and remove malicious third parties.

Apple has bundled software and firmware updates since 2015 in a bid to ensure users automatically receive the most current firmware security. However, this has not been the case, according to Duo Security.

An average of 4.2% of the Macs analyzed are running the wrong EFI version based on the hardware model, the OS version and the EFI version released with that OS version, it found.

That’s not all: at least 16 models have never received EFI updates, and 47 models capable of running versions 10.12, 10.11 and 10.10 did not have an EFI firmware patch addressing the vulnerability, Thunderstrike 1. Some 31 models capable of the same did not have an EFI firmware patch addressing the remote version of the Thunderstrike 2 flaw.

Users are urged to upgrade to the latest OS version – 10.12.6 – or at least check if they’re running the latest EFI version for their system.

The models that have received no EFI updates at all are: iMac 7.1, 8.1, 9.1, 10.1; MacBook 5.1, 5.2; MacBookAir 2.1; MacBookPro 3.1, 4.1, 5.1, 5.2, 5.3, 5.4; MacPro 3.1, 4.1, 5.1.

“As the pre-boot environment becomes increasingly like a full operating system in and of its own, it must also be treated like a full OS in terms of the security support and attention applied to it,” said Pepijn Bruienne, Duo research and development engineer. “We are confident Apple is making significant efforts to increase the security of their EFI environment, and look forward to continuing our research to include the newest OS – High Sierra.”

Source: Information Security Magazine