Apple's Beats brand in April unveiled the Powerbeats Pro, a redesigned wire-free version of its popular fitness-oriented Powerbeats earbuds.
Study Finds Significant Number of Macs Running Out-of-Date Firmware Susceptible to Critical Exploits
A new research paper from Duo Security, shared by Ars Technica, reveals that a significant number of Macs are running out-of-date EFI versions, leaving them susceptible to critical pre-boot firmware exploits.
The security firm analyzed 73,324 Macs used in production environments and found that, on average, 4.2 percent of the systems were running the incorrect EFI version relative to the model and version of macOS or OS X installed.
The percentage of incorrect EFI versions varies greatly depending on the model. The late 2015 21.5" iMac had the highest occurrence of incorrect EFI firmware, with 43 percent of systems running incorrect versions.
EFI, which stands for Extensible Firmware Interface, bridges a Mac's hardware, firmware, and operating system together to enable it to go from power-on to booting macOS. EFI operates at a lower level than both the operating system and hypervisors, providing attackers with a greater level of control.
The research paper noted that there seems to be something interfering with the way bundled EFI updates are installed alongside macOS, while some Macs never received EFI updates whatsoever, but it doesn't know exactly why.
In response to the research paper, Apple said it appreciates the research on the industry-wide issue and noted that macOS High Sierra automatically validates a Mac's EFI on a weekly basis to ensure it hasn't been tampered with.
The security firm analyzed 73,324 Macs used in production environments and found that, on average, 4.2 percent of the systems were running the incorrect EFI version relative to the model and version of macOS or OS X installed.
The percentage of incorrect EFI versions varies greatly depending on the model. The late 2015 21.5" iMac had the highest occurrence of incorrect EFI firmware, with 43 percent of systems running incorrect versions.
EFI, which stands for Extensible Firmware Interface, bridges a Mac's hardware, firmware, and operating system together to enable it to go from power-on to booting macOS. EFI operates at a lower level than both the operating system and hypervisors, providing attackers with a greater level of control.
Successful attack of a system's UEFI implementation provides an attacker with powerful capabilities in terms of stealth, persistence, and direct access to hardware, all in an OS and VMM independent manner.Duo Security found that 47 models capable of running OS X Yosemite, OS X El Capitan, or macOS Sierra, for example, did not have an EFI security patch for the Thunderstrike exploit publicly disclosed nearly three years ago.
The research paper noted that there seems to be something interfering with the way bundled EFI updates are installed alongside macOS, while some Macs never received EFI updates whatsoever, but it doesn't know exactly why.
There seems to be something interfering with the way bundled EFI firmware updates are getting installed, leading to systems running old EFI versions. We are not able to give an exact reason why, but there are significant discrepancies between the firmware version that is actually running on real world production systems and the version that is expected to be running, given the OS build. This means that even if your Mac is still receiving security patch support, there is a non-trivial chance that your system is not running the latest version, even though you thought it was installed.While its research paper is focused on Apple, Duo Security said the same if not worse EFI issues likely affect PCs running Windows or Linux.
In response to the research paper, Apple said it appreciates the research on the industry-wide issue and noted that macOS High Sierra automatically validates a Mac's EFI on a weekly basis to ensure it hasn't been tampered with.
We appreciate Duo's work on this industry-wide issue and noting Apple’s leading approach to this challenge. Apple continues to work diligently in the area of firmware security and we’re always exploring ways to make our systems even more secure. In order to provide a safer and more secure experience in this area, macOS High Sierra automatically validates Mac firmware weekly.In a related blog post, Duo Security said users should check if they are running the latest version of EFI on their Macs, and it has released a tool to help do so. It also recommends updating to the latest version of macOS High Sierra.
[ 166 comments ]
Top Rated Comments
(View all)
23 months ago
In response to the research paper, Apple said it appreciates the research on the industry-wide issue and noted that ONLY macOS High Sierra automatically validates a Mac's EFI ('https://www.macrumors.com/2017/09/25/macos-high-sierra-weekly-efi-security-check/') on a weekly basis to ensure it hasn't been tampered with. Anyone running Macs with an earlier OS (like Sierra or the ancient El Capitan) or a Mac that can't be updated to run High Sierra are SOL.
23 months ago
Buy a Mac they said...
Macs can’t get viruses they said...
This discovery gives yet another good reason for always updating your Mac to the latest OS (if your hardware supports it, obviously). Sometimes Apple patches problems before we even know they exist.
23 months ago
Can someone explain to me why it's a good idea to download a tool that interacts with the EFI firmware from a third party off of something called Github?
23 months ago
4.2% huh, I imagine most of those are in fact Hackintoshes, which are modified EFI to begin with.... I wonder what percent it would be if those were excluded?
If you read through the paper, you'll see that these are not Hackintoshes. The guys who wrote this paper are well aware of the details.[doublepost=1506697970][/doublepost]
This is an old research. I just found out that even when you have the most up to date firmware you still doomed. :D
No, this isn't old.
23 months ago
4.2% huh, I imagine most of those are in fact Hackintoshes, which are modified EFI to begin with.... I wonder what percent it would be if those were excluded?
I am not sure how many Hackintoshes are in production environments though. It appears that they did this study directly, not using web metrics.I am sure there are some hackintosh computers being used commercially, though I would expect they would be excluded from such a study. Nevermind completely illegal, exposing those companies to potentially serious lawsuits.
23 months ago
Well, if Apple hadn't decided that my perfectly good, still very fast, still completely capable 2008 Mac Pro wasn't going to receive any software updates beyond El Capitan, we wouldn't have this problem now would we?
This is the one thing about Apple I cannot stand. Microsoft will let you install Windows on any PC, yet Apple randomly decides which Macs won't get the latest software regardless of specs. It's infuriating.
This is the one thing about Apple I cannot stand. Microsoft will let you install Windows on any PC, yet Apple randomly decides which Macs won't get the latest software regardless of specs. It's infuriating.
23 months ago
4.2% huh, I imagine most of those are in fact Hackintoshes, which are modified EFI to begin with.... I wonder what percent it would be if those were excluded?
23 months ago
This is news we can almost use. Instructions on how to find our firmware version and a list of current versions for Mac models, now that would have been news we could actually use.
[ Read All Comments ]
Belkin today announced that its InvisiGlass Ultra Front and Back Protection for the latest iPhone models is now available for purchase from Apple.
The InvisiGlass Ultra Front and Back...
Apple this morning released the second beta of watchOS 6, the software that runs on the Apple Watch. The second beta comes two weeks after Apple first unveiled the new update at the Worldwide...
Apple today seeded the second beta of an upcoming tvOS 13 update to developers, two weeks after first unveiling the tvOS 13 software at the Worldwide Developers Conference.
Designed for the...
Aspyr has announced that today is the last day of sales for its 32-bit Mac games, in anticipation of Apple's upcoming move to 64-bit only apps on macOS Catalina later this year.
After...
Amazon is offering the latest MacBook Pro at a new all-time-low price, with savings of up to $199 off original prices. Across the board these are the best deals available online from the major...
MacRumors and Twelve South's latest partnership offers our readers an exclusive chance to save 12 percent off their entire purchase on TwelveSouth.com. In the past, our exclusive Twelve South...
In iOS 13, Apple has extended the system's built-in screenshot feature to include the ability to save a full web page as a multi-page PDF.
Don't expect this option to appear when...
For this week's giveaway, we've teamed up with Twelve South to offer MacRumors readers a chance to win a prize pack that includes a BookBook vol. 2 for iPad Pro, an AirFly, and a set of...
