Study Finds Significant Number of Macs Running Out-of-Date Firmware Susceptible to Critical Exploits

A new research paper from Duo Security, shared by Ars Technica, reveals that a significant number of Macs are running out-of-date EFI versions, leaving them susceptible to critical pre-boot firmware exploits.

macos high sierra trio
The security firm analyzed 73,324 Macs used in production environments and found that, on average, 4.2 percent of the systems were running the incorrect EFI version relative to the model and version of macOS or OS X installed.

The percentage of incorrect EFI versions varies greatly depending on the model. The late 2015 21.5" iMac had the highest occurrence of incorrect EFI firmware, with 43 percent of systems running incorrect versions.

EFI, which stands for Extensible Firmware Interface, bridges a Mac's hardware, firmware, and operating system together to enable it to go from power-on to booting macOS. EFI operates at a lower level than both the operating system and hypervisors, providing attackers with a greater level of control.

Successful attack of a system's UEFI implementation provides an attacker with powerful capabilities in terms of stealth, persistence, and direct access to hardware, all in an OS and VMM independent manner.

Duo Security found that 47 models capable of running OS X Yosemite, OS X El Capitan, or macOS Sierra, for example, did not have an EFI security patch for the Thunderstrike exploit publicly disclosed nearly three years ago.

The research paper noted that there seems to be something interfering with the way bundled EFI updates are installed alongside macOS, while some Macs never received EFI updates whatsoever, but it doesn't know exactly why.

There seems to be something interfering with the way bundled EFI firmware updates are getting installed, leading to systems running old EFI versions. We are not able to give an exact reason why, but there are significant discrepancies between the firmware version that is actually running on real world production systems and the version that is expected to be running, given the OS build. This means that even if your Mac is still receiving security patch support, there is a non-trivial chance that your system is not running the latest version, even though you thought it was installed.

While its research paper is focused on Apple, Duo Security said the same if not worse EFI issues likely affect PCs running Windows or Linux.

In response to the research paper, Apple said it appreciates the research on the industry-wide issue and noted that macOS High Sierra automatically validates a Mac's EFI on a weekly basis to ensure it hasn't been tampered with.

We appreciate Duo's work on this industry-wide issue and noting Apple’s leading approach to this challenge. Apple continues to work diligently in the area of firmware security and we’re always exploring ways to make our systems even more secure. In order to provide a safer and more secure experience in this area, macOS High Sierra automatically validates Mac firmware weekly.

In a related blog post, Duo Security said users should check if they are running the latest version of EFI on their Macs, and it has released a tool to help do so. It also recommends updating to the latest version of macOS High Sierra.

Popular Stories

Generic iOS 18

Apple Releases iOS 18.0.1 With Touch Screen Bug Fix and More

Thursday October 3, 2024 2:22 pm PDT by
Apple today released iOS 18.0.1 and iPadOS 18.0.1, the first updates to the iOS 18 and iPadOS 18 operating systems that debuted earlier in September. iOS 18.0.1 and iPadOS 18.0.1 come two weeks after the launch of iOS 18. The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. According to Apple's release notes, the...
15 New Things Your iPhone Can Do in iOS 18

15 New Things Your iPhone Can Do in iOS 18.1

Friday September 27, 2024 6:14 am PDT by
Apple is set to release iOS 18.1 in October, bringing the first set of Apple Intelligence features to iPhone 15 Pro and iPhone 16 models. This update marks a significant step forward in Apple's AI integration, offering a new Siri contextually-aware experience and a range of additional capabilities powered by on-device machine learning and large language models. There are a couple of handy new...
ipad mini 2021 youtube

New Report Reveals When to Expect the iPad Mini 7

Tuesday October 1, 2024 2:09 pm PDT by
Apple is working on a new iPad mini that will "potentially" be released "by the end of 2024," according to a report today from Bloomberg's Mark Gurman. Last month, Gurman reported that Apple had "new iPads in the works," including an upgraded version of the iPad mini. At the time, he said the device was "on deck for Apple's October event" alongside the first M4 Macs. The wording in his...
macOS Sequoia Night Feature

Apple Releases macOS Sequoia 15.0.1 With Bug Fixes

Thursday October 3, 2024 2:27 pm PDT by
Apple today released macOS Sequoia 15.0.1, the first update for the macOS Sequoia operating system. The 15.0.1 update comes a week after Apple first released macOS Sequoia 15. Mac users can download the ‌macOS Sequoia‌ update by using the Software Update section of System Settings. According to Apple's release notes, macOS Sequoia 15.0.1 fixes a bug that could cause the Messages app...
maxresdefault

Two Weeks With the iPhone 16 Pro Max

Friday October 4, 2024 12:04 pm PDT by
Now that it's been two weeks since the iPhone 16 models were released, we've been able to spend enough time with the new devices to share a more in-depth review on their performance, battery life, feature set, and more. Subscribe to the MacRumors YouTube channel for more videos. We've been testing the iPhone 16 Pro and Pro Max, but the gap between the Pro models and the standard iPhone 16...
Prime Big Deal Days Hero 3

The Best Early Prime Day Deals on AirPods, Apple Watch, and More

Friday October 4, 2024 10:43 am PDT by
Amazon is hosting another Prime Day event this year, called Amazon Prime Big Deal Days and offering shoppers the first chance to save on holiday shopping from a major retailer. Similar to the first Prime Day, it will last for two days (October 8-9) and you can already find a large selection of early deals across Amazon's storefront, covering savings on tech, clothing, video games, groceries, and...
macOS Sequoia Feature

Here Are All the New Features Coming to macOS Sequoia This Month

Thursday October 3, 2024 6:27 am PDT by
‌Apple in October will release macOS Sequoia‌ 15.1, bringing to Macs the first Apple Intelligence features such as Writing Tools, new Siri features, Smart Replies, and more. In addition, macOS 15.1 adds a handful of welcome tweaks and improvements to existing Mac capabilities. Here's what we can expect from the first major update to macOS Sequoia later this month. Note that Apple...
top stories 5oct2024

Top Stories: iOS 18.1 Coming Soon, October Apple Event Rumors, and More

Saturday October 5, 2024 6:00 am PDT by
It's hard to believe we're already into October with the iPhone 16 launch behind us, but there's lots more still to come from Apple this year on both the hardware and software fronts. We're still expecting a number of Mac and perhaps some iPad updates in the very near future, while Apple Intelligence features are set to begin rolling out with iOS 18.1 and related operating system updates....

Top Rated Comments

rpmurray Avatar
92 months ago
In response to the research paper, Apple said it appreciates the research on the industry-wide issue and noted that ONLY macOS High Sierra automatically validates a Mac's EFI ('https://www.macrumors.com/2017/09/25/macos-high-sierra-weekly-efi-security-check/') on a weekly basis to ensure it hasn't been tampered with. Anyone running Macs with an earlier OS (like Sierra or the ancient El Capitan) or a Mac that can't be updated to run High Sierra are SOL.
Score: 10 Votes (Like | Disagree)
840quadra Avatar
92 months ago
4.2% huh, I imagine most of those are in fact Hackintoshes, which are modified EFI to begin with.... I wonder what percent it would be if those were excluded?
I am not sure how many Hackintoshes are in production environments though. It appears that they did this study directly, not using web metrics.

I am sure there are some hackintosh computers being used commercially, though I would expect they would be excluded from such a study. Nevermind completely illegal, exposing those companies to potentially serious lawsuits.
Score: 8 Votes (Like | Disagree)
chrfr Avatar
92 months ago
4.2% huh, I imagine most of those are in fact Hackintoshes, which are modified EFI to begin with.... I wonder what percent it would be if those were excluded?
If you read through the paper, you'll see that these are not Hackintoshes. The guys who wrote this paper are well aware of the details.
[doublepost=1506697970][/doublepost]
This is an old research. I just found out that even when you have the most up to date firmware you still doomed. :D
No, this isn't old.
Score: 8 Votes (Like | Disagree)
jayducharme Avatar
92 months ago
Buy a Mac they said...

Macs can’t get viruses they said...
Well, technically they still can't, not in the way PCs do. But they're still a computer susceptible to hacking.

This discovery gives yet another good reason for always updating your Mac to the latest OS (if your hardware supports it, obviously). Sometimes Apple patches problems before we even know they exist.
Score: 8 Votes (Like | Disagree)
triptolemus Avatar
92 months ago
Can someone explain to me why it's a good idea to download a tool that interacts with the EFI firmware from a third party off of something called Github?
Score: 8 Votes (Like | Disagree)
sos47 Avatar
92 months ago
it hurts me. update to High Sierra not possible. iMac 2011
Score: 6 Votes (Like | Disagree)