EFI


'EFI' Articles

Study Finds Significant Number of Macs Running Out-of-Date Firmware Susceptible to Critical Exploits

A new research paper from Duo Security, shared by Ars Technica, reveals that a significant number of Macs are running out-of-date EFI versions, leaving them susceptible to critical pre-boot firmware exploits. The security firm analyzed 73,324 Macs used in production environments and found that, on average, 4.2 percent of the systems were running the incorrect EFI version relative to the model and version of macOS or OS X installed. The percentage of incorrect EFI versions varies greatly depending on the model. The late 2015 21.5" iMac had the highest occurrence of incorrect EFI firmware, with 43 percent of systems running incorrect versions. EFI, which stands for Extensible Firmware Interface, bridges a Mac's hardware, firmware, and operating system together to enable it to go from power-on to booting macOS. EFI operates at a lower level than both the operating system and hypervisors, providing attackers with a greater level of control.Successful attack of a system's UEFI implementation provides an attacker with powerful capabilities in terms of stealth, persistence, and direct access to hardware, all in an OS and VMM independent manner.Duo Security found that 47 models capable of running OS X Yosemite, OS X El Capitan, or macOS Sierra, for example, did not have an EFI security patch for the Thunderstrike exploit publicly disclosed nearly three years ago. The research paper noted that there seems to be something interfering with the way bundled EFI updates are installed alongside macOS, while some Macs never received EFI updates whatsoever, but it doesn't

macOS High Sierra Automatically Performs Security Check on EFI Firmware Each Week

Mac users who upgrade to macOS High Sierra will benefit from a significant new security feature that works in the background. macOS High Sierra automatically checks a Mac's EFI firmware against Apple's database of "known good" data to ensure it hasn't been tampered with, according to a series of tweets from an Apple engineer. The tweets have since been deleted, but a summary remains available on the Mac blog The Eclectic Light Company.The new utility eficheck, located in /usr/libexec/firmwarecheckers/eficheck, runs automatically once a week. It checks that Mac's firmware against Apple's database of what is known to be good. If it passes, you will see nothing of this, but if there are discrepancies, you will be invited to send a report to Apple.If the check fails, a prompt will appear with options to "Send to Apple" or "Don't Send." The selection is remembered in subsequent weeks. The "eficheck" tool sends the binary data from the EFI firmware, and preserves user privacy by excluding data which is stored in NVRAM, according to The Eclectic Light Company. Apple will then be able to analyze the data to determine whether it has been altered by malware or anything else. The database's library will be automatically and silently updated so long as security updates are turned on. EFI, which stands for Extensible Firmware Interface, bridges a Mac's hardware, firmware, and operating system together to enable it to go from power-on to booting macOS. macOS High Sierra will be publicly released on the Mac App Store later