An unexplained Mac issue has left thousands of Apple’s computers potentially vulnerable to malware, though the Cupertino firm has downplayed the severity of the flaw. Researchers at Duo Security discovered that, while Apple had been diligent in upgrading macOS and security updates, the EFI – or Extensible Firmware Interface – was in some cases left unchanged. That, they point out, could open the door to those with nefarious intentions using loopholes in outdated firmware to hack a system.
While few outside of computing circles may give the EFI much thought, it’s an important part of every modern computer. Effectively, it’s the environment your computer loads into before the operating system – in Apple’s case, macOS – boots.
As Duo Security points out, that gives it some specific allure to hackers. Since it loads before the full OS, during that period software that attacks the EFI could do so while the computer went unprotected by more advanced security baked into the operating system. “In a nutshell,” they write, “this means that attacking at the EFI layer means that you exert control of a system at a level that allows you to circumvent security controls put in place at higher levels, including the security mechanisms of the OS and applications.”
The researchers looked at more than 73,000 Macs in the wild, comparing them – including their EFI version, OS version, and other details – with all of Apple’s Mac updates from the past three years, covering macOS 10.10.0 to 10.12.6. They found that there were discrepancies between the expected EFI version and what was actually installed in practice. Some models were more susceptible than others, it turned out: while some Macs were getting regular EFI updates, at the other extreme some had never received an update.
Not only has Duo Security released a list of those particular models, it has also cooked up a tool that tests the EFI version. As they go on to point out, even if you’re running an outdated version – and even if there’s not a newer one available – it’s not necessarily the end of the world. While enterprise system admins might want to replace such machines, everyday users with a Mac at home are far less at risk from malware like Thunderstrike.
For its part, Apple welcomed the researchers’ efforts. It also pointed out that, while this may be a problem, it’s something Mac owners probably shouldn’t worry about – as long as they’re running the latest version of the OS, macOS High Sierra:
“We appreciate Duo’s work on this industry-wide issue and noting Apple’s leading approach to this challenge. Apple continues to work diligently in the area of firmware security and we’re always exploring ways to make our systems even more secure. In order to provide a safer and more secure experience in this area, macOS High Sierra automatically validates Mac firmware weekly” Apple
Though Duo Security focused on Apple’s computers, that was primarily because of the convenience of being able to look at machines that use software and hardware from a single company, the research team points out. Indeed, Windows computers could be just as vulnerable to outdated EFI firmware going unnoticed, and possibly more-so. It’s probably a good idea to check what updates your PC’s manufacturer may have released, and install any that are relevant.