Millions of Up-to-Date Apple Macs Remain Vulnerable to EFI Firmware Hacks

Always keep your operating system and software up-to-date.”

This is one of the most popular and critical advice that every security expert strongly suggests you to follow to prevent yourself from major cyber attacks.

However, even if you attempt to install every damn software update that lands to your system, there is a good chance of your computer remaining outdated and vulnerable.

Researchers from security firm Duo Labs analysed over 73,000 Macs systems and discovered that a surprising number of Apple Mac computers either fails to install patches for EFI firmware vulnerabilities or doesn’t receive any update at all.

Apple uses Intel-designed Extensible Firmware Interface (EFI) for Mac computers that work at a lower level than a computer’s OS and hypervisors—and controls the boot process.

EFI runs before macOS boots up and has higher-level privileges that, if exploited by attackers, could allow EFI malware to control everything without being detected.
“In addition to the ability to circumvent higher level security controls, attacking EFI also makes the adversary very stealthy and hard to detect (it’s hard to trust the OS to tell you the truth about the state of the EFI); it also makes the adversary very difficult to remove—installing a new OS or even replacing the hard disk entirely is not enough to dislodge them,” Duo researchers say.

What’s worse? In addition to neglecting to push out EFI updates to some systems, Apple does not even warn its users of the failed EFI update process or technical glitch, leaving millions of Macs users vulnerable to sophisticated and advanced persistent cyber attacks.

Read more…

Source: The Hacker News