Security Apple

Many Macs vulnerable to firmware attacks, despite OS and security updates

According to a Duo Security report, many Macs didn't get the proper security updates to protect against attacks like Thunderstrike 2 that target EFI firmware.

Video: Think macOS is impervious to malware? Think again!

Many of Apple's Mac computer models may be vulnerable to firmware vulnerabilities, according to a Friday report from Duo Security. The technical whitepaper from the firm detailed how, even with certain updates, the Macs may be susceptible to attacks.

Duo Security built its report on an analysis of more than 73,000 Mac systems from real-world users. It found that many of the Macs weren't receiving proper security updates, leaving the Extensible Firmware Interface (EFI) vulnerable, according to a press release. So, even with some updates, user machines were vulnerable to disclosed vulnerabilities like Thunderstrike 2.

EFI firmware controls some of the boot functionality of a machine, and offers a high level of permission for attackers that can successfully compromise it. Unfortunately, it's often overlooked, Rich Smith, Duo director of research and development, said in the release.

SEE: Information security policy template (Tech Pro Research)

"The sophisticated and targeted nature of firmware attacks should be of particular concern to those who have higher security clearance or access to sensitive information at their respective organizations," Smith said in the release. "The worst possible state for users is to be under the assumption that they are secure after updating their system, when in fact, their actual security posture is very different than what they believe it to be."

Duo Security was able to determine the state of the Mac EFI security because of Apple's move to bundle software and firmware updates, the release stated. With this in mind, it was able to compare the actual state of EFI firmware against its expected state.

Upon comparing these states, the researchers found that machines with a macOS versions older than High Sierra "likely have EFI firmware that has not received the latest fixes for known EFI issues," the release said. These machines could have secure software, but insecure firmware.

On average, some 4.2% of Macs in production are running an EFI firmware version that is different from what they should be running, the release said. Users of the 21.5" iMac released in 2015 should be concerned, as 43% of those sampled systems had incorrect firmware.

Additionally, some 16 Mac models never received any updates for their EFI firmware at all. Many models didn't even have an EFI firmware patch addressing the vulnerability, and some security updates contained the incorrect firmware with their update, the release said.

"While our findings are striking, Apple should be commended in its efforts to get ahead of firmware security issues and seen as an example for the rest of the industry of how to approach the issues surrounding firmware security," Smith said in the release.

The 3 big takeaways for TechRepublic readers

  1. Many Mac computers have EFI firmware vulnerabilities, and didn't receive proper updates to patch them, according to research from Duo Security.
  2. Many Macs also contained the incorrect firmware for their version, with 43% of the 21.5" iMac machines from 2015 having the wrong version.
  3. Some Mac models also never received any updates at all, or received the wrong firmware with their security update.

Also see

Image: CNET
Visit TechRepublic