Study Finds Old or Improperly Updated Macs Vulnerable to EFI Attack Vectors

A concerning number of Macs are currently vulnerable to exploits that completely overwhelm their security and are nearly impossible to detect or even fix after receiving all available security updates from Apple, a study released today has concluded.

According to new research conducted by Duo Security (via Reuters), the Extensible Firmware Interface (EFI) in many popular Mac models are vulnerable to sophisticated attacks and malicious firmware vulnerabilities, such as those exposed in the recent WikiLeaks Vault 7 data dumps.

On average, 4.2 percent of the Macs analyzed ran EFI versions that were different from what was prescribed by the hardware model and OS version. Forty-seven Mac models remained vulnerable to the original Thunderstrike, and 31 remained vulnerable to Thunderstrike 2.

At least 16 models received no EFI updates at all. EFI updates for other models were inconsistently successful, with the 21.5-inch iMac released in late 2015 topping the list, with 43 percent of those sampled running the wrong version.

“Firmware is an often overlooked yet vital component of a system’s security structure,” said Rich Smith, Duo Director of Research and Development. “The sophisticated and targeted nature of firmware attacks should be of particular concern to those who have higher security clearance or access to sensitive information at their respective organizations. The worst possible state for users is to be under the assumption that they are secure after updating their system, when in fact, their actual security posture is very different than what they believe it to be.”

Apple is working to improve the factors behind this situation; it’s still not publicly known whether this is a process or visibility problem on Apple’s end, or how the company intends to address this. It should be noted as well that this is not necessarily exclusive to Apple. Duo said in its report that the same issues are likely present on Windows/Intel systems.

“We appreciate Duo’s work on this industry-wide issue and noting Apple’s leading approach to this challenge,” Apple responded. “Apple continues to work diligently in the area of firmware security and we’re always exploring ways to make our systems even more secure. In order to provide a safer and more secure experience in this area, macOS High Sierra automatically validates Mac firmware weekly.”