An unexplained Mac issue has left thousands of Apple’s
computers potentially vulnerable to malware, though the Cupertino firm has
downplayed the severity of the flaw. Researchers at Duo Security discovered
that, while Apple had been diligent in upgrading macOS and security updates,
the EFI – or Extensible Firmware Interface – was in some cases left unchanged.
That, they point out, could open the door to those with nefarious intentions
using loopholes in outdated firmware to hack a system.
While few outside of computing circles may give the EFI much
thought, it’s an important part of every modern computer. Effectively, it’s the
environment your computer loads into before the operating system – in Apple’s
case, macOS – boots.
As Duo Security points out, that gives it some specific
allure to hackers. Since it loads before the full OS, during that period
software that attacks the EFI could do so while the computer went unprotected
by more advanced security baked into the operating system. “In a nutshell,”
they write, “this means that attacking at the EFI layer means that you exert
control of a system at a level that allows you to circumvent security controls
put in place at higher levels, including the security mechanisms of the OS and
applications.”
The researchers looked at more than 73,000 Macs in the wild,
comparing them – including their EFI version, OS version, and other details –
with all of Apple’s Mac updates from the past three years, covering macOS
10.10.0 to 10.12.6. They found that there were discrepancies between the
expected EFI version and what was actually installed in practice. Some models
were more susceptible than others, it turned out: while some Macs were getting
regular EFI updates, at the other extreme some had never received an update.
Not only has Duo Security released a list of those
particular models, it has also cooked up a tool that tests the EFI version. As
they go on to point out, even if you’re running an outdated version – and even
if there’s not a newer one available – it’s not necessarily the end of the
world. While enterprise system admins might want to replace such machines,
everyday users with a Mac at home are far less at risk from malware like
Thunderstrike.
For its part, Apple welcomed the researchers’ efforts. It
also pointed out that, while this may be a problem, it’s something Mac owners
probably shouldn’t worry about – as long as they’re running the latest version
of the OS, macOS High Sierra:
“We appreciate Duo’s work on this industry-wide issue and
noting Apple’s leading approach to this challenge. Apple continues to work
diligently in the area of firmware security and we’re always exploring ways to
make our systems even more secure. In order to provide a safer and more secure
experience in this area, macOS High Sierra automatically validates Mac firmware
weekly” Apple
Though Duo Security focused on Apple’s computers, that was
primarily because of the convenience of being able to look at machines that use
software and hardware from a single company, the research team points out.
Indeed, Windows computers could be just as vulnerable to outdated EFI firmware
going unnoticed, and possibly more-so. It’s probably a good idea to check what
updates your PC’s manufacturer may have released, and install any that are relevant.
