Thousands of Macs exposed to EFI boot-up bug

Some relatively new Macs haven't had a pre-boot update since they were first put on the market

Despite Macs being viewed as the more secure of the two leading computer operating systems, Duo Labs has revealed up to 4.2% of Macs could be vulnerable to a boot up bug caused by outdated software.

The security firm analysed 73,000 "real-world" Macs and all updates to the operating system over the last three years to get an idea of extensible firmware interface (EFI) updates - used to pre-boot Macs - released for the core platform.

It discovered the EFI had not been updated in many of the Macs it tested and although some computers had the most recent security patches and operating systems installed, the pre-boot environment had never been updated, leaving it open to exploit.

However, the researchers said it was unlikely the vulnerability had ever been used, as it simply takes too much effort to exploit compared to other techniques for stealing cash and credentials.

"Attacks against EFI have so far been part of the toolkit used by sophisticated adversaries who have specific high value targets in their sights," Rich SmithandPepijn Bruienne said in a blog post. "Such adversaries are often spoken about in the same breath asnation state attacksandindustrial espionage."

Advertisement - Article continues below
Advertisement - Article continues below

However, they did say that businesses using Macs that can't have the EFI updated should be taken out of service, or at least moved to secure roles, for example, that don't require the use of network access.

"While EFI attacks are currently considered bothsophisticatedandtargeted, depending on the nature of the work your organization does and the value of the data you work with, it's quite possible that EFI attacks fall within your threat model," they said.

"In this regard, vulnerability to EFI security issues should carry the same weight as vulnerability to software security issues and you need to determine if you can accept the risk of having vulnerable (and potentially unpatchable) systems in your environment."

Apple said as a result of Duo Labs' work, it would be re-assessing the way it updates machines, according to the BBC.

It's yet another blow to a name that is typically synonymous with security. Last week, US security researcher and former NSA hacker Patrick Wardle discovered a zero-day exploit affecting the Keychain within macOS High Sierra, allowing hackers to access saved passwords without a master key.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now



Best laptops 2019: Dell, Apple, Acer and more

19 Dec 2019
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

12 Apr 2019

Most Popular

public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
web browser

Microsoft developer declares it's time to ditch IE for Edge

23 Jan 2020