Thousands of Macs exposed to EFI boot-up bug

Some relatively new Macs haven't had a pre-boot update since they were first put on the market

Despite Macs being viewed as the more secure of the two leading computer operating systems, Duo Labs has revealed up to 4.2% of Macs could be vulnerable to a boot up bug caused by outdated software.

The security firm analysed 73,000 "real-world" Macs and all updates to the operating system over the last three years to get an idea of extensible firmware interface (EFI) updates - used to pre-boot Macs - released for the core platform.

It discovered the EFI had not been updated in many of the Macs it tested and although some computers had the most recent security patches and operating systems installed, the pre-boot environment had never been updated, leaving it open to exploit.

However, the researchers said it was unlikely the vulnerability had ever been used, as it simply takes too much effort to exploit compared to other techniques for stealing cash and credentials.

"Attacks against EFI have so far been part of the toolkit used by sophisticated adversaries who have specific high value targets in their sights," Rich SmithandPepijn Bruienne said in a blog post. "Such adversaries are often spoken about in the same breath asnation state attacksandindustrial espionage."

Advertisement - Article continues below

However, they did say that businesses using Macs that can't have the EFI updated should be taken out of service, or at least moved to secure roles, for example, that don't require the use of network access.

"While EFI attacks are currently considered bothsophisticatedandtargeted, depending on the nature of the work your organization does and the value of the data you work with, it's quite possible that EFI attacks fall within your threat model," they said.

"In this regard, vulnerability to EFI security issues should carry the same weight as vulnerability to software security issues and you need to determine if you can accept the risk of having vulnerable (and potentially unpatchable) systems in your environment."

Apple said as a result of Duo Labs' work, it would be re-assessing the way it updates machines, according to the BBC.

It's yet another blow to a name that is typically synonymous with security. Last week, US security researcher and former NSA hacker Patrick Wardle discovered a zero-day exploit affecting the Keychain within macOS High Sierra, allowing hackers to access saved passwords without a master key.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now



Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Best laptops 2019: Dell, Apple, Acer and more

3 May 2019

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

12 Apr 2019

Most Popular

identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019

Five signs that it’s time to retire IT kit

29 Nov 2019

Where modernisation and sustainability meet: A tale of two benefits

25 Nov 2019