Thousands of Macs exposed to EFI boot-up bug

Some relatively new Macs haven't had a pre-boot update since they were first put on the market

Despite Macs being viewed as the more secure of the two leading computer operating systems, Duo Labs has revealed up to 4.2% of Macs could be vulnerable to a boot up bug caused by outdated software.

The security firm analysed 73,000 "real-world" Macs and all updates to the operating system over the last three years to get an idea of extensible firmware interface (EFI) updates - used to pre-boot Macs - released for the core platform.

Advertisement - Article continues below

It discovered the EFI had not been updated in many of the Macs it tested and although some computers had the most recent security patches and operating systems installed, the pre-boot environment had never been updated, leaving it open to exploit.

However, the researchers said it was unlikely the vulnerability had ever been used, as it simply takes too much effort to exploit compared to other techniques for stealing cash and credentials.

"Attacks against EFI have so far been part of the toolkit used by sophisticated adversaries who have specific high value targets in their sights," Rich SmithandPepijn Bruienne said in a blog post. "Such adversaries are often spoken about in the same breath asnation state attacksandindustrial espionage."

However, they did say that businesses using Macs that can't have the EFI updated should be taken out of service, or at least moved to secure roles, for example, that don't require the use of network access.

Advertisement - Article continues below
Advertisement - Article continues below

"While EFI attacks are currently considered bothsophisticatedandtargeted, depending on the nature of the work your organization does and the value of the data you work with, it's quite possible that EFI attacks fall within your threat model," they said.

"In this regard, vulnerability to EFI security issues should carry the same weight as vulnerability to software security issues and you need to determine if you can accept the risk of having vulnerable (and potentially unpatchable) systems in your environment."

Apple said as a result of Duo Labs' work, it would be re-assessing the way it updates machines, according to the BBC.

It's yet another blow to a name that is typically synonymous with security. Last week, US security researcher and former NSA hacker Patrick Wardle discovered a zero-day exploit affecting the Keychain within macOS High Sierra, allowing hackers to access saved passwords without a master key.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now



University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020

How to find RAM speed, size and type

24 Jun 2020
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020