Researchers find disparities in how Mac EFI software is distributed, and it’s likely Windows PCs are affected too
Apple Mac users are being warned they could be at risk from insecure boot software, and it’s likely that Windows PCs are affected too.
Researchers at Duo Security carried out tests on 74,000 Mac systems to see what level of protection was afforded to them by their EFI software, and their findings were not what was expected.
While the most up to date version of Mac OS appears to be fine, the level of protection afforded to earlier iterations was not what the researchers expected.
Mac boot issue
Some systems may have installed the most up to date security updates, but were found not to have the latest firmware Indeed, in one instance, the most recently security updates included an older version of the EFI than the previous update. In total, 4.2 percent of the tested Macs were insecure.
And many users might be unaware because there are no notifications. Duo Security said such systems can be regarded as “software secure but firmware vulnerable.”
Of course, adding to the problem is that some Mac users believe they aren’t affected by cybersecurity issues, despite evidence to the contrary.
But Windows users shouldn’t be complacent. The only reason the researchers chose the Mac operating system was because Apple controls it at both a hardware and software level, and they have reason to believe Microsoft’s platform is affected too.
“Our research focused on the Apple Mac ecosystem as Apple is in a somewhat unique position of controlling the full stack from hardware, through firmware, OS, and all the way up to application software and can be considered widely deployed,” said the researchers.
“This single stakeholder ecosystem made the job of gathering and analysing relevant data for our research quite a bit simpler, however, we are of the belief that the main issues we have discovered are generally relevant across all vendors tasked with securing EFI firmware and are not solely Apple.”
If possible, it is recommended Mac owners upgrade to the latest version, but there is one silver lining. It is highly unlikely that the ordinary Mac will be targeted as EFI exploits are more common in nation state attacks, not commodity tools used by every day hackers.
“The upshot of all of the above is that the state of your Mac’s EFI firmware may not be what you expect it to be, and in a number of circumstances, this may leave you vulnerable to a variety of known public EFI security issues,” concluded the researchers.
“That’s not to say this might not change in future, however, there are easier, cheaper, and arguably more effective ways in which attackers can target home users.”
Apple did not respond to Silicon’s requests for comment