Researchers have discovered
that a worryingly large number of Apple Mac computers either fail to install patches for EFI firmware vulnerabilities or don’t receive any update at all.
What is EFI firmware?
- EFI stands for Extensible Firmware Interface.
- Very simply it’s the first program that runs when an Apple computer is turned on.
- It checks to see what hardware components the computer has, wakes the components up and hands them over to the Mac operating system.
- This is otherwise known as the boot process. EFI controls this process.
So what exactly is the vulnerability?
Every operating system and software requires updates.
When Apple, and any other vendor for that matter, releases an OS updates this will include updates to the firmware too.
- However, the researchers discovered that some Apple Mac computers didn’t install the EFI patches
- In some cases the updates the update wasn’t received
How many Apple computers are affected?
- The researchers analysed all Apple Mac updates released over the last three years
- It then gathered the OS version, build number, Mac model version, and EFI firmware version from over 73,000 real-world Mac systems
- It concluded that 4.2% of 73,324 real-world Macs were found running a different EFI firmware version they should not be running. Extrapolating this figure suggests millions of Apple computers could be vulnerable
What are the implications?
The researchers concluded:
- EFI updates are not pushed out to some Apple systems
- Apple does not warn its users of the failed EFI update process or technical glitch
- Potentially millions of Macs users are vulnerable to sophisticated and advanced persistent cyber-attacks.
What sort of attacks?
- It’s serious. Attacking the boot process firmware means the attacker can basically get in under the radar, evading standard security controls
- It’s also incredibly hard to detect and the attacker could potentially control everything on the computer
What can I do?
The researchers have published an extensive paper
that provides chapter and verse on the EFI vulnerabilities.
It provides a rundown on the different Mac operating systems affected and the different Mac models.
You can also take consolation in the researcher’s belief that home users won’t be radically affected by the breach, as follows:
- To date EFI-based attacks have been used by extremely sophisticated attackers who are going after precise, high value targets
- These types of attacks tend to be at the level of nation-state sponsored attacks and industrial espionage, that is, the theft of engineering/aircraft/rocket engine component blueprints or similar
- Most everyday home users clearly don’t come into this category
- To date, EFI exploits have not been detected in common types of malware such as banking trojans or ransomware
It’s worth emphasising that your everyday criminal hacker is unlikely to exploit EFI vulnerabilities simply because it requires time, resources and high level skills. Rather there are much easier ways for cyber villains to achieve their aims, such as ransomware, spyware and banking trojans.
However, if you are concerned the researchers have released a tool
that allows you to establish whether your Mac has the latest EFI patches in place.