Even Some Patched Macs Are Vulnerable To ‘Firmware’ Attacks

Updated on

A basic rule to keep your PCs and laptops safe is to update them regularly with the latest security patches. But what if your gadgets are not getting updates for a few critical elements? This can also be the case with several Macs that are out of date when it comes to firmware updates.

A study released on Friday claims that even after getting security updates from Apple, several Macs remain vulnerable to known exploits that are almost impossible to detect or fix. The risk mainly stems from the vulnerabilities in the Extensible Firmware Interface (EFI), which is the first software to run when a Mac is turned on. The responsibilities of this software, which is located on the computer’s motherboard, is to ensure that all hardware components are available and working in sync with the operating system.

Over the years, Apple has pushed security updates to protect the EFI against known attacks such as Thunderstrike, ThunderStrike 2 and the Sonic Screwdriver, a recently disclosed CIA attack tool. However, security firm Duo Security found that a significant number of Macs were still vulnerable to such attacks even after receiving security updates.

Duo, which analyzed 73,000 Macs, found that about 4.2 percent of them were not running the firmware in the way they were expected to. Furthermore, in the some of the models — for instance, the 21.5-inch iMac released in late 2015 — 43 percent were running out-of-date firmware. Also, the experts found that 16 combinations of Mac hardware and OSes never got a firmware update during the OS X 10.10 and 10.12.6. Such gaps leave the machines vulnerable to the Thunderstrike attack, whereby hackers can easily take control of a Mac by using the so-called thunderbolt port.

However, Duo Security researchers were unable to conclude why some Macs were not getting updates. Like regular OS updates, firmware updates can fail due to the complexity of installation. But unlike an OS update failure, an EFI update failure does not send any warning to the user. Further, researchers also noticed a pattern in Apple’s EFI updates.

“As we saw when we ripped open every security and OS update since 2015, Apple drops off which EFI firmware bundles it ships with them. The current OS always has the latest updates, minus-1 fewer and minus-2 even fewer,” said Duo R&D engineer Pepijn Bruienne. Based on this trend, researchers expect that High Sierra, or 10.13, will support 10.11 and newer versions going forward, but support for 10.10 and older OSes will end. Thus, researchers suggest that users are better off with newer versions of Mac OSes than older versions in terms of firmware update levels.

Before making its findings public, Duo said it had informed Apple of the same. Apple acknowledged these findings. “We appreciate Duo’s work on this industry-wide issue and noting Apple’s leading approach to this challenge. Apple continues to work diligently in the area of firmware security, and we’re always exploring ways to make our systems even more secure,” Apple said in a statement to Ars.

Leave a Comment