Mac Firmware Attack: Out Of Date Machines Vulnerable To Attack

Mac Firmware Attack: Out Of Date Machines Vulnerable To Attack

Mac Firmware Attack: Out Of Date Machines Vulnerable To Attack

In other cases, Mac models receive an EFI update with a version that's earlier than the one that's now installed. Indeed, Windows computers could be just as vulnerable to outdated EFI firmware going unnoticed, and possibly more-so.

Thunderstrike was demonstrated back in 2014. Of the machines surveyed by Duo, about 4.2 per cent weren't running the correct version of the firmware, the researchers claim. Once the compromised firmware is installed, it can not be overwritten because it replaces Apple's RSA's key with one of its own. Researchers at Duo Security discovered that, while Apple had been diligent in upgrading macOS and security updates, the EFI - or Extensible Firmware Interface - was in some cases left unchanged. According to Duo, the outdated firmware leaves machines susceptible to firmware attacks, like Thunderstrike 2 and vulnerabilities in the recent WikiLeaks Vault 7 leaks.

Macs (and PCs, for that matter), are supposed to receive regular firmware updates as part of the OS update process. Of all the 21.5 inch iMac that was released in late 2015, at least 43% were running the wrong version.

Since 2015, Apple incorporated firmware updates along with OS updates for Mac computers to make sure their firmware versions are updated. It will shortly release a small app that will check your firmware and advise whether or not it is up to date.

If you're concerned about your own Mac platform, Duo Security said in a blog post that it offers a tool to help you figure out which version EFI you're running.

If you're a home user with a Mac that falls into one of the above categories as their personal computing device, then the sky isn't falling for you, in our opinion. Such adversaries are often spoken about in the same breath as nation state attacks and industrial espionage. "Most everyday home users fall well outside of this attack model, and thankfully, as far as we are aware, there are not any EFI exploits that are being used as part of commodity exploit kits, malware, or ransomware that has been detected in the wild".

It's mostly a concern to businesses and government agencies. What makes an attack of this kind even more risky is that a compromised EFI firmware is hard to detect by the average user.

Apple, in its response to this latest report, said that this is an industry-wide issue.

"Apple continues to work diligently in the area of firmware security, and we're always exploring ways to make our systems even more secure", Apple said in a statement. Apple said in a statement to Ars Technica that its latest release, macOS High Sierra, automatically validates Mac firmware on a weekly basis - so if you're anxious about the vulnerabilities, you should install the new OS as soon as you can.

"This means that even if your Mac is still receiving security patch support, there is a non-trivial chance that your system is not running the latest version, even though you thought it was installed", Duo wrote.

This approach is no longer sustainable, according to Duo Security, which advocates that EFI firmware updates should be delivered and applied alongside OS or security updates. Several critical flaws have been identified in Mac firmware. "This creates the situation where admins and users have installed the latest OS or security update, but for some reason, the EFI was not updated".

Related news