Study Finds Significant Number of Macs Running Out-of-Date Firmware Susceptible to Critical Exploits

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Sep 29, 2017.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    A new research paper from Duo Security, shared by Ars Technica, reveals that a significant number of Macs are running out-of-date EFI versions, leaving them susceptible to critical pre-boot firmware exploits.

    [​IMG]

    The security firm analyzed 73,324 Macs used in production environments and found that, on average, 4.2 percent of the systems were running the incorrect EFI version relative to the model and version of macOS or OS X installed.

    The percentage of incorrect EFI versions varies greatly depending on the model. The late 2015 21.5" iMac had the highest occurrence of incorrect EFI firmware, with 43 percent of systems running incorrect versions.

    EFI, which stands for Extensible Firmware Interface, bridges a Mac's hardware, firmware, and operating system together to enable it to go from power-on to booting macOS. EFI operates at a lower level than both the operating system and hypervisors, providing attackers with a greater level of control.
    Duo Security found that 47 models capable of running OS X Yosemite, OS X El Capitan, or macOS Sierra, for example, did not have an EFI security patch for the Thunderstrike exploit publicly disclosed nearly three years ago.

    The research paper noted that there seems to be something interfering with the way bundled EFI updates are installed alongside macOS, while some Macs never received EFI updates whatsoever, but it doesn't know exactly why.
    While its research paper is focused on Apple, Duo Security said the same if not worse EFI issues likely affect PCs running Windows or Linux.

    In response to the research paper, Apple said it appreciates the research on the industry-wide issue and noted that macOS High Sierra automatically validates a Mac's EFI on a weekly basis to ensure it hasn't been tampered with.
    In a related blog post, Duo Security said users should check if they are running the latest version of EFI on their Macs, and it has released a tool to help do so. It also recommends updating to the latest version of macOS High Sierra.

    Article Link: Study Finds Significant Number of Macs Running Out-of-Date Firmware Susceptible to Critical Exploits
     
  2. jackson01442 macrumors newbie

    jackson01442

    Joined:
    Sep 25, 2017
    #2
    Tool's down for now, we'll have to wait for them to fix a bug then it should be back up.
     
  3. ChasSC-Mac-Guy macrumors newbie

    Joined:
    Aug 14, 2014
    Location:
    SC
    #3
    4.2% huh, I imagine most of those are in fact Hackintoshes, which are modified EFI to begin with.... I wonder what percent it would be if those were excluded?
     
  4. 840quadra Moderator

    840quadra

    Staff Member

    Joined:
    Feb 1, 2005
    Location:
    Twin Cities Minnesota
    #4
    I am not sure how many Hackintoshes are in production environments though. It appears that they did this study directly, not using web metrics.

    I am sure there are some hackintosh computers being used commercially, though I would expect they would be excluded from such a study. Nevermind completely illegal, exposing those companies to potentially serious lawsuits.
     
  5. jackson01442 macrumors newbie

    jackson01442

    Joined:
    Sep 25, 2017
    #5
    Interesting thought. I wonder if they counted Hackintoshes as a certain type of mac mistakenly.
     
  6. joueboy macrumors 68000

    Joined:
    Jul 3, 2008
    #6
    This is an old research. I just found out that even when you have the most up to date firmware you still doomed. :D
     
  7. chrfr macrumors 604

    Joined:
    Jul 11, 2009
    #7
    If you read through the paper, you'll see that these are not Hackintoshes. The guys who wrote this paper are well aware of the details.
    --- Post Merged, Sep 29, 2017 ---
    No, this isn't old.
     
  8. now i see it macrumors 68040

    Joined:
    Jan 2, 2002
    #8
    It used to be software drives hardware (updates). Now it's hacker drives hardware.
     
  9. chromite macrumors regular

    Joined:
    Jul 6, 2013
    #9
    Buy a Mac they said...

    Macs can’t get viruses they said...
     
  10. sos47 macrumors regular

    sos47

    Joined:
    Jul 13, 2016
    #10
    it hurts me. update to High Sierra not possible. iMac 2011
     
  11. jayducharme macrumors 68040

    jayducharme

    Joined:
    Jun 22, 2006
    Location:
    The thick of it
    #11
    Well, technically they still can't, not in the way PCs do. But they're still a computer susceptible to hacking.

    This discovery gives yet another good reason for always updating your Mac to the latest OS (if your hardware supports it, obviously). Sometimes Apple patches problems before we even know they exist.
     
  12. rpmurray macrumors regular

    Joined:
    Feb 21, 2017
    Location:
    Back End of Beyond
    #12
    In response to the research paper, Apple said it appreciates the research on the industry-wide issue and noted that ONLY macOS High Sierra automatically validates a Mac's EFI on a weekly basis to ensure it hasn't been tampered with. Anyone running Macs with an earlier OS (like Sierra or the ancient El Capitan) or a Mac that can't be updated to run High Sierra are SOL.
     
  13. travelsheep macrumors 6502

    travelsheep

    Joined:
    May 30, 2013
    #13
    Does the downloadable tool include the exploit?
     
  14. Codeseven macrumors 6502a

    Joined:
    Dec 31, 2008
    #14
    Yup, me too, 2008 MacBook Pro, but then again, it’s friggin’ ancient hardware that I should’ve ditched long ago. ( unbelievable how long Apple products keep trudging along! )
     
  15. vertical smile, Sep 29, 2017
    Last edited: Sep 29, 2017

    vertical smile macrumors 68040

    vertical smile

    Joined:
    Sep 23, 2014
    #15
    This is wonderful, but what if you are not using, or cannot use High Sierra? How can you tell if your Mac has the correct EFI?

    EDIT: NVM, I just saw the last sentence. Although the link doesn't work.
     
  16. Vanilla35 macrumors 68040

    Vanilla35

    Joined:
    Apr 11, 2013
    Location:
    Washington D.C.
    #16
    There is no way hackintoshes are more than 1% of Mac devices.
     
  17. Darmok N Jalad macrumors 68000

    Darmok N Jalad

    Joined:
    Sep 26, 2017
    Location:
    Tanagra
    #17
    It’s more of a technicality. Macs won’t suffer from the same viruses that Windows machines will due to running an entirely different software environment. Windows machines are more abundant and therefore are usually the target of most viruses. So if a serious Windows exploit gets, well, exploited, a Mac won’t have a problem. That doesn’t mean Macs are entirely safe though, as they can also be targeted. Still, with Windows Update and Windows Defender (installed by default since Windows 8) running, a Windows user shouldn’t see much risk, so long as they let those services do their thing.
     
  18. Drfter macrumors newbie

    Drfter

    Joined:
    Apr 21, 2017
    #18
    my mom is afraid when updates come up, I have to always do it. lol legit every time a bunch of notifications in the corner every time.
     
  19. PTVMan macrumors 6502a

    Joined:
    Sep 20, 2012
  20. rjohnstone macrumors 68040

    rjohnstone

    Joined:
    Dec 28, 2007
    Location:
    PHX, AZ.
    #20
    Depends on the 2011 model.
    My mid-2011 iMac runs it just fine.
     

    Attached Files:

  21. kemal macrumors 65816

    kemal

    Joined:
    Dec 21, 2001
    Location:
    Nebraska
    #21
    My Mac Pro 4,1, hacked to 5,1, ran the High Sierra EFI update just fine. Apple really could have made this a problem by checking the serial number rather than the current firmware version.
     
  22. Sasparilla macrumors 65816

    Joined:
    Jul 6, 2012
    #22
    If you can, sell and upgrade to a newer iMac while your old one still has value. Mac's keep their value much better than PC's but once they stop getting the latest OS versions the value starts to decline faster - once security updates aren't coming its through the floor (couple of more years).
     
  23. Applebot1 macrumors 6502a

    Joined:
    Jan 4, 2014
    Location:
    UK
    #23
    Could be worse and we are running Windows. Wife wants to get my boy a computer this Xmas as more home work needs one. She insists on a Windows machine...like hell thats going to happen!
     
  24. sdwaltz macrumors 6502a

    Joined:
    Apr 29, 2015
    Location:
    Indiana
    #24
    Well, if Apple hadn't decided that my perfectly good, still very fast, still completely capable 2008 Mac Pro wasn't going to receive any software updates beyond El Capitan, we wouldn't have this problem now would we?

    This is the one thing about Apple I cannot stand. Microsoft will let you install Windows on any PC, yet Apple randomly decides which Macs won't get the latest software regardless of specs. It's infuriating.
     
  25. Vanilla35 macrumors 68040

    Vanilla35

    Joined:
    Apr 11, 2013
    Location:
    Washington D.C.
    #25
    Yeah it really comes down to know-how of computers. For those who are completely incapable of knowing what a program does, and how things work on computers, Mac is generally more safe. Less room for user error.
     

Share This Page

166 September 29, 2017