Around two years ago, researchers discovered serious firmware vulnerabilities in Mac laptops and desktops, and then developed a proof-of-concept worm to demonstrate how potentially damaging they could be. Since then, Apple has been pretty good about including EFI (extensible firmware interface) updates with its macOS security and software updates, though new evidence suggests it is not nearly enough.
This time around, researchers at Duo Security took a detailed look at the firmware used in Mac systems, and found them to be lacking. This is the part of the system that makes a series of checks and instructs core components what to do, before loading up the operating system—in this instance, macOS. Malicious code that is able to hide in firmware is difficult to detect, compared to malware that might exist in the OS.
While updates to firmware are important, they are kind of a pain, as they are implemented separately from OS updates. Perhaps for that reason Apple has not paid enough attention to its firmware. In a survey of 73,000 Mac systems, the researchers found that over 4 percent of them were not running the latest firmware release. And in some cases, such as the 21.5-inch iMac released in 2015, that number was 43 percent. Assuming those figures hold true on a larger scale, millions of Macs are running old firmware.
"Even if you’re running the most recent version of macOS and have installed the latest patches that have been released, our data shows there is a non-trivial chance that the EFI firmware you’re running might not be the most up-to-date version," Duo Security said.
That is a scary thought, considering that attacks at the firmware level are especially nasty—not only are they difficult to detect, they run a deep level and can persist even when nuking the storage device and clean installing the OS. Fortunately Apple is aware of the situation and seems receptive to the findings.
"We appreciate Duo’s work on this industry-wide issue and noting Apple’s leading approach to this challenge," Apple said in a statement. "Apple continues to work diligently in the area of firmware security and we’re always exploring ways to make our systems even more secure. In order to provide a safer and more secure experience in this area, macOS High Sierra automatically validates Mac firmware weekly."