EFI Firmware Attack is one of the most popular and critical tips that any security expert strongly suggests to follow to avoid major computer attacks.
However, even if you attempt to install any corrupted software update that comes to your system, there is a good chance that your computer will be obsolete and vulnerable.
Researchers at the Duo Labs security company have analyzed more than 73,000 Mac systems and found that an astonishing number of Apple Mac computers failed to install patches for EFI firmware attack or receive any updates.
Apple uses the Intel Extensible Firmware Interface (EFI) designed for Mac computers running under the OS and hypervisor of a computer and controlling the boot process.
EFI firmware attack runs before MacOS boots and has high-level privileges that, if exploited by attackers, could allow EFI firmware attack to control everything unexpected.
“In addition to being able to circumvent the top-level security controls, the EFI firmware attack also makes the opponent very unpleasant and difficult to detect (it’s hard to count on the operating system, to tell the truth about EFI status) but that also makes ‘Very difficult opponent to remove, install a new operating system or even replace the entire hard drive is not enough to disconnect them, “say Duo researchers.
What’s worse? In addition to not implementing EFI updates on some systems, Apple does not even warn its users about the failed EFI update process or technical defects, leaving millions of Mac users vulnerable to sophisticated and advanced persistent computer attacks.
Also Read: 16 Natural Ways to Earn Money Online
On average, Duo said that 4.2% of the 73,324 Mac real-worlds used in enterprise environments were running a firmware version other than EFI that should not be based on the hardware model, operating system version, and EFI version released with that system operating.
You would be surprised to know the numbers of some specific Mac models: 43% of the iMac models analyzed (21.5 “fine 2015) was running unstable firmware and at least 16 Mac models had never received any EFI firmware updates when Mac OS X 10.10 and 10.12.6.
“For the major EFI vulnerabilities recognized by Apple and patches in our analysis, there have been amazing numbers of Mac models that have not received updates to their EFI despite still receiving software security updates,” said Duo researchers.
“Although you are running the latest version of macOS and have installed the latest patches that were released, our data show that there is a trivial possibility that the running EFI firmware attack is not the most up-to-date version.
Duo also found 47 models running macOS versions 10.12, 10.11, 10.10 and did not receive the updated EFI firmware update with patches to resolve the Thunderstrike 1 known vulnerability.
While 31 models did not receive the EFI firmware patch that faced the remote version of the same error, Thunderstrike 2.
Thunderstrike attacks, initially developed by the National Security Agency (NSA), were also featured in WikiLeaks Vault 7 data dumps, which also mentioned that the attack is based on an obsolete firmware.
More details about vulnerable Mac models are found in the Duo Labs search report.
According to researchers, their research focused on the Mac ecosystem, as Apple is in a unique control of the entire stack, but can be widely implemented.
“However, we believe that the main issues we have discovered are generally relevant to all EFI providers that guarantee EFI firmware and are not just Apple,” the researchers said.
Companies with a large number of Mac computers must look at their models described in the white paper of Duo Labs, “Your EFI Apple: Results from an Empirical EFI Security Study” to see if the models are obsolete.
Mac users and administrators can also check if they are running the latest version of EFI for their systems using the free EFIgy open source tool that will soon be available for the company.