Some Macs running up-to-date versions of their operating system may not be running the latest EFI firmware version, exposing users to firmware attacks, according to a 63-page report published today by security researchers from Duo Labs.
Experts made this discovery after collecting and analyzing telemetry data from over 73,000 real-world Mac systems. Researchers focused on Macs because of Apple's almost full control over their systems' hardware, unlike the world of Windows and Linux where users are entirely responsible for keeping their firmware up to date.
Results of Duo's research showed that Apple has been doing a poor job at delivering EFI firmware updates after it started packaging OS and EFI firmware updates together back in 2015.
The study's main findings, summarized, are below. Full results are on page 24 of the Duo report.
All in all, the research showed a lack of quality assurance in Apple's EFI firmware update process.
Despite the doom and gloom results, Duo says that the possibility that a user would be targeted by firmware-targeting malware is pretty low.
This is because firmware rootkits are notoriously difficult to code, requiring advanced coding knowledge, and would also need physical access to the target's device.
Such malware is expensive and in most cases, only nation-state cyberspies can afford to develop and use it. For example, the recent WikiLeaks Vault 7 leaks revealed that the CIA has a Mac firmware hacking tool called Sonic Screwdriver.
Finding EFI firmware-busting Mac malware in run-of-the-mill malware is most likely out of the question.
Nonetheless, users expect EFI firmware updates, not only for security patches but also for regular bugfixes. If not for the sake of security, Apple should put some effort into delivering firmware updates for other reasons.
Duo researchers also promised to release a Mac app that tells users if their system is running the latest recommended EFI firmware based on their system's hardware specs. The app will be published on this GitHub repository. Interested users should keep an eye on it.
|Mac Model||Version Number|
|iMac||iMac7,1; iMac8,1; iMac9,1; iMac10,1|
|MacBookPro||MacBookPro3,1; MacBookPro4,1; MacBookPro5,1; MacBookPro5,2; MacBookPro5,3; MacBookPro5,4|
|MacPro||MacPro3,1; MacPro4,1; MacPro5,1|