Study Finds Significant Number of Macs Running Out-of-Date Firmware Susceptible to Critical Exploits

A new research paper from Duo Security, shared by Ars Technica, reveals that a significant number of Macs are running out-of-date EFI versions, leaving them susceptible to critical pre-boot firmware exploits.

macos high sierra trio
The security firm analyzed 73,324 Macs used in production environments and found that, on average, 4.2 percent of the systems were running the incorrect EFI version relative to the model and version of macOS or OS X installed.

The percentage of incorrect EFI versions varies greatly depending on the model. The late 2015 21.5" iMac had the highest occurrence of incorrect EFI firmware, with 43 percent of systems running incorrect versions.

EFI, which stands for Extensible Firmware Interface, bridges a Mac's hardware, firmware, and operating system together to enable it to go from power-on to booting macOS. EFI operates at a lower level than both the operating system and hypervisors, providing attackers with a greater level of control.

Successful attack of a system's UEFI implementation provides an attacker with powerful capabilities in terms of stealth, persistence, and direct access to hardware, all in an OS and VMM independent manner.

Duo Security found that 47 models capable of running OS X Yosemite, OS X El Capitan, or macOS Sierra, for example, did not have an EFI security patch for the Thunderstrike exploit publicly disclosed nearly three years ago.

The research paper noted that there seems to be something interfering with the way bundled EFI updates are installed alongside macOS, while some Macs never received EFI updates whatsoever, but it doesn't know exactly why.

There seems to be something interfering with the way bundled EFI firmware updates are getting installed, leading to systems running old EFI versions. We are not able to give an exact reason why, but there are significant discrepancies between the firmware version that is actually running on real world production systems and the version that is expected to be running, given the OS build. This means that even if your Mac is still receiving security patch support, there is a non-trivial chance that your system is not running the latest version, even though you thought it was installed.

While its research paper is focused on Apple, Duo Security said the same if not worse EFI issues likely affect PCs running Windows or Linux.

In response to the research paper, Apple said it appreciates the research on the industry-wide issue and noted that macOS High Sierra automatically validates a Mac's EFI on a weekly basis to ensure it hasn't been tampered with.

We appreciate Duo's work on this industry-wide issue and noting Apple’s leading approach to this challenge. Apple continues to work diligently in the area of firmware security and we’re always exploring ways to make our systems even more secure. In order to provide a safer and more secure experience in this area, macOS High Sierra automatically validates Mac firmware weekly.

In a related blog post, Duo Security said users should check if they are running the latest version of EFI on their Macs, and it has released a tool to help do so. It also recommends updating to the latest version of macOS High Sierra.

Popular Stories

Generic iOS 19 Feature Mock Light

iOS 19 Rumored to Be Compatible With These iPhones

Sunday December 22, 2024 8:09 am PST by
iOS 19 will not drop support for any iPhone models, according to French website iPhoneSoft.fr. The report cites a source within Apple. The report said that iOS 19 will be compatible with any iPhone that is capable of running iOS 18, which would mean the following models: iPhone 16 iPhone 16 Plus iPhone 16 Pro iPhone 16 Pro Max iPhone 15 iPhone 15 Plus iPhone 15 Pro ...
iPhone 17 Slim Feature Single Camera 2 Redux

Top 5 Apple Products to Look Forward to in 2025

Friday December 20, 2024 2:22 pm PST by
It's looking like 2025 is going to be an important year for Apple, with the company planning to revamp the iPhone, push further into smart home products, and improve Apple Intelligence. There are tons of new products rumored for 2025, including new iPhones, M4 Macs, a smart home command center, and much more. We've highlighted the top five Apple products that will have the biggest impact in...
m3 macbook air blue

Apple Accidentally Leaked the Next MacBook Air

Sunday December 22, 2024 8:33 am PST by
Apple earlier this month released macOS 15.2, and in doing so it accidentally confirmed new MacBook Air models coming next year. Apple accidentally released macOS 15.2 restore files for unreleased "‌MacBook Air‌ (13-inch, M4, 2025)" and "‌MacBook Air‌ (15-inch, M4, 2025)" models. While it no surprise that the 13-inch and 15-inch MacBook Air models were going to be updated with the M4 ...
Generic iOS 18 Feature Real Mock

iOS 18.2.1 Update Coming Soon for iPhone

Saturday December 21, 2024 4:45 pm PST by
Apple appears to be internally testing iOS 18.2.1 for the iPhone, based on evidence of the software update in our website's analytic logs this week. The logs have accurately revealed many iOS versions before they were released. iOS 18.2.1 should be a minor update that fixes bugs and/or addresses security vulnerabilities, but it is unclear which specific issues might be resolved. The update...
Google Nest Hub 2

New 'HomePod' With 7-Inch Display, A18 Chip, and More Reportedly Launching Next Year

Saturday December 21, 2024 2:03 pm PST by
Apple plans to release a new "HomePod" with a 7-inch LCD display, an A18 chip, and Apple Intelligence support in 2025, according to DigiTimes. Google's Nest Hub It is unclear how much the screen-equipped HomePod would cost, but Apple is seemingly aiming for a reasonable price. In a paywalled report this week, the supply chain publication said Apple has selected China-based manufacturer Tianma ...
mac pro creativity

Apple Launched the Controversial 'Trashcan' Mac Pro 11 Years Ago Today

Thursday December 19, 2024 7:00 pm PST by
Apple launched the controversial "trashcan" Mac Pro eleven years ago today, introducing one of its most criticized designs that persisted through a period of widespread discontentment with the Mac lineup. The redesign took the Mac Pro in an entirely new direction, spearheaded by a polished aluminum cylindrical design that became unofficially dubbed the "trashcan" in the Mac community. All of ...
apple tv 4k yellow bg feature

New Apple TV Rumored to Launch Next Year With These Features

Tuesday December 17, 2024 9:02 am PST by
The current Apple TV 4K was released more than two years ago, so the streaming device is becoming due for a hardware upgrade soon. Fortunately, it was recently rumored that a new Apple TV will launch at some point next year. Below, we recap rumors about the next-generation Apple TV. Bloomberg's Mark Gurman last week reported that Apple has been working on its own combined Wi-Fi and...
maxresdefault

The MacRumors Show: Every Apple Product Coming in 2025

Friday December 20, 2024 9:19 am PST by
On this week's episode of The MacRumors Show, we take a look ahead to all of Apple's expected hardware announcements for 2025. Subscribe to The MacRumors Show YouTube channel for more videos Rumors and reports from a range of reliable sources suggest that Apple will release at least 22 new products in 2025, with a series of minor to major updates and refreshes planned for the iPhone, iPads,...

Top Rated Comments

rpmurray Avatar
94 months ago
In response to the research paper, Apple said it appreciates the research on the industry-wide issue and noted that ONLY macOS High Sierra automatically validates a Mac's EFI ('https://www.macrumors.com/2017/09/25/macos-high-sierra-weekly-efi-security-check/') on a weekly basis to ensure it hasn't been tampered with. Anyone running Macs with an earlier OS (like Sierra or the ancient El Capitan) or a Mac that can't be updated to run High Sierra are SOL.
Score: 10 Votes (Like | Disagree)
840quadra Avatar
94 months ago
4.2% huh, I imagine most of those are in fact Hackintoshes, which are modified EFI to begin with.... I wonder what percent it would be if those were excluded?
I am not sure how many Hackintoshes are in production environments though. It appears that they did this study directly, not using web metrics.

I am sure there are some hackintosh computers being used commercially, though I would expect they would be excluded from such a study. Nevermind completely illegal, exposing those companies to potentially serious lawsuits.
Score: 8 Votes (Like | Disagree)
chrfr Avatar
94 months ago
4.2% huh, I imagine most of those are in fact Hackintoshes, which are modified EFI to begin with.... I wonder what percent it would be if those were excluded?
If you read through the paper, you'll see that these are not Hackintoshes. The guys who wrote this paper are well aware of the details.
[doublepost=1506697970][/doublepost]
This is an old research. I just found out that even when you have the most up to date firmware you still doomed. :D
No, this isn't old.
Score: 8 Votes (Like | Disagree)
jayducharme Avatar
94 months ago
Buy a Mac they said...

Macs can’t get viruses they said...
Well, technically they still can't, not in the way PCs do. But they're still a computer susceptible to hacking.

This discovery gives yet another good reason for always updating your Mac to the latest OS (if your hardware supports it, obviously). Sometimes Apple patches problems before we even know they exist.
Score: 8 Votes (Like | Disagree)
triptolemus Avatar
94 months ago
Can someone explain to me why it's a good idea to download a tool that interacts with the EFI firmware from a third party off of something called Github?
Score: 8 Votes (Like | Disagree)
sos47 Avatar
94 months ago
it hurts me. update to High Sierra not possible. iMac 2011
Score: 6 Votes (Like | Disagree)