SecureWorld News

Macs on Your Network? This Hidden Vulnerability Appears Widespread

Written by SecureWorld News Team | Fri | Sep 29, 2017 | 4:52 PM Z

If you help secure Apple computers or laptops on your network, you'd better read this one closely.

A macOS firmware update flaw may have created a significant cybersecurity hole that apparently went undetected until now.

New research finds macOS cybersecurity vulnerability

New cybersecurity research being presented at a conference today shows firmware updates that automatically update cybersecurity vulnerabilities may not be updating the computer's EFI.

You may think your Mac, or those on your network, are secure. The latest updates are installed, right?

In reality, though, researchers say there may be a golden opportunity for bad actors.

Hackers have devised ways to take advantage of EFI vulnerabilities in the past, and why wouldn't they? Compromise the EFI environment in a computer's system and you can control it to go around the other ways the device may be secured. 

The DUO Labs researchers looked at 73,000 Apple machines in use at businesses and they explain why this EFI vulnerability matters:

"In addition to the ability to circumvent higher level security controls, attacking EFI also makes the adversary very stealthy and hard to detect (it’s hard to trust the OS to tell you the truth about the state of the EFI); it also makes the adversary very difficult to remove - installing a new OS or even replacing the hard disk entirely is not enough to dislodge them."

Apple firmware flaw, study findings

Now, let's talk about the crux of the issue.

If you are running Macs on your network, here are three key findings you should know about that explain what's happening here:

  1. If you are running a version of macOS/OS X that is older than the latest major release (10.12 Sierra at the time of writing this blog post), then your EFI firmware may not have received the latest fixes for known EFI issues. Even though OS X 10.11 (El Capitan) and 10.10 (Yosemite) still receive security updates from Apple, the EFI firmware updates they receive appear to be lagging behind or are absent entirely
  2. Even if you’re running the most recent version of macOS and have installed the latest patches that have been released, our data shows there is a non-trivial chance that the EFI firmware you’re running might not be the most up-to-date version
  3. If you are running one of the 16 Mac models listed below, then our data indicates that your system won’t have received any EFI firmware updates at all:

More details, including in-depth technical details are available in the full report on this Apple firmware vulnerability related to EFI.
View full post