Roughly 4.2 percent of Apple Macs are not running the appropriate EFI firmware, and are potentially open to malware and hacks like Thunderstrike, according to new research from Duo, a two-factor authentication specialist. Instead of sensationalizing the potential risks, Duo has posted a detailed analysis of the situation and offers five steps to help address potential Mac customer and service provider concerns.
EFI is the pre-boot environment that has, by and large, replaced the legacy BIOS environment that had been common since the mid to late 1970s, Duo notes. In a modern system, the EFI environment holds particular fascination for security researchers and attackers due to the level of privilege it affords if compromise is successful, the company adds. In addition to the ability to circumvent higher level security controls, attacking EFI also makes the adversary very stealthy and hard to detect.
Five Steps to Address Potential Apple Firmware Security Vulnerabilities
At first glance, Mac users are protected because Apple offers EFI firmware updates to keep customers safe. But take a closer look and you may actually find a "surprisingly high level of discrepancy between the EFI versions we expected to find running on the real-world Mac systems and the EFI versions we actually found running," Duo found. And that can lead to security vulnerabilities.
To mitigate those risks, Duo offers these five considerations and tips:
- Check if you’re running the latest version of EFI for your system. As part of this release, Duo provided some new tools for IT admins and service providers here.
- If possible, update to the latest version of the OS 10.12.6. This will not only give you the latest versions of EFI firmware released by Apple, but also make sure you’re patched against known software security issues as well.
- If you’re not able to update to version 10.12.6 either because your hardware is not able to run it, or because you need to run an older version for software compatibility reasons, you may be out of luck and not be able to run the most up-to-date EFI firmware
- Check if you’re running a Mac that is on the list of hardware that hasn’t received an EFI update. If it is, you may be out of luck and not able to run up-to-date EFI firmware.
- If you’re not able to run up-to-date EFI firmware for one reason or another, use our tools called EFIgy to get informed about whether your current version of EFI is exposed to a currently known EFI vulnerability.
Mac Monitoring and Managed Security Services
Within the MSP and MSSP sector, Macs have been gaining more and more attention in recent years. Addigy, for one, offers a popular Mac management and monitoring platform for MSPs. And most major RMM (remote monitoring and management) platforms for MSPs now offer at least some form of Mac support.