Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Some Mac OS Users Still Vulnerable Because Security Patches Didn’t Happen

October 4, 2017

Do you use a Mac computer? You may be one of the thousands of people vulnerable to unpatched firmware. Just because you keep updating the OS doesn't mean that you are safe. Depending on your Mac model, you might not get the firmware patches you think you need. As reported by Bitdefender, the security firm Duo Labs recently set out to study the security of Mac firmware, more specifically the EFI (Extensible Firmware Interface) in Macs for the past three years. Think of EFI as the system responsible for initializing all the hardware components when the computer first boots.

Duo Labs discovered that "There was a surprisingly high level of discrepancy between the EFI versions we expected to find running on the real-world Mac systems and the EFI versions we actually found running. This creates the situation where admins and users have installed the latest OS or security update, but for some reason, the EFI was not updated. Compounding this issue is the lack of notifications provided to the user to inform them that they are running an unexpected version of EFI firmware. This means that users and admins are often blind to the fact that their system's EFI may continue to be vulnerable."

Duo Labs provide some recommendations and tools to help:

  • Check if you're running the latest version of EFI for your system. As part of their research, Duo provided some new tools to help. You can find more about them and how to use them here.
  • If possible, update to the latest version of the OS 10.12.6. This will not only give you the latest versions of EFI firmware released by Apple, but also make sure you're patched against known software security issues as well.
  • If you're not able to update to version 10.12.6 either because your hardware is not able to run it, or because you need to run an older version for software compatibility reasons, you may be out of luck and not be able to run the most up-to-date EFI firmware
  • Check if you're running a Mac that is on the list of hardware that hasn't received an EFI update. If it is, you may be out of luck and not able to run up-to-date EFI firmware
  • If you're not able to run up-to-date EFI firmware for one reason or another, Duo recommends that you use their tool, EFIgy, to inform yourself whether your current version of EFI is exposed to a known EFI vulnerability.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com