Apple's Mac runs out of date and firmware is vulnerable to serious threats

A large number of Mac computers are running out of date EFI firmware, meaning they are vulnerable to serious threats, according to a report from Duo Security. The security company analyzed 73324 Mac computers in the production environment and found that 4.2% of the systems were running out of date EFI firmware.

, depending on the model, the percentage of EFI firmware errors is also different. The 2015 iMac 21.5 inch EFI firmware has the highest error rate, reaching 43%. EFI refers to the extensible firmware interface (Extensible Firmware Interface), which is a bridge that connects Mac hardware, firmware, and operating systems, enabling the machine to boot into macOS. If an attacker succeeds in invading EFI, all privileges such as hardware and system can be obtained.


A large number of Mac computers are running out of date EFI firmware, meaning they are vulnerable to serious threats, according to a report from Duo Security. The security company analyzed 73324 Mac computers in the production environment and found that 4.2% of the systems were running out of date EFI firmware.

, depending on the model, the percentage of EFI firmware errors is also different. The 2015 iMac 21.5 inch EFI firmware has the highest error rate, reaching 43%. EFI refers to the extensible firmware interface (Extensible Firmware Interface), which is a bridge that connects Mac hardware, firmware, and operating systems, enabling the machine to boot into macOS. If an attacker succeeds in invading EFI, all privileges such as hardware and system can be obtained.
Duo Security also found that 47 Mac computers running OS, X, Yosemite, OS, X, Capitan, El or macOS Sierra did not include Thunderstrike EFI firmware security upgrades. Thunderstrike vulnerabilities were discovered 3 years ago, but none of these Mac computers have been installed yet.

research institutions, some Mac computer has never won a EFI firmware upgrade, the specific reasons unclear, seems to be what disturbs the EFI firmware upgrade, resulting in some Mac computer is running out of date EFI.

for this research, apple expressed gratitude Duo Security, in the latest macOS High Sierra system, the system will verify the EFI version every week, to determine that no problem occurred. Apple will continue to develop in the firmware security field, and explore more ways to protect the system. Finally, Duo Security also recommends that users upgrade to macOS High Sierra as soon as possible.
wordpress analytics