An analysis of more than 70,000 Mac computers being used in businesses and organizations has revealed a firmware vulnerability that could be exploited by a determined, well-resourced attacker such as a foreign government, according to security researchers. Thousands of computers, if not more, are potentially in danger.
While Apple devices were the focus of the study released Friday by the firm Duo Security, experts at the company said that Windows-based machines are even more likely to be at risk, because of the range of manufacturers involved in building those types of PCs.
The flaw outlined by Duo Security researchers Rich Smith and Pepijn Bruienne concerns Apple’s Extensible Firmware Interface, or EFI, which helps computers boot up and run the main operating system. Because all subsequent hardware and software operations are dependent on the EFI, allowing hijackers to gain control of it could prove disastrous.
The investigation that led to the discovery began when Smith and Pepijn looked at how many Macs were running outdated firmware. Macs are supposed to update their firmware automatically to the latest versions whenever a user updates the main operating system, insulating them from firmware attacks. But Duo Security’s study found that 4.2 percent of surveyed machines were running an outdated version of the firmware. In other words, some computers appear not to be updating their firmware when they’re supposed to.
As a result, some machines may be running an up-to-date operating system but problematic firmware. The researchers described the problem as “software secure, firmware insecure.”
The firmware discrepancies appear to affect different models of Mac computers to varying degrees. As many as 16 models have never received any…