Back to Cleanmacapp Homepage

News Center

Share instant news and information about computer technology

Home of New Center

Duo Security Found Malicious Firmware Vulnerabilities in Mac Computers

macos-high-sierra-trio-800x390

Recently, Mac computers have revealed new vulnerabilities and attacks, what’s worse, it is even difficult to detect.

A new research paper from Duo Security, shared by Ars Technica, reveals that a significant number of Macs are running out-of-date EFI versions, leaving them susceptible to critical pre-boot firmware exploits earlier at the bottom of last month.

Macs vulnerable to firmware attacks like ‘Thunderstrike‘, Says Duo Security, the leading Trusted Access provider and one of the fastest growing cybersecurity companies in the world. Firmware is an in-built kind of software that is even more basic than an operating system like Microsoft Windows or macOS. However, once the virus is directly penetrated to the firmware level, it is difficult to be detected, which amounts to a direct entry into the “lowest level”.

Typically, vendors release operating system updates periodically, but this upgrade and firmware are independent of each other. The security firm analyzed 73,324 Macs used in production environments and found that, on average, 4.2 percent of the systems were running the incorrect EFI version relative to the model and version of macOS or OS X installed. For example, nearly half of many Mac models use old versions of the firmware.

According to Duo Labs analysis, Several things you need to know

Duo Security Found from Malicious Firmware Vulnerabilities in Mac Computers

A Duo Labs analysis of over 73,000 real-world Mac systems gathered from users across industries found the Extensible Firmware Interface (EFI) in many popular Mac models was not actually receiving the security updates users thought. This left users susceptible to previously disclosed vulnerabilities such as Thunderstrike 2 and the recent WikiLeaks Vault 7 data dumps that detail attacks against firmware.

What is EFI Firmware? EFI Firmware is present in computers to boot and control the functions of hardware devices and systems. It can be compared to a starter motor in a car and helps a system get from powering on to booting the operating system.

Why Attack EFI Firmware? Attacks on EFI firmware are particularly valuable for sophisticated malicious actors, as it gives them a high level of privilege into a user’s system. Moreover, it is incredibly difficult to detect and even more challenging to remediate, as even wiping the hard disk completely wouldn’t remove this kind of compromise.

Who is Most at Risk? Due to the sophistication required in executing the attack, users that work with particularly sensitive information or have security clearance are most often targeted with this kind of advanced ‘pre-boot’ attack code.

What Should You Do? Organizations with fleets of Mac computers should review the models outlined in the whitepaper to see if their model(s) are out-of-date. From here, it may be time to consider replacing your devices to the newer models if such attacks are within your threat model, and be sure to continue installing security updates promptly after release.

“Firmware is an often overlooked yet vital component of a system’s security structure,” said Rich Smith, Duo Director of Research and Development. “The sophisticated and targeted nature of firmware attacks should be of particular concern to those who have higher security clearance or access to sensitive information at their respective organizations. The worst possible state for users is to be under the assumption that they are secure after updating their system, when in fact, their actual security posture is very different than what they believe it to be.”

As a result, malware like Thunderstrike has an opportunity to launch an attack by inserting a “Thunderbolt” interface through an Ethernet adapter that can control the Mac.
For now, Apple has found the problem and promised to fix it. In addition, according to security personnel, apple will try to update the firmware to the regular software update program, which also improves security to a certain extent.

Comments

Write a comments

Name (required)
Email (will not be published)(required)
Website