Many Macs vulnerable to firmware attacks2017-09-29 16:21 by Daniela
Researchers at Duo Labs analysed over 73,000 Mac systems and found that despite they had the latest software updates installed, they had outdated firmware. This means that many popular Mac models are vulnerable to sophisticated attacks and malicious firmware vulnerabilities.
"This creates the situation where admins and users have installed the latest OS or security update, but for some reason, the EFI was not updated. Compounding this issue is the lack of notifications provided to the user to inform them that they are running an unexpected version of EFI firmware. This means that users and admins are often blind to the fact that their system's EFI may continue to be vulnerable."
Apple is working to improve the factors behind this situation; it's still not publicly known whether this is a process or visibility problem on Apple's end, or how the company intends to address this.
"We appreciate Duo's work on this industry-wide issue and noting Apple's leading approach to this challenge," Apple told Threatpost. "Apple continues to work diligently in the area of firmware security and we're always exploring ways to make our systems even more secure. In order to provide a safer and more secure experience in this area, macOS High Sierra automatically validates Mac firmware weekly."
Read more -here-