Science

Failed updates leave Mac computers at risk from targeted attacks on firmware

Failed updates leave Mac computers at risk from targeted attacks on firmware”

Duo Security was able to determine the state of the Mac EFI security because of Apple's move to bundle software and firmware updates, the release stated.

The EFI firmware of a computer is responsible for booting and controlling the functions of hardware devices and systems, helping the machine get from powering up to booting the operating system. Perhaps for that reason Apple has not paid enough attention to its firmware.

In its research, Duo Security looked at the versions of a type of software known as the extensible firmware interface (EFI) on a large population of Apple Mac computers now in use. Compounding this issue is the lack of notifications provided to the user to inform them that they are running an unexpected version of EFI firmware. "Some Macs have received regular EFI updates, some have only been updated after particular vulnerabilities have been discovered, others have never seen an update to their EFI".

Firmware is software installed into specialized hardware that is not meant to be altered by users.

Further analysis of Apple's updates also highlighted what seems to be the erroneous inclusion of 43 versions of EFI binaries in the 2017-001 security updates for 10.10 and 10.11 that were older than the versions of EFI binaries that were released in the previous updates 2016-003 (10.11) and 2016-007 (10.10).

"Some of them never received a firmware update", Rich Smith, Duo's director of research and development, told The Hill.

Several researchers had developed EFI attacks that some nation states were known to copy, he said.

The study found 47 models capable of running 10.12, 10.11, 10.10 did not have an EFI firmware patch addressing the vulnerability, Thunderstrike 1, while 31 models capable of the same did not have an EFI firmware patch addressing the remote version of the vulnerability, Thunderstrike 2.

One researcher recently demonstrated how such a vulnerability can be used to compromise a machine and access stored on it.

Variance from the expected EFI firmware versions is also markedly different across versions of the OS: macOS 10.12 (Sierra) had significantly higher average rate of deviance at 10 per cent. "The worst possible state for users is to be under the assumption that they are secure after updating their system, when in fact, their actual security posture is very different than what they believe it to be". "Users of the 21.5" iMac released in 2015 should be concerned, as 43% of those sampled systems had incorrect firmware.

This approach is no longer sustainable, according to Duo Security, which advocates that EFI firmware updates should be delivered and applied alongside OS or security updates.

While the flaws only affect a comparatively small number of users, they still represent a security issue.

Duo Security hope that the 'The Apple of Your EFI: Findings From an Empirical Study of EFI Security' will encourage all vendors to improve EFI security, given how it's nearly impossible to discover is such systems have been hacked in the case of a successful attack.

Apple welcomed the research and said it was improving how it updated machines.



Like this

Latest


29 September 2017
Honeywell International Inc. (HON) Shares Sold by UBS Asset Management Americas Inc
Analysts are also projecting an Average Revenue Estimate for Honeywell International Inc.as $9.89 Million in the Current Quarter. On Monday, June 19 the stock rating was maintained by Jefferies with "Buy". (NYSE:HON) to release earnings on October, 20.

29 September 2017
Macron says Britain could have a place in 'reformed' EU
To deal with Europe's migration flux, Mr Macron wants a European asylum agency and standard EU identity documents. It was not immediately clear whether Macron had managed to go beyond slogans as far as Merkel was concerned.

29 September 2017
'Tanu weds Manu Returns 3' is not happening, says Aanand L. Rai
The Aanand L Rai directorial helped in establishing the actress as one of the strongest performers in Bollywood today. However, Kangana brought back her infamous legal battle with Hrithik Roshan once again in the limelight.

29 September 2017
Beazley sees earnings hit of about $150 mln from hurricanes, Mexico earthquakes
Insurers are hoping that 2017's catastrophes will reverse a trend of lowering insurance pricing for natural disasters. Beazley's warning follows a host of similar announcements from insurers and reinsurers.

29 September 2017
Trump claims Jerry Jones will get players to stop kneeling
When asked if he had any response to Trump's comments, he said "I want our actions to be louder than words". Among his other tweets Tuesday: "The NFL has all sorts of rules and regulations".

29 September 2017
Geely completes majority stake purchase of Lotus
Hethel-based manufacturer Lotus announced the completion of the transaction in a statement on its website on Friday. Lotus' new board of directors will consist of five members, three appointed by Geely, with two from Etika.

29 September 2017
Sarah Jessica Parker confirms 'Sex and the City 3' canceled
Who does she think she is - George Clooney?' The anonymous source further added. "The script is fantastic". We had this handsome , funny, heartbreaking, joyful, very relatable script and story".

29 September 2017
Redskins players decide to surprise boy in Virginia GameStop
Insert Redskins running backs Rob Kelley and Keith Marshall . "I will never forget that", Jaden said. Marshall asked Saundra, who was flattered Marshall thought she was Jaden's mom.

29 September 2017
Mastermind Behind Kim Kardashian's Paris Robbery Pens An Apology Letter
At around 3am on October 3, the robbers entered the building after the concierge let them in. Kardashian West a letter to explain just how sorry he is.

29 September 2017
Ashford Inc. (AINC) Under Analyst Spotlight
Wells Fargo & Company MN increased its position in shares of Ashford Hospitality Trust by 1.7% during the first quarter. Clear Harbor Asset Management LLC owned approximately 0.46% of Ashford at the end of the most recent quarter.



Recommended