Science

Failed updates leave Mac computers at risk from targeted attacks on firmware

Failed updates leave Mac computers at risk from targeted attacks on firmware”

Duo Security was able to determine the state of the Mac EFI security because of Apple's move to bundle software and firmware updates, the release stated.

The EFI firmware of a computer is responsible for booting and controlling the functions of hardware devices and systems, helping the machine get from powering up to booting the operating system. Perhaps for that reason Apple has not paid enough attention to its firmware.

In its research, Duo Security looked at the versions of a type of software known as the extensible firmware interface (EFI) on a large population of Apple Mac computers now in use. Compounding this issue is the lack of notifications provided to the user to inform them that they are running an unexpected version of EFI firmware. "Some Macs have received regular EFI updates, some have only been updated after particular vulnerabilities have been discovered, others have never seen an update to their EFI".

Firmware is software installed into specialized hardware that is not meant to be altered by users.

Further analysis of Apple's updates also highlighted what seems to be the erroneous inclusion of 43 versions of EFI binaries in the 2017-001 security updates for 10.10 and 10.11 that were older than the versions of EFI binaries that were released in the previous updates 2016-003 (10.11) and 2016-007 (10.10).

"Some of them never received a firmware update", Rich Smith, Duo's director of research and development, told The Hill.

Several researchers had developed EFI attacks that some nation states were known to copy, he said.

The study found 47 models capable of running 10.12, 10.11, 10.10 did not have an EFI firmware patch addressing the vulnerability, Thunderstrike 1, while 31 models capable of the same did not have an EFI firmware patch addressing the remote version of the vulnerability, Thunderstrike 2.

One researcher recently demonstrated how such a vulnerability can be used to compromise a machine and access stored on it.

Variance from the expected EFI firmware versions is also markedly different across versions of the OS: macOS 10.12 (Sierra) had significantly higher average rate of deviance at 10 per cent. "The worst possible state for users is to be under the assumption that they are secure after updating their system, when in fact, their actual security posture is very different than what they believe it to be". "Users of the 21.5" iMac released in 2015 should be concerned, as 43% of those sampled systems had incorrect firmware.

This approach is no longer sustainable, according to Duo Security, which advocates that EFI firmware updates should be delivered and applied alongside OS or security updates.

While the flaws only affect a comparatively small number of users, they still represent a security issue.

Duo Security hope that the 'The Apple of Your EFI: Findings From an Empirical Study of EFI Security' will encourage all vendors to improve EFI security, given how it's nearly impossible to discover is such systems have been hacked in the case of a successful attack.

Apple welcomed the research and said it was improving how it updated machines.



Like this

loading...
loading...

Latest


29 September 2017
Saints to kneel before, stand during anthem Sunday
Brees says that the team will kneel before the national anthem on Sunday, but stand for the playing of the song, as a team. Trump has been locked in a feud with NFL players, owners and league officials over the symbolic protests.

29 September 2017
Macron says Britain could have a place in 'reformed' EU
To deal with Europe's migration flux, Mr Macron wants a European asylum agency and standard EU identity documents. It was not immediately clear whether Macron had managed to go beyond slogans as far as Merkel was concerned.

29 September 2017
'Tanu weds Manu Returns 3' is not happening, says Aanand L. Rai
The Aanand L Rai directorial helped in establishing the actress as one of the strongest performers in Bollywood today. However, Kangana brought back her infamous legal battle with Hrithik Roshan once again in the limelight.

29 September 2017
Trump claims Jerry Jones will get players to stop kneeling
When asked if he had any response to Trump's comments, he said "I want our actions to be louder than words". Among his other tweets Tuesday: "The NFL has all sorts of rules and regulations".

29 September 2017
Glistening Stock's Review: Galena Biopharma, Inc. (NASDAQ:GALE)
In current trading day Dynavax Technologies Corporation (DVAX ) stock confirmed the flow of 2.91% with the final price of $21.25. The stock is now moving above its 20-Day Simple Moving Average of 3.75% with a 50-Day Simple Moving Average of -10.75 percent.

29 September 2017
Donald Trump called Jerry Jones multiple times about anthem protest
About 20 minutes later, he turned around and praised the team for standing during the anthem , saying , "Big progress being made". The public address announcer at University of Phoenix Stadium informed the crowd of the Cardinals' plan as it unfolded.

29 September 2017
Mars Base Camp: Lockheed Martin's Red Planet Plan in Pictures
After the completion of the mission, which could last up to two weeks, the lander would ferry the astronauts back to the orbiter. It is from the Deepspace Gateway that the Mars Base Camp would be constructed and launched into Martian orbit.

29 September 2017
Pennsylvania Supreme Court reinstates suit challenging school funding
The Oregon Education Association, for instance, provides rebates usually within a month of when workers apply for a rebate. About half the states have similar laws covering so-called "fair share" fees that cover bargaining costs for non-members.

29 September 2017
Wuhan Open: Garbine Muguruza loses to Jelena Ostapenko in quarter-finals
It has also been a dream week for Greek qualifier Maria Sakkari , who battled to a 7-6 (7/2) 7-5 win over France's Alize Cornet . There are now no Chinese left in the draw. "I think every match is the same for me".

29 September 2017
Ashford Inc. (AINC) Under Analyst Spotlight
Wells Fargo & Company MN increased its position in shares of Ashford Hospitality Trust by 1.7% during the first quarter. Clear Harbor Asset Management LLC owned approximately 0.46% of Ashford at the end of the most recent quarter.