Sign in / up

back to article Apple Mac fans told: Something smells EFI in your firmware

Pre-boot software on Macs is often outdated, leaving Apple fans at a greater risk of malware attack as a result, according to new research. An analysis of 73,000 Apple Macs by Duo Security found that users are unknowingly exposed to sophisticated malware-based attacks because of outdated firmware. On average, 4.2 per cent of …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *

Page:

      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Mac Pro

        Any idea then why does the EFI on the older Mac Pros never get updated to recognise any of the newer Nvidia graphics cards? My early-2008 Mac Pro boots with a black screen due to this. The drivers are definitely being added to OSX pretty regularly, just not to EFI.

        1 0 Reply
    2. James O'Shea
      Reply Icon

      Re: Mac Pro

      "I am under the impression the Apple doesn't bother issuing firmware updates for hardware than a couple of years"

      You would be mistaken. The five-year-old Mac this is being typed on got a firmware update last month.

      1 0 Reply
  2. Slap

    Perhaps I can offer an explaination

    Perhaps I can offer an explaination as to why this is so, especially in SMBs and corporates.

    And that explaination is Deploy Studio. Deploy Studio offers a very fast, easy, and efficient way to image and distribute a standard installation over an internal network

    However Deploy Studio is basically a cloner. It’s a bit more advanced than that in that it’s able to fully update the system while doing the clone, but it does not update the EFI.

    In order to update the EFI you need to run the actual system installer, which can take upwards of thirty minutes, or longer. A Deploy Studio clone takes around 5 minutes to complete, if not less. So for a Mac admin it’s a no brainer to use Deploy Studio. OK, at least it was when firmware updates were still offered over the Mac App Store.

    These days EFI updates are only provided at the point of installing, or upgrading, a system using the official Apple installer (App or pre prepared media), which given the install times means that a lot of Mac admins are going to bypass that in favour of cloning a system.

    Even I’m guilty of this when put in time pressure situations, like when we have just a Sunday to roll out an update to 300 seats.

    8 0 Reply
  3. sldonaldson

    Apple - trying to make it too easy

    First off 'what version of EFI / SMC (might as well check both) firmware am I running?

    Click the Apple icon (top left), About This Mac, System Report, Hardware (very top in left hand menu) look for Boot Rom Version, SMC Version. Not that hard....

    And where, where are the current versions now that this article has 'raised awareness' ?

    Apple has this deprecated article: https://support.apple.com/en-ph/HT201518

    BUT apparently is bundling the updates automagically. So now we don't truly know. Very Strange apple.

    Can one remotely (over a network ...say with ...nmap/nessus etc) determine the firmware version?

    Notice the depth of information...systems over 8 yrs old are still supported. And largely function!

    8 0 Reply
  4. WolfFan Silver badge

    Hmmm

    Old page on Apple's site:

    https://support.apple.com/en-us/HT201518

    this seems to list an awful lot of EFI updates. It's no longer updated, though. However, there is this:

    https://www.macobserver.com/news/macos-high-sierra-performs-efi-security-check/

    It seems that if you install High Sierra, you will get a system which checks your EFI and updates it if necessary. Furthermore, HS will, apparently, check your EFI on a weekly basis. Those who can't or won't update to HS may want to have a look at the Apple support page referenced earlier.

    3 0 Reply
  5. Kevin McMurtrie Silver badge

    Desktop IT

    Desktop IT departments like to install lots of junk on desktops in the name of security - virus scanners, remote control, remote wipe, IP and licensing scanners (disguised as backup software), helpdesk tools, obfuscated authentication tokens, etc. These fragile hacks break with OS upgrades so the IT department blocks them.

    Yes, I'm talking about MacOS. The Windows experience is now multi-platform.

    0 3 Reply
  6. kirk_augustin@yahoo.com

    First of all, it has been UEFI since 2005. EFI is the old 2002 name for Unified Extensible Firmware Interface.

    Second is the whole point of security is that an automatic update of UEFI is not supposed to be allowed. If the boot firmware can be automatically updated from the outside, then ANYONE can do it.

    It should never be allowed.

    I have seen hackers reflash the boot code, and there really is no way to ever recover from that. All the hacker has to do is rewrite the boot code to prevent reflashing. Then the only way to recover is to physically replace the eprom.

    0 1 Reply
  7. ntsmkfob

    Interesting that Apple have made firmware version checking a critical part of the upgrade to High Sierra.

    0 0 Reply

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like