Critical EFI Code in Millions of Macs Isn't Getting Apple's Updates (wired.com)

← Back to Stories (view on slashdot.org)

Critical EFI Code in Millions of Macs Isn't Getting Apple's Updates (wired.com)

Posted by msmash on Friday September 29, 2017 @06:05AM from the security-woes dept.

Andy Greenberg, writing for Wired:At today's Ekoparty security conference, security firm Duo plans to present research on how it delved into the guts of tens of thousands of computers to measure the real-world state of Apple's so-called extensible firmware interface, or EFI. This is the firmware that runs before your PC's operating system boots and has the potential to corrupt practically everything else that happens on your machine. Duo found that even Macs with perfectly updated operating systems often have much older EFI code, due to either Apple's neglecting to push out EFI updates to those machines or failing to warn users when their firmware update hits a technical glitch and silently fails. For certain models of Apple laptops and desktop computers, close to a third or half of machines have EFI versions that haven't kept pace with their operating system system updates. And for many models, Apple hasn't released new firmware updates at all, leaving a subset of Apple machines vulnerable to known years-old EFI attacks that could gain deep and persistent control of a victim's machine.

2 of 91 comments (clear)

Min score:

Reason:

Sort:

Perspective by Known+Nutter · 2017-09-29 06:37 · Score: 5, Informative

From TFA:

While its research paper is focused on Apple, Duo Security said the same if not worse EFI issues likely affect PCs running Windows or Linux.

But don't let that stop a good Apple ass-whoopin'... carry on.

--
Beware of the Leopard.
1. Re:Perspective by Anonymous Coward · 2017-09-29 07:07 · Score: 2, Informative
  
  Except in the Linux and Windows world you can update your BIOS (which is all EFI is, a special Apple-only BIOS intended to block people from running Linux on Apple hardware) yourself.
  Wow, you have no idea what you are talking about, do you?
  Unified Extensible Firmware Interface: History
  The original motivation for EFI came during early development of the first Intel–HP Itanium systems in the mid-1990s. BIOS limitations (such as 16-bit processor mode, 1 MB addressable space and PC AT hardware) had become too restrictive for the larger server platforms Itanium was targeting.[6] The effort to address these concerns began in 1998 and was initially called Intel Boot Initiative.[7] It was later renamed to Extensible Firmware Interface (EFI).[8][9]
  In July 2005, Intel ceased its development of the EFI specification at version 1.10, and contributed it to the Unified EFI Forum, which has developed the specification as the Unified Extensible Firmware Interface (UEFI). The original EFI specification remains owned by Intel, which exclusively provides licenses for EFI-based products, but the UEFI specification is owned by the Forum.[6][10]
  Version 2.1 of the UEFI specification was released on 7 January 2007. It added cryptography, network authentication and the User Interface Architecture (Human Interface Infrastructure in UEFI). The latest UEFI specification, version 2.7, was approved in May 2017.[11]