Slashdot Mirror

← Back to Stories (view on slashdot.org)

Critical EFI Code in Millions of Macs Isn't Getting Apple's Updates (wired.com)

Posted by msmash on from the security-woes dept.

Andy Greenberg, writing for Wired:At today's Ekoparty security conference, security firm Duo plans to present research on how it delved into the guts of tens of thousands of computers to measure the real-world state of Apple's so-called extensible firmware interface, or EFI. This is the firmware that runs before your PC's operating system boots and has the potential to corrupt practically everything else that happens on your machine. Duo found that even Macs with perfectly updated operating systems often have much older EFI code, due to either Apple's neglecting to push out EFI updates to those machines or failing to warn users when their firmware update hits a technical glitch and silently fails. For certain models of Apple laptops and desktop computers, close to a third or half of machines have EFI versions that haven't kept pace with their operating system system updates. And for many models, Apple hasn't released new firmware updates at all, leaving a subset of Apple machines vulnerable to known years-old EFI attacks that could gain deep and persistent control of a victim's machine.

2 of 91 comments (clear)

  1. When will be free of the Overlords? by Anonymous Coward · · Score: 3, Insightful

    Just give us control over our own damn equipment! Let us form our own communities that will service these machines as necessary.

    Why is everything shrouded in a goddamn fucking mystery? WHY?!

  2. Re:Apple's solution by Mordaximus · · Score: 4, Insightful

    Apple's solution is probably "buy a new Mac". Tim Cook said himself that Apple products are not for the rich so buying another $1000+ computer every year or two shouldn't be a problem for anyone.

    Next up: Tim Cook doesn't understand the meaning of "rich" compared to the rest of the population.

    Except that the people who upgrade their Macs every year or two are few and far between. Apple knows this well. That said, TFA even mentions the EFI update failed on certain percentages of NEWER systems, like the 2-16 MacBook. To wit: " And three versions of the 2016 Macbook Pro had the wrong EFI version for their operating system version in 25% to 35% of cases, suggesting they too had serious EFI update failure rates."

    This doesn't sound nefarious to me, it sounds more like there's a hiccup in the update process, which thankfully doesn't render the system a brick when it fails. Naturally something that needs to be addressed though.

    For what it's worth, I'm happily working away on a 2011 iMac, which in the past 6 years has only had one problem, a failed hard drive. This was a recent, and certainly not unexpected failure. Anecdotal for sure, but this is the case for most people I know who own a Mac as well. It's also the reason they (and I) will purchase a new one when the time is right. I know it's trendy to blindly bash on Apple though.