Menu
Get Support
Free Discovery Session

Apple PCs and Macs Are at Potential Risk of Boot Bug Due to Outdated Software

Peerless Tech Solutions
October 2, 2017

Apple Mac computers are being exposed to security risks because core software is outdated, research suggests.

Duo Security found that 4.2% of the 74,000 Macs it tested ran insecure versions of software that helps get the machines running.

The figure was likely to be replicated in the global population of Macs and worse on PCs.

Apple welcomed the research and said it was improving how it updated machines.

During Duo Security's research, they looked at versions of a type of software known as the extensible firmware interface (EFI) on a large population of Apple Mac computers currently in use.

Many Macs Duo tested had never had their EFI updated. Some were using old versions of the code even though they were up to date with operating system and application security patches.

Macs and PCs in the Southern Maryland, Charles, Calvert, St. Mary's areas are at risk from the boot bug. Many of these computers have never had their EFI updated.

"It's a silent failure because the user or administrator is never notified," he said, adding that it was not clear what had stopped some machines updating their EFI correctly.

Attacks via the EFI were rare, said Mr. Smith, because attackers typically had faster or more lucrative ways to steal cash from victims.

However, the most "sophisticated" attackers were likely to use them because they gave them deep access to a target system.

"You can do anything from there and circumvent any of the controls that are higher in the system," he said.

In a statement, Apple said it "appreciated" the work Duo did highlighting what it called an "industry-wide" issue.

"Apple continues to work diligently in the area of firmware security and we're always exploring ways to make our systems even more secure," it said. The newest version of its Mac operating system, called High Sierra, applies weekly checks to ensure machines have an up-to-date EFI.

Mr. Smith agreed that every computer makes could do better at handling EFI updates.

"The problems we found with Apple are indicative of an industry-wide problem," he said. "On the PC we expect the situation to be quite a lot worse."

Don't Miss an Article!

You May Also Like

These Stories on Vulnerability

Subscribe by Email

Get The Latest From Peerless Right in Your Inbox