Apple Macs And PCs At Risk From Boot Bug

Circuit board being examinedImage copyright Reuters
Image caption Machines get help to start or "boot" via their EFI

Apple Mac computers are being exposed to security risks because core software is outdated, research suggests.

Duo Security found that 4.2% of the 74,000 Macs it tested ran insecure versions of software that helps get the machines running.

It said the figure was likely to be replicated in the global population of Macs and worse on PCs.

Apple welcomed the research and said it was improving how it updated machines.

In its research, Duo Security looked at the versions of a type of software known as the extensible firmware interface (EFI) on a large population of Apple Mac computers currently in use.

"It's the first bit of code that runs when you press the power button," said Rich Smith, Duo's director of security.

Complete control

Many Macs Duo tested had never had their EFI updated, he said, and some were using old versions of the code even though they were up to date with operating system and application security patches.

"It's a silent failure because the user or administrator is never notified," he said, adding that it was not clear what had stopped some machines updating their EFI correctly.

Attacks via the EFI were rare, said Mr Smith, because attackers typically had faster or more lucrative ways to steal cash from victims.

However, the most "sophisticated" attackers were likely to use them because they gave them deep access to a target system.

"You can do anything from there and circumvent any of the controls that are higher in the system," he said.

Several researchers had developed EFI attacks that some nation states were known to copy, he said.

In a statement, Apple said it "appreciated" the work Duo did highlighting what it called an "industry-wide" issue.

"Apple continues to work diligently in the area of firmware security and we're always exploring ways to make our systems even more secure," it said. The newest version of its Mac operating system, called High Sierra, applies weekly checks to ensure machines have an up-to-date EFI.

Mr Smith agreed that every computer maker could do better at handling EFI updates.

"The problems we found with Apple are indicative of an industry-wide problem," he said. "On the PC we expect the situation to be quite a lot worse."

RECENT NEWS

From Chip War To Cloud War: The Next Frontier In Global Tech Competition

The global chip war, characterized by intense competition among nations and corporations for supremacy in semiconductor ... Read more

The High Stakes Of Tech Regulation: Security Risks And Market Dynamics

The influence of tech giants in the global economy continues to grow, raising crucial questions about how to balance sec... Read more

The Tyranny Of Instagram Interiors: Why It's Time To Break Free From Algorithm-Driven Aesthetics

Instagram has become a dominant force in shaping interior design trends, offering a seemingly endless stream of inspirat... Read more

The Data Crunch In AI: Strategies For Sustainability

Exploring solutions to the imminent exhaustion of internet data for AI training.As the artificial intelligence (AI) indu... Read more

Google Abandons Four-Year Effort To Remove Cookies From Chrome Browser

After four years of dedicated effort, Google has decided to abandon its plan to remove third-party cookies from its Chro... Read more

LinkedIn Embraces AI And Gamification To Drive User Engagement And Revenue

In an effort to tackle slowing revenue growth and enhance user engagement, LinkedIn is turning to artificial intelligenc... Read more

We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy.