Mac Security News: Thousands of Apple PCs Still Vulnerable to Attacks Despite Receiving Patches, Report Claims

By Jessica Ferrera, Christian Post Contributor

It has been recently reported that a number of Mac computers were still vulnerable to sophisticated attacks even after users upgraded their systems with the latest patch versions.

On Friday, Duo Labs released parts of their research on Apple's Extensible Firmware Interface or EFI. In Duo's words, the EFI was also described as a "pre-boot environment" as it was greatly embedded to a computer's motherboard.

The EFI, having this level of hierarchy in a Mac computer's system, is one of the most sensitive parts of the machine. When it is compromised, it can "circumvent security controls put in place at higher levels, including the security mechanisms of the OS and applications," according to Duo Labs.

Get Our Latest News for FREE

Subscribe to get daily/weekly email with the top stories (plus special offers!) from The Christian Post. Be the first to know.

The researchers added: "Attacking EFI also makes the adversary very stealthy and hard to detect ... it also makes the adversary very difficult to remove."

Duo Labs argued that it can also be hard for an OS to analyze if its accompanying EFI was infected with a stealthy virus. Making it worse, the researchers said that having a new OS or hard drive does not ensure a complete clean-up of the compromised component.

Duo Labs gathered 73,000 Macs "deployed in organizations across a number of industry verticals" to see if the OS and security updates released over the past three years remain relevant to keep these computers safe.

To sum up their findings, Duo Labs revealed: "There was a surprisingly high level of discrepancy between the EFI versions we expected to find running on the real-world Mac systems and the EFI versions we actually found running."

This was discovered when despite installing up-to-date patches, the EFI was not updated for some reason. Adding to this was the lack of proper notification to the users and computer administrators that the patches they were installing were not compatible with the EFI they had.

As for the EFI updates, there were varying results. Some of the EFI builds had the needed update, others only received the necessary patch after a serious risk was discovered, while some did not get any protection at all – all of which were unknown to users.

After going through three-years' worth of data, Duo Labs came up with a list of Mac models and OS versions that did not receive proper EFI fixes. Included are iMacs (7,1; 8,1; 9,1; and 10,1), MacBooks (5,1 and 5,2), MacBook Air (2,1), MacBook Pro laptops (3,1; 4,1; 5,1; 5,2; 5,3; and 5,4), and MacPro (3,1; 4,1; and 5,1).

Meanwhile, to make sure that a user's EFI is updated, Mac owners are encouraged to at least install the macOS Sierra 10.12.6 update. If it is impossible because the Mac does not support the OS, the findings imply that it might be time to upgrade to a newer Mac model.

Was this article helpful?

Help keep The Christian Post free for everyone.

By making a recurring donation or a one-time donation of any amount, you're helping to keep CP's articles free and accessible for everyone.

$25/month$50/quarter$100/yearOne-time

We’re sorry to hear that.

Hope you’ll give us another try and check out some other articles. Return to homepage.