There is a discrepancy between the frequency and thoroughness of Apple’s Mac Operating System (OS X) and app security updates, and updates for the underlying firmware (EFI) on Mac computers. Researchers have found that on a sample of 73,324 Macs deployed in production settings, 4.2% are running outdated EFI — leaving them potentially vulnerable to new exploits.
EFI is the modern form of BIOS — it’s where the instructions for getting the system successfully started are kept. As such, it occupies privilege level ring -2 and is responsible for loading the operating system from ring 0. In short, instructions on the firmware sit below the operating system and below all of the applications (including security software) that run on top of the operating system. Any malware that can be installed into this firmware is virtually invisible and almost impossible to clear.
The discrepancy between EFI and OS updates was discovered by Duo Security and announced in a report (PDF) and blog published today. The report will be presented by authors Rich Smith and Pepijn Bruienneat at this year’s ekoparty conference in Buenos Aires.
The research started from the hypothesis that firmware and software updates do not necessarily proceed in step. Macs were chosen, say the authors in their blog post, because “Apple is in a somewhat unique position of controlling the full stack from hardware, through firmware, OS, and all the way up to application software and can be considered widely deployed.” This made the research simpler, but they stress that they do not believe the issues they discovered are unique to Apple.
Since 2015, Apple has released EFI updates contained within its larger OS and security updates. This meant that the researchers could examine the current operating system build on a Mac, and know what firmware version should also be installed. “The comparison and observed discrepancies between these two datasets,” explain the authors, “gives us a way to look at the deviance between the expected state of a Mac’s EFI and the actual state as we observed from systems in real-world use.”
The researchers then analyzed more than 70,000 Macs being used in production environments and found that 4.2% were running firmware versions pre-dating the versions that could have been expected. For some Mac versions, the discrepancy was even greater; for example, 43% of the iMac 21.5″ model from late 2015 were running incorrect versions of the EFI firmware.
“The size of this discrepancy is somewhat surprising,” note the authors, “given that the latest version of EFI firmware should be automatically installed alongside the OS updates.” Since the firmware updates are delivered as part of the OS updates, they would be installed automatically and invisibly (to the user) at the same time. The implication is that this is an issue stemming from Apple, and not some ‘patch later’ policy from the user.
Firmware attacks are neither simple nor that common, and tend to be used only against high-value targets. However, Duo Security points out that insecure firmware can leave users unknowingly susceptible to previously disclosed vulnerabilities such as Thunderstrike and the recent WikiLeaks Vault 7 data dumps that detail attacks against firmware.
Home users should probably not worry too much; however, says Smith, “The sophisticated and targeted nature of firmware attacks should be of particular concern to those who have higher security clearance or access to sensitive information at their respective organizations.”
Back in 2012, Kaspersky Lab detailed targeted attacks against OS X users among Uyghur activists. This would be an example of a well-resourced attacker (possibly state-sponsored) attacking a high-value target (political dissidents). Had the attacks succeeded against the Mac firmware, they would not have been so easily discovered by Kaspersky Lab.
This is because, in Smith’s words, EFI compromises offer three particularly worrying characteristics: they are low level, exceptionally stealthy, and highly persistent. They can read and write arbitrarily to disk or memory before the machine boots; they can deliver false information to any security tool trying to find them; and they can resist re-boots, re-installing the operating system, and even replacing the hard disk altogether.
The solution to the problem is to try to match the firmware with the OS updates; that is, to get EFI and OS back in step. Duo provides apps to help users discover the firmware in use. Where this is not possible, Smith suggests, “it would be well worth considering replacing Macs that cannot have updated EFI firmware applied, or moving them into roles where they are not exposed to EFI attacks (physically secure, controlled network access). While EFI attacks are currently considered both sophisticated and targeted, depending on the nature of the work your organization does and the value of the data you work with, it’s quite possible that EFI attacks fall within your threat model. In this regard, vulnerability to EFI security issues should carry the same weight as vulnerability to software security issues.”
Duo Security reported its findings to Apple in late June. Apple has acknowledged a problem. “Interactions with Apple have been very positive,” comments Smith, “and they seemed to genuinely appreciate the work and agreed with our methodologies, findings and conclusions. Despite the issues we found, we truly believe that Apple is leading the way in terms of taking EFI security seriously. They have continued to take steps forward with the release of macOS 10.13 (High Sierra). They have a world class firmware security team and we are excited to see the new security approaches they will take in future to keep the EFI environment even more secure.”