An “alarming” number of Macs remain vulnerable to known exploits that completely undermine their security and are almost impossible to detect or fix even after receiving all security updates available from Apple, reports ars technica.
The article says that, per an analysis by the security firm Duo Security of more than 73,000 Macs, several retain vulnerabilities that remain in the Extensible Firmware Interface, or EFI — the software located on a computer motherboard that runs first when a Mac is turned on. EFI identifies what hardware components are available, starts those components up, and hands them over to the operating system.
On average, 4.2% of the Macs analyzed ran EFI versions that were different from what was prescribed by the hardware model and OS version, according to Duo Security. Attacks against EFI are considered especially potent because they give attackers control that starts with the very first instruction a Mac receives.
In an e-mailed statement to ars technica, Apple said: "We appreciate Duo's work on this industry-wide issue and noting Apple’s leading approach to this challenge. Apple continues to work diligently in the area of firmware security and we’re always exploring ways to make our systems even more secure. In order to provide a safer and more secure experience in this area, macOS High Sierra automatically validates Mac firmware weekly.”