Lyjotoblog

Timely News as October is National Cyber Security Awareness Month (NCSAM)

A report from Duo Security details a potentially systemic issue that leaves Mac computers susceptible to highly targeted and stealthy attacks.

The report shows Mac users who have updated to the latest operating system or downloaded the most recent security update may not be as secure as they originally thought.

Duo Security’s analysis of more than 73,000 Macs across various industries found the Extensible Firmware Interface (EFI) in many models was not receiving security updates that users thought they were getting. This left users susceptible to previously disclosed vulnerabilities such as Thunderstrike 2 and the recent WikiLeaks Vault 7 data dumps that detail attacks against firmware.

While Apple devices were the focus of the study, experts at the company told The Washington Post that Windows-based machines are even more likely to be at risk, because of the range of manufacturers involved in building PCs.

In 2015, Apple began bundling its software and firmware updates in an effort to ensure users automatically obtain the most current firmware security. This allowed Duo Security to analyze the state of Apple’s EFI security by looking at Mac updates over the past three years.

Duo Security’s key findings are:

Users running a version of the Mac OS that is older than the latest major release (High Sierra) likely have EFI firmware that has not received the latest fixes for known EFI issues. This means those systems can be software-secure but firmware-
On average, 4.2% of Macs running an EFI firmware version that’s different from what they should be running.
At least 16 models have never received any EFI firmware updates. The 21.5” iMac, released in late 2015, has the highest occurrence of incorrect EFI firmware with 43% of sampled systems running incorrect versions.
47 models capable of running 10.12, 10.11, 10.10 did not have an EFI firmware patch addressing the vulnerability, Thunderstrike. 31 models did not have an EFI firmware patch addressing the remote version of the vulnerability, Thunderstrike 2.
Two recent security updates issued by Apple (Security Update 2017-001 for 10.10 and 10.11) contained the wrong firmware with the update. This would indicate regression or a lag in quality assurance.
The National Cyber Security Awareness Month (NCSAM) was created in 2003 by the U.S. Department of Homeland Security and National Cyber Security Alliance to ensure everyone has the resources they need to stay safe and secure online. The goal of NCSAM is to increase the awareness of the ever-evolving cyber security landscape and bring attention to different measures people can take to keep their information protected.