When news breaks of a Mac security flaw, it almost always makes headlines. It should not be a surprise that a paper about Mac’s potential vulnerability to an EFI exploit became big news, even when the study’s authors say that most consumer users should not worry.
Most EFI attacks require physical access and sophisticated tools. However, they do warn about the risk when crossing borders during travel. Corporate users that have to protect sensitive data are also at risk.
If that sounds like you, how do you defend yourself?
What Is EFI?
You may be thinking: “I never downloaded EFI! How does it make my computer vulnerable?”
In Macs, the EFI is the boot firmware for your computer. It was the replacement for the Power PC Open Firmware. Its most basic function is loading macOS, and loading your preferences and settings from NVRAM. This same tech is on newer PCs as well and is more commonly known as UEFI.
The Simple Method
The simplest way to protect your Mac from these sort of EFI attacks is to update your Mac to macOS 10.12.6 or later. At this point, your EFI updates apply as part of the OS updates. You can find your current version by going to the Apple Menu and selecting About This Mac.
If you do not see Version 10.12.6 under the macOS Sierra logo, you need to apply updates to your system. Open the Mac App Store and click on the Updates tab at the top. Any available updates show up in this panel. Check to see the target version for each update and repeat until you are at 12.6. You need to reboot several times as the updates apply, so be sure to save your work.
Note: You should always create a backup before installing major updates and operating system upgrades.
Some Macs may not have gotten any updates to their EFI. You can see a list in the paper. The shorthand version is that Macs from earlier than 2010 were not updated at all. Other Macs may not support the latest macOS, making for more complicated updates.
Checking Your Vulnerability
Before you head down the road of chasing down your EFI manually, you want to check if you even have an issue. Thankfully as a part of the study, the researchers created a set of tools to test your EFI.
To check your status, you need to go to a web page and copy some information from your system report. First, open this page.
The site asks you for three pieces of information: EFI Version Number, Mac Model ID, and Build Number.
The first is pretty self-explanatory, this is the version of EFI your Mac is currently running. Your Mac Model ID is the Model Name with a number that you see in Apple Support documentation. For example, MacBookAir5,1 is a 2012 MacBook Air.
The build number is an Apple shorthand for your particular version of macOS. None of this is uniquely identifiable, so you are not putting your privacy at risk when sharing it with the site.
To find your EFI version, open the system report. Hold Option and click the Apple menu, About This Mac changes to System Information. Then, click that to open the System Report. It should open in the Hardware Overview section. If it does not, click Hardware in the left-hand pane to pull it up.
Closer to the bottom of the list you should see an entry: Boot ROM Version. Copy this and paste it into the top field of the site. To get the Mac Model ID, we stay on the same page. The second entry on the page is labeled Model Identifier, copy that and paste it into the second field.
To get the final piece of info, click on Software in the left pane. On that page, the first entry is System Version. It is the full name of your current operating system followed by a code in parentheses. Copy the info inside the parentheses. Then, paste it into the third box.
Finally, click Go. The site compares your info against their database. If you run High Sierra, you get an error that it cannot find a matching EFI version. However, most older versions of macOS return a message about your EFI.
If it says your version matches, you can move on confident that you are not vulnerable. If you get a message that it does not, you need to get an update.
Finding Your Updates Manually
If the site says that you have a vulnerable EFI, you need to get an update. If you are not getting any from the Mac App Store, search for them on Apple’s Support Downloads site. There is not an easy way to get there from the support home page, so use this link.
Click on the Mac Notebooks or Mac Desktops link, and paste in the system name from your about this Mac. It looks something like this: MacBook Air (11-inch, Mid 2012). Because Apple uses this text in the update details, it helps filter out other model years of your Mac.
Look for the latest entry named Your model name EFI Firmware Update x.x. and click on it. This page has the details of the update including what problems it fixes. Download the disk image and mount it. Next, run the package and follow the prompts to update your system to the latest version. Also, you may want to check some of the other downloads for your Mac to make sure that you are not missing any updates.
But the Mac Is Impervious to Hacking!
The study chose Macs because of a homogeneous hardware base. That does not mean Apple is the only manufacturer with EFI issues. PC users should check that they have applied all hardware updates to their machines.
EFI attacks are tricky because they need hardware access, but they are not impossible. The Mac has gained market share recently, especially with more businesses adopting Macs. A more substantial user base has made the Mac a more attractive target for hackers. As a result, Mac users need to think more about security.
What is a security tip that you think Mac users need to know? Are there any persistent myths about Mac security you want to dispel? Let us know in the comments.
Image Credit: Rangizzz/Depositphotos