That leaves a security hole in the system, because although users might have the latest OS version installed, if the EFI firmware is an older version, it lacks the latest fixes of known firmware issues.Īpple released EFI updates separately, but since 2015 the EFI update is bundled in the software update Apple has been pushing out to users.
What Does That Mean to Mac Users?Īfter analyzing 73,000 Macs currently in use, Duo Labs has discovered a discrepancy between the firmware versions they expected the machines to be running and the actual EFI version installed. The catch is that the flaw isn't new and seems to require physical access to the Mac in order to work. The vulnerability allowed the CIA, for example, to spy on targeted Mac users, as a so-called Vault 7 cache of secret CIA documents released by WikiLeaks show.
