Malicious attacks on Macs and PCs can be carried out in different ways though most believe having patches and credible antivirus software will keep them safe from harm. The case may hold true for folks once the operating system loads. But how about the process that takes place in the BIOS or the Extensive Firmware Interface level (EFI)?

This process is the part when a Mac or PC starts up. This low-level operating system is the first one that loads before the actual operating system (Windows, MacOS or Linux) boots up. To the knowledge of many, the real threats arise when the actual OS loads up.

But according to a study by The Duo Security team (Rich Smith and Pepijn Bruienne), outdated EFIs could make a machine susceptible to attacks.

Older models are easier targets

It should be best to note that older models are more likely to be affected by such attacks. While PCs have gotten some reprieve from patches, the case for Macs is a bit different.

The Duo team analyzed more than 73,000 Macs used in enterprise environments and found 4.2-percent had outdated EFI builds. According to Duo.com, these Apple workstations used in business or high-risk environments would do well to replace them with newer machines.

To be sure, the researchers advise Mac owners to do the necessary and check if their machines are using the correct EFI.

There is a tool available over at Github that can aid users. Alternatively, Apple offers a way to check if a user’s firmware is up-to-date, complete with manuals and instructions.

Home users safe

Each time a potential Firmware exploit is found, most are sent into a panic. It would be best to note however that the threat is likely to target business and enterprises over the home user (unless the one using it is a high-profile individual).

Also, pulling off these EFI attacks would require a lot of work -meaning hackers are not likely to waste their time causing havoc on Mac single users.

According to laptopmag.com, models to watch out include the iMac, MacBooks, Macbook Airs, MacBook Pros manufactured in 2009. Mac Pros manufactured through mid-2012 are also on the list.

There may be some of the models which can update to MacOS 10.12 Sierra. For the ones that cannot be upgraded, Duo suggests that business users may want to consider upgrading them or unplugging them from the company network.

PC and Linux users not off the hook

The whole problem may look like a big issue for the Mac but PC and Linux users need to do their part as well. The best thing to do is check out the motherboard to see who manufactured it. There are also commands to use once the machine boots (i.e. "wmic baseboard get product,Manufacturer,version,serialnumber” and “dxdiag”) or through accessing the BIOS/ UEFI menu. Press “Delete” or “F12”.
© ALL RIGHTS RESERVED