Security researchers with Duo Security have released a study involving various Apple Mac machines.
It revealed that even on systems with the latest version of macOS, the computer’s firmware may be out of date.
The Extensible Firmware Interface (EFI) which provides access to lower-level system functions for operating systems may be outdated, while the operating system is fully patched.
“We called this software secure but firmware vulnerable,” said the researchers.
EFI replaced the Basic Input/Output System which was used on all IBM-PC compatible computers.
“Our analysis also highlighted a number of other discrepancies. One example being a security update released in early 2017, that appears to erroneously contain older versions of EFI firmware than the security update that preceded it in late 2016.”
“Some of these findings raise questions around the level of QA being applied to the EFI firmware components of Apple’s OS and security updates.”
Duo Security said it will release a tool called EFIgy which shows if a system is running the latest EFI version.