Tuesday, June 19, 2018
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Western Digital Adds 12TB Western Digital Purple Drive to Surveillance Portfolio
Toshiba Delivers RM5 vSAS Series SSDs Targeting SATA Applications
Noctua launches CPU Coolers for LGA3647 Intel Xeon Platforms
Google to Bring Support for Android Messages to Desktop Browser
Tesla's Elon Musk Accuses Worker of Sabotage
Amazon Alexa Will be the Room Service in Marriott Hotels
Nvidia Uses AI to Produce High-quality, 240fps Slow-motion Video From 30fps Source
Panasonic Image Sensor Detects Objects 250 m Ahead at Night with Poor Visibility
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > PC Parts > Researc...
Last 7 Days News : SU MO TU WE TH FR SA All News

Friday, September 29, 2017
Researchers Say Apple Macs and PCs at Risk From Boot Bug


Apple Mac computers are being exposed to security risks because their extensible firmware interface (EFI) core software is outdated, research suggests.

Duo Security found that 4.2% of the 74,000 Macs it tested ran insecure versions of software that helps get the machines running. It said the figure was likely to be replicated in the global population of Macs and worse on PCs.

EFI is the pre-boot environment that has, by and large, replaced the legacy BIOS environment that had been common since the mid to late 1970s.

EFI environment holds particular fascination for security researchers and attackers due to the level of privilege it affords if compromise is successful. In a nutshell, attacking at the EFI layer means that you exert control of a system at a level that allows you to circumvent security controls put in place at higher levels, including the security mechanisms of the OS and applications.

In addition to the ability to circumvent higher level security controls, attacking EFI also makes the adversary very stealthy and hard to detect; it also makes the adversary very difficult to remove - installing a new OS or even replacing the hard disk entirely is not enough to dislodge them.

Duo Security analysed all Apple Mac updates released over the last three years (10.10.0 - 10.12.6) to produce a taxonomy of EFI updates that were contained within the larger OS and Security updates released by Apple.

Duo surveyed 74,000 Mac computers operating in the real world and found that 4.2 percent of them were not running the firmware they should have been based on their operating system. In some models - such as the 21.5-inch iMac released in late 2015 - 43 percent of machines had out-of-date firmware.

That left many Macs open to hacks like the 'Thunderstrike' attack, where hackers can control a Mac after plugging an Ethernet adapter into the machine's so-called thunderbolt port.

Duo said that it had informed Apple of its findings before making them public on Friday. Apple said it was aware of the issue and is moving to address it.



Previous
Next
Nintendo Closes the Wii Shop        All News        TSMC to Build 3nm Fab in Taiwan
AMD's Ryzen Threadripper CPUs Get NVMe RAID Support     PC Parts News      BIOSTAR Introduces 'Plug-and-Mine' Solution for Crypto Mining Motherboards with ethOS USB

Get RSS feed Easy Print E-Mail this Message

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2018 - All rights reserved -
Privacy policy - Contact Us .