Critical Code in Millions of Macs Isn't Getting Apple's Updates

[Chiefcrowe]

https://www.wired.com/story/critical-efi-code-in-millions-of-macs-is-not-getting-apple-updates

 

[XavierMace]

This rubs me as a bit click-baity. Most people recommendation is to not do EFI/BIOS updates until you're having an issue. I disagree with that, but that's somewhat besides the point. I don't believe any other OEM even tries to push out EFI/BIOS updates automatically. In the article, they wait until the end and give you effectively a footnote "oh by the way, Windows and Linux PC's are likely worse off" and we can't really judge the security impact of this.

So in other words, we just wanted to find a way to slight Apple to get clicks.

 

[Chiefcrowe]

You do have a point but I definitely think that this could be changed so that at least people would know if something did not update correctly.

"But unlike an operating system update failure, an EFI update failure doesn't trigger any alert for the user. "We don’t know why all the EFI updates aren’t taking, we know that they aren’t," says Duo's Smith. "And if it doesn’t work, the end user is never notified."

 

[XavierMace]

I completely agree that if it's going to try to autoupdate, it should tell you if that update fails. But if they don't know why it failed and don't have a manual process, then a notification doesn't really accomplish much.