Since the Thunderstrike bootkit attacks targeting Apple firmware were disclosed in 2015, Apple has bundled subsequent EFI updates with its regular macOS security and software updates in an attempt to improve protection around its hardware.
Researchers at Duo Security, however, have uncovered that many of those updates are incomplete, and fleets of Macs running in enterprises worldwide may be woefully out of date when it comes to firmware updates.
This is bad news for businesses and should perk up the ears of advanced attackers who have increasingly gone after hardware level access and persistence on targeted machines.