4.2% of 73,324 real-world Macs used in the enterprise environments were found running a different EFI firmware version they should not be running. Apple does not even warn its users of the failed EFI update process or technical glitch, leaving millions of Macs users vulnerable to sophisticated and advanced persistent cyber attacks. 43% of the analysed iMac models (21.5″ of late 2015) were running outdated, insecure firmware, and at least 16 Mac models had never received any updates when Mac OS X 10.10 and 10.12 was available.
Source: https://thehackernews.com/2017/09/apple-mac-efi-malware.html