Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack(ars technica)

What I read is that on Apple hardware the image is hardcoded as part of the signed/validated firmware as its tiny and monochrome, and they didn't bother with a facility to dynamically load it during boot. Someone also said (maybe in the article, I don't recall) that Dell includes the image in the signed part of the firmware so it's not modifiable as well, even though the loading routines are just as vulnerable as others, there's no way to get to them.

There are probably a bunch of ways to detect modified boot logo files, by changing the logo to something custom, if it gets reverted to a stock looking one, maybe something is up, or just put additional audit and AV scanning around modifying this image, AV vendors could probably get the SHA512 hash of all the extant custom images from their installed base and check for shenanigans, flagging any new hashes for further scrutiny, or blocking modification.

Im sure there is going to be a long tail of exploitable systems but it is possible to get a handle on this for new systems and maintained systems I think.