A huge Number of Macs are vulnerable to EFI Firmware Attack

Duo examined what is understood as firmware in the Mac computers. Firmware is an in-built kind of software that is even extra basic than an operating system like Microsoft Windows or macOS.

When a machine is first powered on before the operating system has even booted up firmware controls to make sure that basic elements like a hard disk and processor are present and tells them what to do. That makes malicious code stored in it hard to spot.

In most cases, the firmware is an annoyance to update with the latest security patches. Updates have to be stocked out separately from the operating system updates that are more commonplace.

In 2015, Apple began bundling firmware updates along including operating system updates for Mac computers in an effort to ensure firmware on them stayed up to date.

But Duo surveyed 73,000 Mac machines operating in the real world and found that 4.2 percent of them were not rolling the firmware they should have been based on their operating system. In some models such as the 21.5-inch iMac cleared in late 2015 – 43 percent of machines had out-of-date firmware.

That left many Macs open to hacks like the “Thunderstrike” attack, where hackers can manage a Mac after plugging an Ethernet adapter into the machine’s so-called thunderbolt port.

Paradoxically, it was only possible to find the possibly vulnerable machines because Apple is the only computer producer that has sought to make firmware updates part of its regular software updates, making it both more trackable and the best in the enterprise for firmware updates, Rich Smith, director of research and development at Duo, told News in an interview.

Duo said that it had notified Apple of its findings before getting the public announcement on Friday. In a statement, Apple said it was conscious of the issue and is moving to address it.

Take your time to comment on this article.

Related posts

Microsoft To Add Passkey Support With Windows 11

Apple Addressed Two Zero-Day Flaws In Intel-based Macs

Really Simple Security Plugin Flaw Risks 4+ Million WordPress Websites