According to new research published by Duo Security, for the last two years Apple has tried very hard to protect its whole Mac range against a type of hacking that it is very difficult to detect. The firm has, however, often failed to get solutions to Mac users.
Duo studied what is referred to as “firmware” in Mac devices — a type of integrated computer program that is even closer to the core of the machine than macOS or Windows.
When you power up your computer, even before the operating system starts, it is the job of the firmware to check that there is a processor and a hard disk. Malicious code hiding here is problematic to find. Quite often it is a hassle to install security patches in firmware and any updates must be implemented separately from those affecting the operating system.
Two years ago, Apple began bundling operating system and firmware upgrades together. According to Duo, 4.2% of Mac computers are still not running the correct firmware version for their operating system release. In certain models, including the 21.5-inch iMac released towards the end of 2015, as many as 43% of devices are not running on updated firmware.
This makes these Macs vulnerable to hacks such as Thunderstrike, where cyber criminals can take over a Mac after inputting an Ethernet adaptor into its Thunderbolt port. Oddly enough, it was because Apple is the only computer manufacturer that has bundled firmware updates with operating system updates that these machines could be found in the first place.
Duo added that it had informed Apple prior to releasing its findings.
Apple responded by saying that it knew about the problem and was taking steps to resolve it. In a statement, the company said: “Apple continues to work diligently in the area of firmware security, and we’re always exploring ways to make our systems even more secure.”