According to the research released on Friday by Duo Security, Apple Inc has been trying to protect the Mac line of computers since 2015 from a particular type of hacking that is extremely hard to detect, but it has not been entirely successful in getting the fixes to its customers.
Duo Security suggests that the bug lies in the firmware. The firmware is kind of a built-in software which is even basic than an operating system like Microsoft Windows or macOS.
When you first power on the Mac even before the operating system even boots up, the firmware checks to make sure that basic components like a hard disk and processor are present and tells them what to do. This makes it even harder to detect the malicious code hiding in it.
Generally, it is inconvenient to run firmware updates along with the latest patches. The updates have to be run separately from the operating system updates.
In an effort to ensure firmware on them stayed up to date in 2015, Apple started bundling firmware updates along with the operating system updates for Mac machines.
But Duo Security noticed that around 73,000 Mac computers operating in the real world and around 4.2 percent of them were not running the firmware that they should have been based on their operating system.
43 percent of the iMac released in late 2015 had out of date firmware. This situation leaves an open ground for hackers to hacks like the ‘Thunderstrike’ attack, where hackers can control a Mac after plugging an Ethernet adapter into the machine’s so-called thunderbolt port.
The Thunderstrike firmware bug exploits the weaknesses in the firmware of a computer, the embedded operating system which runs the lowest-level functions such as fans, power supply units, and USB ports, and lets the researchers overwrite that software with their own code, and five of these six weaknesses are present on Macs as well as PCs.
Since Apple is the only computer manufacturer who is providing firmware updates as part of the regular software updates it was possible to detect the potentially vulnerable machines. As this makes it trackable and the best in the industry for firmware updates said Rich Smith, director of research and development at Duo Security while talking to Reuters in an interview.
About the findings, Duo said they have already informed Apple before making them public on Friday.
Apples responded to it saying it was aware of the issue and is moving to address it. Apple in a statement said- “Apple continues to work diligently in the area of firmware security, and we´re always exploring ways to make our systems even more secure. In order to provide a safer and more secure experience in this area, macOS High Sierra automatically validates Mac firmware weekly.”