Macs Vulnerable to Firmware Attacks Like 'Thunderstrike', Says Duo Security

Advertisement
By Reuters | Updated: 29 September 2017 18:11 IST
Highlights
  • Apple has not been able to entirely provide security fixes to macOS
  • Duo Security found this in its report released on Friday
  • It found that 43 percent of Mac machines had out-of-date firmware
Macs Vulnerable to Firmware Attacks Like 'Thunderstrike', Says Duo Security

Since 2015, Apple Inc has tried to protect its Mac line of computers from a form of hacking that is extremely hard to detect, but it has not been entirely successful in getting the fixes to its customers, according to research released on Friday by Duo Security.

Duo examined what is known as firmware in the Mac computers. Firmware is an in-built kind of software that is even more basic than an operating system like Microsoft Windows or macOS.

When a computer is first powered on - before the operating system has even booted up - firmware checks to make sure that basic components like a hard disk and processor are present and tells them what to do. That makes malicious code hiding in it hard to spot.

In most cases, firmware is a hassle to update with the latest security patches. Updates have to be carried out separately from the operating system updates that are more commonplace.

Advertisement

In 2015, Apple started bundling firmware updates along with operating system updates for Mac machines in an effort to ensure firmware on them stayed up to date.

But Duo surveyed 73,000 Mac computers operating in the real world and found that 4.2 percent of them were not running the firmware they should have been based on their operating system. In some models - such as the 21.5-inch iMac released in late 2015 - 43 percent of machines had out-of-date firmware.

Advertisement

That left many Macs open to hacks like the "Thunderstrike" attack, where hackers can control a Mac after plugging an Ethernet adapter into the machine's so-called thunderbolt port.

Paradoxically, it was only possible to find the potentially vulnerable machines because Apple is the only computer maker that has sought to make firmware updates part of its regular software updates, making it both more trackable and the best in the industry for firmware updates, Rich Smith, director of research and development at Duo, told Reuters in an interview.

Advertisement

Duo said that it had informed Apple of its findings before making them public on Friday. In a statement, Apple said it was aware of the issue and is moving to address it.

"Apple continues to work diligently in the area of firmware security, and we're always exploring ways to make our systems even more secure," the company said in a statement. "In order to provide a safer and more secure experience in this area, macOS High Sierra automatically validates Mac firmware weekly."

© Thomson Reuters 2017

 
Post your comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Duo Security, Apple, macOS, macOS Bug, Apple Hack
Internet Penetration in Rural India Is Abysmal, Finds COAI's IMC-Deloitte Report
Google Says User Data Requests From India at an All-Time High
Advertisement

Related Stories

Tech News in Hindi »

More Technology News in Hindi »
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Realme Neo 7 Turbo Launch Date Confirmed; Teased to Run on This New Chipset
  2. Metaphor: ReFantazio is Coming to Xbox Game Pass Next Week
  3. Tecno Pova Curve 5G India Launch Date Announced
  4. SpaceX Successfully Launches 23 Starlink Satellites on Brand-New Falcon 9 Rocket
  5. Sam Altman Reportedly Drops Clues About 'Secret' AI Device With Jony Ive
  6. Computex 2025: Five Takeaways From Asia's Biggest AI Tech Show
  7. Motorola Razr 60 Will Launch in India on This Date
  8. Sneaky Links: Dating After Dark Now Streaming on Netflix: What You Need to Know
#Latest Stories
  1. SpaceX Successfully Launches 23 Starlink Satellites on Brand-New Falcon 9 Rocket
  2. Polaris Wasn’t Always the North Star: How Earth’s Wobble Shifts the Celestial Pole
  3. Scientists Warn of Inadequate Solar Storm Forecasting: What You Need to Know
  4. NASA’s Perseverance Explores Mars' Oldest Rocks in Krokodillen Region
  5. New Study Uses AI to Reveal Dry Origins of Mars’ Mysterious Slope Streaks
  6. Ancient 14,000-Year-Old Solar Storm Revealed as Strongest Ever Recorded in Earth’s History
  7. New Study Confirms TeV Halos Are Common in Middle-Aged Pulsars
  8. Capuchin Monkeys Abduct Baby Howler Monkeys on Panama’s Jicarón Island, New Study Reveals
  9. Sneaky Links: Dating After Dark Now Streaming on Netflix: What You Need to Know
  10. Devika & Danny OTT Release Date Revealed: When and Where to Watch It Online?
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.