Security expert warns Apple of potential Mac firmware attacks

Security firm finds some Macs vulnerable to 'firmware' attacks.

Apple's MacBook Pro
A guest points to a new MacBook Pro during an Apple media event in Cupertino, California, U.S. October 27, 2016. REUTERS/Beck Diefenbach Reuters

A security firm has discovered a new vulnerability on Apple's Mac line that it said the company has been struggling to get rid of since 2015.

Michigan-based Duo Security on Friday, September 29 released its latest research examining the firmware of 73,000 Mac computers. Results reveal Macs are vulnerable to firmware attacks after found out that there are loopholes in it.

Also read: Cybersecurity expert fears deadly impact of smart car hacking

Firmware is a software that is less complicated than an operating system (OS). It is designed to check the basic components of a computer if they are existing before the OS boots up. This makes it hard to intercept malicious code.

Around 4 percent of the surveyed Mac computers were found out not running the firmware. In addition, around 43 percent of these machines have outdated firmware, making these machines susceptible to firmware attacks.

Since 2015, Apple incorporated firmware updates along with OS updates for Mac computers to make sure their firmware versions are updated. Only Apple has this system.

Talking to Reuters, Duo Security director of research and development Rich Smith says Apple is in the strategic stance to detect any kind of vulnerabilities on its hardware products since they are run by its own firmware and software, not to mention its regular roll-out of updates.

Smith says they have informed Apple about the potential threat before making it public. Apple says it is aware of the issue and is doing its best to address it as soon as possible.

"Apple continues to work diligently in the area of firmware security, and we're always exploring ways to make our systems even more secure," the company says in a statement. "In order to provide a safer and more secure experience in this area, macOS High Sierra automatically validates Mac firmware weekly."

Related topics : Cybersecurity