Apple computers Are At Risk From Flawed Updates, Researchers Find

by Muhammad Irfan Raza
0 comment
macbook vs macbook pro 2

Maybe it isn’t a great gadget, but it stops hackers from using well-known bugs to break into your computer. In fact, it’s the most important thing you can do to keep your computer safe.

But there isn’t much you can you do if the update has got some malicious codes the way it has to. That’s what’s happening with some automatic updates to Apple computers. According to research published by Duo Security on Friday, Apple updates can sometimes leave out very important patches to computer firmware, the updatable code that runs on chips and computer processors.



Out of more than 73,000 Macs reviewed by the researchers, 4.2 percent didn’t have the genuine version of firmware they should’ve had. Some models of Apple computers, many of them older, were especially behind the curve, with 16 of them showing no firmware updates and 18 of them appearing only to have been updated before leaving the factory. That seems suspicious!

In the computers with firmware that was older than expected,

“The update failed for some reason, and that failure was never noticed,” said Rich Smith, director of research and development at Duo Labs.

The missing updates highlight an area of computer security, Smith said doesn’t get as much attention as it should have to. It’s especially dangerous for the firmware to be left vulnerable to hackers because it runs the most powerful code present in the firmware. A hacker could use the code to gain complete control over a computer and potentially access any network that the computer can.

Apple said it appreciated Duo’s research. In an emailed statement, the Mac maker added that it “continues to work diligently in the area of firmware security, and we’re always exploring ways to make our systems even more secure.”

On Monday, Apple announced that its newest operating system, MacOS 10.13 or High Sierra, will check a computer’s firmware weekly. According to Apple Insider, if an update failed and the firmware isn’t up-to-date, users will be asked to send Apple a report (affected computers will still be usable). Well, that’s a great step!

What’s firmware?
Firmware is a category of software that sits “in the dark end of the system that people are less familiar with,” Smith said.

Your laptop, or any computerized hardware, has a silicon chip inside that runs everything. Most importantly, it starts up your computer when you press the power button, but it has more features than that. Sometimes features of that chip are permanent, but some can be updated after you purchase your device. Some updates are hardware prominent while some are software prominent.

Updating your software is one of the best ways to keep your computer safe from hackers. But Mac firmware updates sometimes fail without alerting users, leaving computers vulnerable.
Updating your software is one of the best ways to keep your computer safe from hackers. But Mac firmware updates sometimes fail without alerting users, leaving computers vulnerable.

“Firmware is halfway between hardware and software,” Smith said. “It’s a silicon chip that can receive aftermarket updates to it.”

In the past few years, Apple has made it much easier to update firmware by allowing the new code to download automatically while the operating system updates. That’s progress, Smith said, but his research team suspected the process might still have some hiccups.

Apple may not be alone, Smith said Windows computers likely have similar (or worse) problems, but he doesn’t yet have data to support that suspicion.

His team focused on Apple for “lazy reasons,” Smith said. Each firmware update is tied to a specific update of the operating system on Apple computers, so it’s easy to see exactly what firmware you’d expect a given machine to have. What’s more, Apple controls everything about its computers, from the manufacture and sale to the updates down the road.

The process of building, selling and updating Windows machines is “far more fragmented and complex,” and it’s harder to know what version of firmware a given computer should be running.

Microsoft declined to comment for this report.

Duo Security is releasing open-source tools on Friday it hopes will help users check whether their computers are running the right version of firmware. The tools still need refining before they can help regular people check their firmware, Smith said, so it’s not clear when you’ll be able to use them.

Apple will continue to offer software updates for its previous two operating systems, which would ostensibly include firmware updates, but it won’t validate the firmware on a weekly basis. So for now, the only way to make sure you’re running the most current firmware is to update to High Sierra.

Image Source: CNET


You may also like

Leave a Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More