Apple Macs and PCs at Risk from Boot Bug
Duo Security the boot bug issue by examining firmware on these computers, it is a type of embedded software that is even more basic than an operating system like Windows or MacOS
Since 2015, Apple has tried to protect its line of Mac computers from the boot bug a form of hacking that is extremely difficult to detect but has not been completely successful in getting the fixes to its customers, according to research from Duo Security for the boot bug issue.
While Duo examining the boot bug issue what is known as firmware on Mac computers. Firmware is a type of embedded software that is even more basic than an operating system such as Microsoft Windows or MacOS, Reuters reports.
Chinese brands fight Apple market share in rich countries
When a computer is first turned on – before the operating system has even booted up – the firmware checks to make sure that the basic components like a hard drive and the processor are present and tells them what to do. That makes the boot bug malicious code hidden in it hard to detect.
In most cases, the firmware is a nuisance to update with the latest security patches. Updates have to be performed separately from the operating system updates that are most common.
By 2015, Apple began packaging firmware updates along with Mac OS operating system upgrades in an effort to ensure the firmware remained up-to-date.
But Duo examined 73,000 Mac computers operating in the real world and found that 4.2 percent of them were not running the firmware that should have been based on their operating system. In some models, such as the 21.5-inch iMac released in late 2015, 43 percent of the machines had outdated firmware and has the susceptible to the boot bug issue.
That left many Macs open to hacking like the “Thunderstrike” attack, in which hackers can control a Mac after connecting an Ethernet adapter to the machine’s so-called Thunderbolt port.
Paradoxically, it was only possible to find potentially vulnerable machines to the boot bug because Apple is the only computer manufacturer that has sought to make firmware updates as part of its regular software updates, making it both more traceable and the best in the industry for firmware upgrades. Duo’s director of research and development told Reuters in an interview.
Duo said he had informed Apple of its findings before releasing them on Friday. In a statement, Apple said it was aware of the issue and is moving to address it.
“Apple is still working diligently in the area of firmware security, and we are always exploring ways to make our systems even more secure,” the company said in a statement. “In order to provide a safer and safer experience in this area, MacOS High Sierra automatically validates the Mac firmware weekly.”