This past week at a conference in Brazil, Duo Labs researchers Rich Smith and Pepijn Bruienne presented a technical paper in which they disclosed serious vulnerabilities of Apple Mac computers to being hacked through their EFI firmware. This firmware boots and manages functions for the computer’s hardware systems. This is a real problem because while Mac users may be receiving automatic software updates, they are not receiving automatic hardware updates. Older versions of the Mac operating system are particularly vulnerable. Here is a link to a posting by Duo Labs that indicates the 16 Mac models that are the most vulnerable to this type of attack because they have not received any EFI firmware updates. In addition this link also contains information about how to fix the situation.
Now that I have scared you, the good news is that it would take an incredibly sophisticated and targeted attack for someone to exploit this vulnerability and ordinary hackers would be unable to do so, however, sophisticated hackers in the employ of countries such as Russia, North Korea or Iran would have the capabilities to exploit this vulnerability. So for individual Mac users your risk of being targeted in an attack of this kind is extremely unlikely. However, this does again point out the importance for all of us to make sure that we constantly update our computer’s operating system and software whenever updates are available and the best way to do that is automatically when possible.