Updating firmware on an imac
For one attack known as Thunderstrike, likely used at times by the CIA to plant spyware deep inside victim computers according to recent releases from Wiki Leaks, the researchers say 47 models of PC didn't receive firmware patches to prevent the attack.
That may be in part due to the hardware restrictions of that Thunderstrike attack, the researchers concede, given that it requires a hacker to have physical access to the target computer's Thunderbolt port, a component many older Macs lack.
But they also found that 31 models of Mac didn't receive firmware patches against another attack known as Thunderstrike 2, a more evolved EFI infection technique that could be performed remotely.
(Duo has released an open source tool to check your Mac's firmware version for vulnerabilities here.)"That’s a big danger," says Thomas Reed, the head of Apple research at security firm Malware Bytes.
When a message says your computer's firmware has been successfully updated to version 4.1.9, you are finished.
Note: If a message says the update was not completed successfully, review the instructions and begin the update process again.
And that's not because lazy users have neglected to install them, but because Apple's firmware updates frequently fail without any notice to the user, or simply because Apple silently stopped offering those computers firmware updates---in some cases even against known hacking techniques.
At today's Ekoparty security conference, security firm Duo plans to present research on how it delved into the guts of tens of thousands of computers to measure the real-world state of Apple's so-called extensible firmware interface, or EFI.
"We don’t know why all the EFI updates aren’t taking; we know that they aren’t," says Duo's Smith.
For some specific models, the results were far worse: For one desktop i Mac, the late 2015 21.5 inch screen model, the researchers found failed EFI updates in 43 percent of machines.
And three versions of the 2016 Macbook Pro had the wrong EFI version for their operating system version in 25 to 35 percent of cases, suggesting they too had serious EFI update failure rates.
Note: After you install this update, the parameter RAM (PRAM) is reset.
This may reset some of your control panels to default settings.That makes it an attractive, if arcane, target for hackers: Gain control of a computer's EFI---as both the NSA and CIA have demonstrated the ability to do in recent years, according to classified documentation leaked to and Wiki Leaks---and an attacker can plant malware that exists outside the operating system; running an antivirus scan won't detect it, and even wiping the computer's entire storage drive won't eradicate it.