A newly discovered firmware vulnerability could leave countless Windows and Mac computers at risk from a hack, according to security researchers from Duo Labs. The vulnerability could be used by malware to gain deep access to systems.
The bug involves the extensible firmware interface, or EFI, which is the first bit of code that runs when you hit the power button – part of its responsibilities include validating the software that's running on the machine.
Based on tests on 74,000 Apple Macs, the Duo Labs team found that the EFI firmware was not always being updated at the same time as the operating system, leaving a security hole that could potentially be exploited. The vulnerability could also affect Windows PCs, the researchers say.
The good news is that a hack taking advantage of the EFI vulnerability would need to be quite a complex one, and it's only really worth the trouble if you've got some pretty important data locked away on your machine.
What's more, Duo Labs says it hasn't spotted anyone actively making use of this security loophole yet – it's working with Apple and other computer makers to get the bug patched. “For most people in most situations, the risk is currently not severe,” the researchers say.
If you're on a Mac machine, updating to the latest version of the software (macOS High Sierra) is enough to squash the vulnerability. For more details about how the security vulnerability works and how to guard against an attack, see the Duo Labs blog.
- After some security software? Here are our picks