A newly discovered firmware vulnerability could leave countless Windows and Mac computers at risk from a hack, according to security researchers from Duo Labs. The vulnerability could be used by malware to gain deep access to systems.
The bug involves the extensible firmware interface, or EFI, which is the first bit of code that runs when you hit the power button - part of its responsibilities include validating the software that's running on the machine.
Based on tests on 74,000 Apple Macs, the Duo Labs team found that the EFI firmware was not always being updated at the same time as the operating system, leaving a security hole that could potentially be exploited. The vulnerability could also affect Windows PCs, the researchers say.
The good news is that a hack taking advantage of the EFI vulnerability would need to be quite a complex one, and it's only really worth the trouble if you've got some pretty important data locked away on your machine.
What's more, Duo Labs says it hasn't spotted anyone actively making use of this security loophole yet - it's working with Apple and other computer makers to get the bug patched. "For most people in most situations, the risk is currently not severe," the researchers say.
If you're on a Mac machine, updating to the latest version of the software (macOS High Sierra) is enough to squash the vulnerability. For more details about how the security vulnerability works and how to guard against an attack, see the Duo Labs blog.
- Risk less by shelling out for one of the cheap laptops we’ve found
Get daily insight, inspiration and deals in your inbox
Get the hottest deals available in your inbox plus news, reviews, opinion, analysis and more from the TechRadar team.
Dave is a freelance tech journalist who has been writing about gadgets, apps and the web for more than two decades. Based out of Stockport, England, on TechRadar you'll find him covering news, features and reviews, particularly for phones, tablets and wearables. Working to ensure our breaking news coverage is the best in the business over weekends, David also has bylines at Gizmodo, T3, PopSci and a few other places besides, as well as being many years editing the likes of PC Explorer and The Hardware Handbook.