Security researchers find Macs sometimes miss out on critical firmware updates

Why it matters to you

Security updates are just a fact of life, but it’s important to keep an eye on whether they’re working as intended.

Nobody likes applying security updates, but it’s part of having a computer, smartphone, or any electronic device — even your fridge gets security updates. But applying those updates is the best thing you can do to keep your devices safe and secure, and for most Mac users, it’s pretty easy. System and app updates are handled in the Mac App Store, so any time you update Microsoft Office, for example, you can grab your latest system updates without any extra hassle. It turns out, however, that Macs don’t always apply critical updates correctly, and you might be missing out on some firmware patches that could leave your Mac vulnerable.

According to Motherboard, security researchers found that firmware updates sometimes fail behind the scenes — without giving users any indication that the update wasn’t applied properly, leaving those users vulnerable to security exploits.

Firmware updates are a bit more complicated than standard security patches, which might remedy security vulnerabilities in the base operating system. Your computer’s firmware does all of its work beneath your operating system to interface directly with hardware components. It’s like your computer’s plumbing.

It doesn’t need to be updated frequently, but when a firmware vulnerability needs addressing. it’s usually a good idea to get that patched up before it leads to other problems. The security firm Duo found that Apple’s method for patching firmware doesn’t always work, and the problem isn’t just that the patches fail, it’s that users have no recourse when they do.

Take your smartphone for instance. Sometimes system updates fail and you’ll get a notification saying the update didn’t finish — if your battery died or if a background app interfered, for example. But you get the chance to reapply the update.

In some instances, these failed firmware updates are leaving Macs vulnerable to security exploits that can give malware access to highly sensitive information — like your FileVault encryption passwords.

It’s important to point out that Apple has acknowledged this issue and released a tool that will check your Mac’s firmware every week, as of MacOS High Sierra version 10.13. So it’s more important than ever that you grab the most recent MacOS update, to ensure your Mac has an extra layer of protection installed and ready to go.