New study finds small percentage of Macs are running insecure firmware

If you own a Mac and haven't upgraded to the new High Sierra OS, your system could be vulnerable to threats like Thunderstrike, a malware attack that enters through your computer's Thunderbolt port.

Researchers from Duo Security published a white paper today explaining the potential issues, which was first noticed by 9to5Mac. The firm analyzed 73,324 Mac computers and found that, on average, 4.2 percent of them weren't running the proper firmware, leaving the systems vulnerable to cyber attacks. Luckily for consumers, the vulnerabilities aren't thought to be as risky for home users according to a Duo blog post summarizing the paper — but you should still be sure you're running the right firmware.

Although Apple has released security updates to protect against Thunderstrike attacks, the researchers found that, for some reason, the critical updates weren't always applied.

In the most extreme cases, the researchers found that 43 percent of systems for one specific model, a 21.5-inch iMac from late 2015, was running incorrect firmware. The firm called the size of the discrepancy between the firmware versions they expected to find and those they did "surprising," since the latest version of firmware should be automatically installed with other OS updates.

Duo is now releasing security tools to help users check if they're running a version of the firmware with any known vulnerabilities. The firm recommends updating to the latest version of Apple's MacOS. Apple said in a statement to Ars Technica that its latest release, macOS High Sierra, automatically validates Mac firmware on a weekly basis — so if you're worried about the vulnerabilities, you should install the new OS as soon as you can.

For users with older computers that can't be updated, however, Duo recommends ditching the machine and upgrading to a new one. Like every other system, however, even High Sierra has its own vulnerabilities. A researcher already discovered a way to steal user passwords within the new operating system, and others will likely be surfaced in the future. So keep your software updated to the latest versions if you want to protect your computer.