Last month, reports came out that Apple accidentally installed a fake firmware patch on internal development servers. That’s a lesson to all companies to be careful about where they get their patches.
What may have happened is that an Apple employee installed a patch shared by the hardware vendor’s employee, instead of using the official release of the patch, said Chris Nietzold, senior platform engineer at security appliance manufacturer MBX Systems.
“They may have procured the firmware from an unofficial source and didn’t follow the official release schedule,” he said.
The firmware included a potential security vulnerability and Apple reportedly ended its relationship with the supplier, Super Micro Computer, as a result.