In-field firmware update is a feature that is increasingly used in microcontroller-based applications today and important benefits include service and support to products that are already deployed in the field (for example, being able to correct bugs or add new functionalities). As common as in-field firmware updates are in embedded systems, this feature is also commonly exploited by attackers; if the update process is vulnerable, it can compromise the security of the system. This application report discusses the various security issues and respective measures to implement secure in-field firmware updates through the firmware transport and download process.