The Mac is notorious for being the epitome of privacy and security one can achieve within a rapidly expanding cyber threat landscape. Apple has long marketed these devices as “malware proof,” giving the illusion that Macs are the sleekest and the safest device one could acquire.
However, as people are becoming more inclined to use Macs, the reality of how vulnerable Macs can be is a thundering revelation. In the past few years, security researchers have seen a significant rise in the number of vulnerabilities within Mac. The situation seems particularly dire as various reports surface highlighting how Mac has even lagged behind Windows, giving a shift to this long-standing debate on “Mac vs. Windows.”
A deep-dive into the “2021 State of Malware Report” issues by Malwarebytes reveals how Mac threats have increased by more than 400%, successfully outpacing Windows by a ratio of nearly two to one. The report also shows an alarming rise in the volume of pre-installed malware, adware, and multi-vector attacks, indicating these threat actors’ sophistication. As such problems continue to surface, is it about time to get serious about Mac security?
What is Apple’s stance on Mac security?
It is somewhat understandable that as mac vulnerabilities continue to be on a steady rise, Apple is under scrutiny for its stance on Mac security. Macs are not immune to malware, unlike what the tech giant has once claimed. And for the Mac security situation to be so dire is a problem for many privacy conscious users already trying to maintain online security through VPNs.
As Apple Senior Vice President Craig Federighi’s recently given statement highlights, the Mac malware problem is severe for its users. However, malware is not the only issue that users have come across within the device. There is also a list of several other r vulnerabilities within Macs themselves, highlighting how the problem is not only external but also internal.
There are several delicate vulnerabilities found within MacOS that can allow attackers to install malware within Macs sneakily. While looking into the CVE details of Mac, the situation might seem even worse as the total number of listed vulnerabilities goes as far as 2911. Many of these vulnerabilities found within Macs are a dire threat to users’ privacy and security, exposing them to spyware, hack attacks, and even ransomware incidents.
Amidst all this, what seems even direr is the poor security Apple is promising its users. With the increase in mac devices, it now appears that the tech giant has started favoring its recently revealed OS versions, releasing patches for specific OS.
The recent Hong Kong cyber-attack has revealed how the old macOS is left unpatched to some severe vulnerabilities. In contrast, the new ones such as Cataline and Big Sur have received their respective patches.
Common Mac threats
Mac becoming vulnerable to cyber attacks is a hard pill to swallow. While looking into 2021 events, it is evident that Mac security is declining rapidly, and users are now vulnerable to several types of attacks. Some of the most common Mac vulnerabilities that users can come across are the follows:
Watering Hole campaign
Mac users have been victims of a recent watering-hole attack to compromise a specific group of users by infecting websites and leveraging vulnerabilities present within a device. Mac has recently been particularly prone to fall victim to watering-hole campaigns exposing users to various privacy and security issues. One of the most recent watering-hole campaigns targeting Mac users was discovered by Google’s Threat Analysis Group (TAG). It leveraged the XNU privilege escalation vulnerability present within MacOS allowing threat actors to install backdoors within the victim’s device.
Mac users are also victims of browser vulnerabilities due to a vulnerable Apple WebKit engine. Although it is now patched, this vulnerability affects all browsers on Apple devices and allows threat actors to install malware that spied on victims.
While malware attacks are within themselves scary to encounter, Mac users are reportedly falling victim to even ransomware attacks. One of the most recent malware-as-a-service attacks for Mac users is called XLoader and is capable of collecting login information, screenshot, keystrokes, and even downloading and executing malicious files. The XLoader malware is an evolved version of the previously known Windows malware called Formbook and uses malicious Word documents as an attack vector.
Hack attacks are one of the most rising Mac threats that users can come across. A recent vulnerability discovered by independent security researcher Park Minchan allows threat actors to execute remote commands on users’ computers. The shortcut files have inetloc extensions that would enable threat actors to embed commands within the Mac system. Although internet shortcuts are present even in Windows computers, this particular vulnerability targets Mac devices, especially those relying on the native email client. The attack vector for this vulnerability is a legitimate-looking email containing the inetloc attachment, which automatically gets triggered as the victim opens the email.
How to remain secure with Mac?
Macs are sleek, sophisticated, fast, and very easy to use. These devices are ones you get addicted to as soon as you start using them. However, due to the severe rise in Mac vulnerabilities, users do feel a bit betrayed, especially since, for a long time, Apple has highlighted Mac as secure.
The critical thing to understand here is that Mac has never really been a foolproof device. Like every other price of technology, it is also prone to fall victim to various vulnerabilities. Moreover, since the cyber threat landscape remains in a constant ebb and flow, there is a high possibility that no device is ever really secure once it is connected to the internet. Amidst this, the best practice to remain secure is to follow various cybersecurity practices that ensure robust security.
Users need to realize that Mac devices need the help of robust security tools and their efforts to attain the security they seek. Amidst this is securing their devices with strong antimalware protection, ensuring online data security and privacy through VPNs, and regularly patching their devices with security updates. By following such measures, they can hopefully enjoy the sleekness of mac securely.
Let it be Apple, Windows, or Linux; every device or OS is bound to come across vulnerabilities within its system. Cybersecurity is a contest battle of tug-of-war where each side is ramming its head against the other to gain control. Cybersecurity researchers are trying their best to secure devices and online presence, and cyber threat actors are continually trying to break those defenses. Amidst this, no device can be as completely secure. Therefore, instead of looking for a better alternative, a person should recognize the reality and depth of the rising cyber threat landscape and work to ensure security in the best-known way possible.