For years, Apple users have touted security as a key advantage over their Windows and Android counterparts. “Macs don’t get viruses”, went the common refrain. But as Apple’s computers and iOS devices have become more prolific, attacks against them have risen in both number and sophistication. Macs do in fact get viruses and they’re getting more than ever. iPhones and iPads do have security flaws that are being exploited today by attackers. The bottom line is that no matter what platform you use, you are a target and you are vulnerable.
From bad to worse
Apple’s had a rough couple of months when it comes to security. From inadvertently approving Malware in its macOS App Store to being the last major vendor to patch a 10 year old bug in a widely used utility, the consumer technology giant has faced its share of embarrassment. In December Apple patched a bug that was allegedly being used by middle eastern governments to spy on Al Jazeera journalists.
Just a few weeks ago, Apple issued software updates to fix three critical vulnerabilities that were already being exploited by cybercriminals. The details of exactly how the bad guys are using these bugs have been kept secret by both Apple and the cybersecurity researchers who discovered them, but the general consensus is its bad. Like, click the wrong link and an attacker has access to all of your text messages and social media history bad.
There’s such a level of concern over these issues that one of the large Enterprise clients I work with took the highly unusual step of giving employees just days to update their devices to iOS 14.4 before completely blocking access to the company’s network and other resources. If they’re taking this issues so seriously, so should you.
Even more recently, security researchers discovered that not only had Malware authors successfully recompiled their creations for Apple’s new in-house processors, but up to 30,000 Macs already were infected by a previously unknown strain of Malware known as Silver Sparrow. It’s clear that attackers are taking a much more active interest in the platform than ever before.
What you can do
There are some basic practices everyone should be following, regardless of the platform they’re using:
- Endpoint Protection
It doesn’t matter if you’re running Windows, macOS, or Android – you should have some kind of endpoint protection software running on your devices. At a minimum, this means Anti-Virus software, but increasingly more complex products are called for. The notable exception here is iOS, because Apple does not allow vendors access deep enough access to the core operating system functions to build an effective endpoint protection product. There are plenty of security apps available for the iPhone, but by and large they add no real security. - Regularly Update Your Software
No matter how well designed, all software has flaws and vulnerabilities that can be used to mount cyberattacks. In the past, there was often a gap between vulnerabilities being discovered and exploited in the wild. This is no longer the case; it’s now common for attackers to discover and exploit vulnerabilities before software vendors are even aware of them. Patching your software as soon as possible helps lesson the risk that you’ll fall prey to one of these so-called zero day exploits. - Use Good Cyber Hygiene and Common Sense
No platform is going to protect you from yourself. If you’re using garbage passwords, clicking on links in suspicious e-mails, and just generally making poor cybersecurity decisions, debating the security features of an operating system, whether Windows, MacOS, or iOS, is a moot point. Cybersecurity needs to start with people, not technology. That’s why we include Security Awareness Training for all of our customers.