A common belief is that Mac devices are more secure than their Windows or Linux counterparts, and it isn’t entirely misplaced. Privacy advocates cite Apple’s full control over the hardware and software used in their devices and the fact that Mac owners are fewer in number than Windows are some of the reasons for this sense of security.
But strong security doesn’t always imply immunity. Over the years, cybersecurity experts have sounded alarms on exploits within Mac devices like the 2019 Gatekeeper exploit. Although no major instances of hackers using this exploit have been reported, waiting for one to happen is ill-advised for obvious reasons.
Complacency is a worse adversary than hackers themselves. It’s important to always think that hackers will find a way into your device, Mac or otherwise. Consider the following things worth knowing about security for Mac devices.
A person may be right about Mac not being subjected to attacks as much as Windows, with the latter dealing with tens of millions of malware threats annually. It’s only sensible for hackers to focus their efforts on the operating system used by most people. Amid Mac’s growth, Windows still dominates 76% of the desktop market.
However, it doesn’t suggest that hackers don’t show interest in Macs. According to research data published last year, researchers logged over 670,000 new malware threats for macOS in 2020. It may be a drop in the bucket compared to 91 million for Windows, but this count was an all-time high. Before, the highest figure was around 92,000 in 2018.
Granted that the pandemic had fueled the rise of cyberattacks, this shows that cybercriminals will target Macs if they choose to do so. Never leave anything preventable to chance; in this context, it pays to look at online resources for ways to protect your devices.
Giving credit where it’s due, Apple has gotten faster in fixing bugs and other vulnerabilities in their devices. According to an analysis by Google’s Project Zero, a team researching zero-day vulnerabilities, the company has released fixes for 87% of reported bugs within 90 days between 2019 and 2021. On average, it only takes them a little over 60 days.
Then again, looking at this finding from another perspective means that 13% of reported issues aren’t fixed within 90 days. Remember the Gatekeeper exploit discovered in 2019? The security expert credited with discovering it, Filippo Cavallarin, had to publicize his discovery because Apple wasn’t able to release a fix within 90 days.
To be fair to Apple, tech companies still struggle to bridge the gap between understanding the importance of security patching and having the necessary technology and skillset. Additionally, it doesn’t help that some users don’t treat security vulnerabilities with as much urgency as the cybersecurity community does.
With threats growing in complexity, it isn’t surprising that device owners would look to the App Store for security solutions. After all, this repository of Mac-compatible apps offer a sense of security, as they have to follow strict guidelines.
Yet, Meta recently reported that an estimated 400 apps in the App Store and Google Play Store have been harvesting people’s login information (47 were apps in the former).
This trend is consistent with previous analyses. In a special report by the Washington Post last year, 2% of the 1,000 most-downloaded apps from the App Store had conned $48 million out of users. Victims have since lost faith in Apple after losing their money to these apps.
Security experts highly advise only downloading the apps you need and verifying their information on their app store pages. Be wary of apps that require your personal information (e.g., login data, credit card number, contact info). They even suggest taking reviews with a grain of salt, as some apps are known to flood their page with fake five-star ratings to appear authentic.
Amid the level of sophistication involved in modern cyberattacks, the most dangerous tactic that hackers use doesn’t require heavy use of tech. Known as social engineering, this tactic takes full advantage of the human psyche to get results. Users who are overly curious about earning just by ‘clicking this link’ or ‘downloading this app’ are among social engineering’s primary victims.
Fortunately, there are plenty of ways to resist such attacks. For example, virtual private networks (VPNs) go to great lengths to protect a user’s identity on the internet. They encrypt data’s entire journey from the sender to the receiver and vice-versa, making them ideal for browsing while in another country. In a way, VPNs cover a user’s digital footprint.
Macs aren’t targets for hackers as often as Windows, but they’re by no means infallible. If you want to preserve its reputation for security, being aware of the risks that can occur on a Mac is the first step. Tech companies strive to make their devices safer, but it’s up to the user to help them by exercising vigilance.
Channing Blake works as an independent consultant for multiple managed IT firms such as Power Consulting and others. In his free time, he builds robots and participates in robot-building competitions.