Apple has long made marketing hay of the security benefits associated with macOS and iOS devices. Users were willing to pay a premium for Apple hardware and upgrades (compared to Windows and Android-based devices), and remain within the walled garden of Apple services in exchange for better security and privacy.
A series of headline-making glitches and failures in 2023 raises a question regarding user perception of Apple’s marketing hype.
A few lowlights from 2023:
- A new wave of infostealers targeting macOS: Infostealers are a type of malware designed to exfiltrate sensitive data. MacOS-based computers have been more affected this year than ever before, according to cybersecurity firm SentinelOne.
“Throughout 2023, we have observed a number of new infostealer families including MacStealer, Pureland, Atomic Stealer and RealStealer (aka Realst),” announced SentinelOne in a blog describing another infostealer strain called Metastealer. The primary means of distributing the malware has been via malicious Google Ads and email attachments targeting businesses using macOS-based devices. - Apple ‘Find My’ network used for password theft: As anyone who’s lost their iPhone in the cushions of a couch will tell you, Apple’s “Find My” service can be convenient. Unfortunately, a proof-of-concept published this year found that it can be exploited by hackers. Even devices that weren’t connected to the Internet were vulnerable to password theft using low-energy Bluetooth settings and $50 hardware.
- iPhone WiFi privacy protections didn’t work: As part of their pro-privacy marketing, Apple released a mobile feature three years ago that claimed to hide unique identifying IDs from prying eyes. Researchers say they don’t work.
“From the get-go, this feature was useless…We couldn’t stop the devices from sending these discovery requests, even with a VPN. Even in the Lockdown Mode,” said Tommy Mysk, one of the security researchers who discovered the gaping security hole.
- North Korean hackers launched a wave of attacks against macOS-based financial targets: North Korean state hackers have been on something of a robbery spree since 2019. An estimated $2 billion in crypto and other currencies may have been siphoned from victims’ accounts. Now Apple users, who have largely been spared crypto theft up to this point, found themselves in the crosshairs of a group called BlueNoroff that has developed malware that targets Mac users through command and control-based domains capable of exploiting their devices.
- Security alert scams targeted iOS devices: Malicious pop-ups have long plagued Windows and Android users, but iOS devices were largely unaffected. In 2023, an increasing number of iPhone users have been targeted by phony security alerts about device compromise. While this vector of attack is more of a nuisance (the pop ups can be disregarded), the software behind the exploit is harder to get rid of than earlier iterations.
- Apple is vulnerable to Pegasus spyware: Apple has tried to block the NSO Group’s infamous zero-click Pegasus spyware, its developers have managed to circumvent even the most advanced security protections.
Are Apple devices still secure?
Despite its flaws, Apple does spend considerable time and resources on device security, and they are less vulnerable to the kinds of security holes and bugs so familiar to users of Android and Windows-based devices.
While Apple products may be more secure, they’re not completely secure. After decades of being regarded as a safer alternative, users of Apple products are by no means absolutely safe from malware and zero-day exploits. Good cyber hygiene continues to be the best form of protection against cyber threats.