Are Apple products really 'invulnerable'?

In fact, users of Apple products such as MacBook, iPhone or other products pay attention to checking the hardware of these products, such as the type of chip used, memory capacity and other new features.

Meanwhile, very few users care about the operating systems of these products, because they think that operating systems such as Apple's macOS or iOS are extremely secure, impenetrable and do not need to be thoroughly tested. However, the reality is that Apple products are not as impenetrable as many people mistakenly believe, because cybercriminals are trying to penetrate these systems.

Apple's desktop operating system has steadily gained ground over the past decade and now accounts for nearly 18 percent of desktops worldwide, up from 10 percent in 2013, according to statistics from Ireland-based web traffic analytics firm Statcounter. However, computers running Apple's MacOS are less frequently targeted than those running Microsoft's Windows operating system. Most threat actors are dedicating their time and resources to exploiting security vulnerabilities in Microsoft's operating system.

The MacOS Threat Landscape Report by cybersecurity software maker Bitdefender (Romania) said that although targeting is less common on Apple products, the findings show that cybercriminals will try harder to get Mac users to click on links to install Trojans and ransomware.

A common misconception is that Apple products running macOS and iOS do not require cybersecurity testing and are immune to targeted cybercrime campaigns. On the contrary, findings from Bitdefender’s report show that Mac users continue to be the target of many cybersecurity threats.

Apple users are now faced with the need to patch actively exploited vulnerabilities, as threat actors have used various forms of attacks such as social engineering, which is a form of attack in which the attacker directly impacts human psychology (social skills) to steal information and data of individuals and organizations, or the “spray and pray” tactic, which means attackers send as many spam, malicious emails or fake ads as possible to get users to download ransomware.

Furthermore, spyware vendors are increasingly targeting Apple's iOS operating system, which shares many common components with the macOS operating system, such as the WebKit browser engine used in the Safari web browser.

Last year, for example, Apple users were urged to update their iPhones, iPads, and Mac computers to guard against two security flaws that could allow attackers to take complete control of their devices. In a report by the UK newspaper The Guardian, Apple said there were credible reports of hackers exploiting these flaws against users.

Malware (Trojans) are the biggest threat to Apple's Mac computers

Bitdefender's report highlights three main threats targeting Apple users, including Malware, Adware, and Potentially Unwanted Programs.

Malware (Trojan): This is considered the biggest threat to Macs, accounting for more than half of all detected threats. Threat actors use social engineering tactics (spam, phishing, social media), fraudulent advertising (malvertising), and infected file downloads via torrent or warez sites. The most common malware targeting Macs is EvilQuest ransomware, with a 52.7% market share. This malware includes ransomware designed to encrypt and steal victims' files, as well as a keylogger to record keystrokes and steal personal or financial data.

Adware:Adware is understood as any software in which advertising banners are displayed at the same time as the program is running. The developers of these applications have added code that serves advertisements, which can be viewed through pop-up windows or through a bar that appears on the computer screen. Adware generates huge revenue for the developer by automatically generating online advertisements in the software's user interface or on the screen shown to the user during the installation process.

Malicious adware can find its way onto a computer through pop-up ads, unrecognizable windows, and the like. Once installed on a computer, malicious adware can perform a variety of unwanted tasks, such as tracking a user's location, search activity, and history of websites viewed. The malware developer can then sell this information to third parties.

Adware accounts for more than 20% of threats targeting Mac computers. Adware is installed on computers after users intentionally run freeware programs, fake installers, software downloaded from torrent sites, pirated programs, malicious links, malicious ads, etc.

Potentially unwanted program(Potentially Unwanted Applications - PUAs):These programs are often found as freeware, packaged applications, or utility (system cleaner) applications with hidden functionality such as data tracking. Some potentially unwanted programs hijack the user's browser, change the default search engine, and install plugins without the user's consent.

Potentially unwanted programs can also modify third-party applications, download additional (unwanted) software, and change system settings. Potentially unwanted programs account for 25.3% of executable threats to Mac computers.

While Bitdefender's report acknowledges that Apple products pose fewer threats than the Microsoft or Google product ecosystems, Apple products still need to be considered and tested.

Apple products are not invulnerable to threats

Bitdefender's report suggests that Apple products are not invulnerable to cyber threats. Malware tailored to infect Macs is more suited to its targets. Threat actors have less of an attack surface to exploit, so they are forced to optimize their techniques and procedures to ensure greater success.

Apple also continues to issue security patches to address critical vulnerabilities that are reportedly being “actively exploited” by threat actors. Many of these vulnerabilities have been found in key components shared by both Macs and iPhones. However, users often delay software updates and security fixes, with statistics showing that the majority of Mac owners are still using older versions of the macOS operating system.

In summary, Bitdefender advises Mac users to always use the latest version of the operating system and to apply new security patches promptly. In addition to regularly checking Apple products, it is equally important to never download software from unofficial sources, such as torrents and warez sites.

“Our findings send a clear signal that Mac users are becoming more vulnerable to online threats, making it important to deploy a dedicated security solution to monitor for any potential malicious activity,” Bitdefender’s report concluded.