How safe is your Mac?


If you think using an Apple computer protects you from viruses and malware, think again, writes Colin Tankard, Managing Director, Digital Pathways.

Apple stopped their marketing phrase ‘we don’t get viruses’ in 2012, which was an admission that Mac computers can get viruses.

It is true that macOS is more secure in many ways than Windows OS, and with lower market share, it makes developing malware less attractive due to the return on investment. But all Macs are still vulnerable to many viruses and malware, and it is a growing problem.

A study by Atlas VPN in 2021 found that the development of macOS malware surged by 1,092% in 2020. This equated to 674,273 new malware samples as compared to 56,556 detected in 2019. Malware, or malicious software, is a collective term for all kinds of threats. Microsoft lumps malware into thirteen distinct categories: backdoors, downloaders, droppers, exploits, hack tools, macro viruses, obfuscators, password stealers, ransomware, rogue security software, trojans, trojan clickers, and worms. The report showed that the development of malicious software for Apple’s macOS, was spreading like wildfire and amounted to an historic high, a trend which the 2022 report indicates is continuing, which is scary. Hackers are clearly shifting their sights onto Mac computers.

Another dent in the Mac security argument was the alert from Apple about the vulnerability in Safari that allowed attackers to take complete control of the device. One of the software weaknesses affected the kernel, the deepest layer of the operating system. The other affected WebKit, the underlying technology of the Safari web browser. Apple’s explanation of the vulnerability meant a hacker could get ‘full admin access to the device’ so that they can ‘execute any code as if they are the user’.

Although a ‘fix’ was quickly released, Apple, like any other operating system, relies mostly on the user applying the patch, which in many cases is delayed or forgotten, extending the risk to the endpoint.

Until the fix was released, the vulnerabilities will have been classed as ‘zero-day’ bugs because a fix was available for them for zero…

Source…