The Take-Aways

  1. In cyber-security terms Apple computers and devices are now at similar risk from cyber-attacks as any other manufacturer's computers and devices. 
  2. Since around 2010, Apple OSX and iOS  computers and devices have been increasingly subject to successful cyber-attacks, year on year, and the attacks are increasingly serious.
  3. Protection from cyber-attacks on Apple OSX and iOS computers, devices and networks follows the same strategies as for Windows or Linux.
  4. Having multiple, staged offline backups is important - especially for protection against ransomware.
  5. Avoid pirated or other uncertified software.


Apple users see themselves as having very few cyber-security incidents. In part this is due to a reasonably secure arrangement and hackers focusing on easier targets. In part, however,  the way the usability design avoids revealing technical aspects of the system  means the cyber-security limitations of Apple computers have been somewhat hidden from users and the public.

The proliferation of malware and other cyber threats for Apple computers and devices has increased significantly since 2010. By 2012, Apple had changed its advertising from ‘Safeguard your data, by doing nothing' to  ‘Safety. Built in’. Around the same time, the Flashback botnet attacked 600,000 Apple computers, and journalist Mat Honan’s life was turned upside down by someone using the Apple infrastructure to hack all of his Apple computers and devices and delete all of his data including taking over his social media and email accounts.

By 2013, Apple’s employees’ computers and those of other businesses, including defense contractors using Apple computers, had been hacked. Adam L Penenberg, a journalism lecturer challenged hackers to investigate him and had his Apple computers and iPhone compromised.

By 2014, Palo Alto Networks had identified new malware specifically targeting the iPhone that acted like a virus, could install unwanted applications, and could attack via USB. That year, Kaspersky stated they had blocked  3.7 million infection attempts on Macs. The first OSX and iOS ransomware was in the wild.

In2015, the Xcodeghost malware was discovered infecting around 4000 apps in the Apple store and widely compromising iPhones and iPads. This attack was associated with a technique detailed by the CIA to install backdoors into iOS apps.

2016 brought several new cyber-attacks for Apple. Trend Micros reported that for 2016, identified vulnerabilities of Apple  (i.e. weaknesses that could be attacked)  jumped from 25 (2015) to 50 (2016)  - coming close to, although still less than, Microsoft at 76. In cyber-attack terms, a significant step was the appearance of the FBI and KeRanger ransomware attacks. The KeRanger interestingly hides dormant for 3 days before starting its work and can ransom/encrypt backups as well as the original data. In addition to the ransomware emerged a classic Wi-Fi attack taking advantage of a weakness in the way that Apple devices join networks. This attack persuades them to join an ‘evil’ network without asking. This in turn can be used to access passwords, etc. One of the most odd cyber-attack pathways to emerge in 2016 was a way of bricking Apple computers and devices by resetting the date – with the result that the computer or other device didn’t work ever again.

The end of 2016 brought a wake-up call: the discovery by Malwarebytes in December 2016 of what Apple came to call the Fruitfly malware. The role of Fruitfly was apparently limited to infection of biomedical establishments. The reason it was a wake-up call was that this malware has been in active existence on Apple computers for over a decade undetected (and in fact, updated to suit more recent OSX) and had not been identified. This opens up the possibility there is an unknown amount of undetected Apple malware in circulation hiding in odd corners of code.

2017 has already brought evidence from BitDefender of a new Apple malware that can steal passwords, security keys, screenshots, iPhone account information and more, and sends everything to a central server. This is apparently from the same Advanced Persistent Threat hackers who were responsible for the US election hacks. The primary cyber-protection for Mac users  in this case is to ensure that users only operate through the Standard user profile and not the Administrator profile.

In late February 2017 emerged the Patcher ransomware. The unique feature of the software is that when users files are encrypted by Patcher they are locked for ever. The program code was badly written and fails to enable you to get the decryption key. Paying the ransom doesn't help.  Patcher is spread embedded in Bittorrent delivered (usually pirated) software. Security against Patcher is by avoiding pirated software and having good offline backups.

In all cases, for securing Apple OSX and iOS computers and devices, the appropriate cyber-security protection strategies and strategic responses to successful cyber-attacks are the same as for Windows and other operating systems.




© 2022 Design Out Crime and CPTED Centre. All Rights Reserved.