When Craig Federighi, Apple’s senior vice president of Software Engineering, said last year, “We have a level of malware on the Mac that we don’t find acceptable,” he apparently really meant it. And Apple seems to be doing something about it.
Apple is a giant taking steps to secure the Mac
Federighi characterized Apple as being in an ongoing battle against malware on the Mac. He also explained that between May 2020 and May 2021, the company identified 130 types of Mac malware that infected 300,000 systems.
Given the Mac’s reputation for security, that may seem counterintuitive, but maintaining a secure platform requires constant vigilance.
We know that in recent years, Apple has intensified the extent to which it monitors its platform. Not only has the company been forced to do so because its growing market share makes its platforms attractive targets, but we’ve also faced a plague of surveillance-as-a-service companies that have attempted to crack Apple’s code for generally nefarious and repressive purposes.
The New Threat Environment: Dirty and Well Connected
Apple last year sued controversial private surveillance company NSO Group.
When that happened, Ivan Krstić, chief of Apple Security Engineering and Architecture, said the following:
“Our threat intelligence and engineering teams work around the clock to analyze new threats, quickly patch vulnerabilities, and develop industry-leading new protections across our software and silicon. Apple conducts one of the most advanced security engineering activities in the world and we will continue to work tirelessly to protect our users from illegitimate state-sponsored actors such as the NSO Group.”
[Also read: It’s time to secure the Apple enterprise]
A journey in several steps
The company has made numerous security improvements to its platforms in response, including working much more closely with the independent security research communities than before. This appears to have led to earlier identification and healing of some of the vulnerabilities that may have been used by these private armies of digital spies.
The recent release of an emergency security patch for iOS 12 is a prime example of this. Apple says the flaw may have been “actively exploited”. (The company patched the same flaw on more recent iPhones and iPads a few weeks ago. The decision to release a fix for iOS 12 also reflects the magnitude of the threat.)
It is exactly this kind of flaw that is being exploited by these surveillance companies, who are willing to pay millions to buy hacks and attacks. It’s because Apple now knows these enemies that it’s introducing Lock Mode in iOS 16, which is an ultra-secure mode for its devices that does sacrifice some utility for high security.
Macs get smarter protection against malware
But Apple has done one more thing that hasn’t really been noticed until now: it’s making Macs even more security-conscious than ever before by introducing automated self-diagnosis and malware checking that provide a layer of protection that the platform doesn’t really have. had.
“In the past six months, protection against macOS malware has changed more than it has in the past seven years,” explains Howard Oakley. “It’s now completely preemptive, as active as many commercial anti-malware products, provided you’re running Mac Catalina or higher.”
The new protection apparently relies on a new tool/engine called XProtect Remediator in macOS 12.3. This enhances Apple’s existing XProtect malware protection by giving systems the ability to scan and repair detected malware. Scans take place at regular intervals during the day, Oakley says. They deal with a range of trojans, adware, browser hijackers and other threats.
“Should malware find its way onto a Mac, XProtect also includes infection-remedial technology. For example, it includes an engine that repairs infections based on updates automatically provided by Apple (as part of automatic system data file updates and security updates). It also removes malware after receiving updated information, and it continues to periodically check for infections,” and Apple tech note explains.
Apple is building a bigger wall in the poison garden
This means that Apple is introducing a measure of intelligent on-device malware protection for Macs. This intelligent protection can be easily updated with new malware definitions. Basically, it means the company has built an even bigger wall to protect against the toxins lurking outside its PC garden.
We don’t know how much impact these protections have. In a way, that’s the problem with security in general – the value of the armor is not visible until the protection breaks. However, I agree with Oakley, who notes that this kind of intelligent on-device protection represents a level of security awareness that you’d only get until now from using security services.
Apple’s willingness to embrace this at the system level likely reflects an acknowledgment of the need to protect distributed endpoints beyond the standard protections of licensees in a new world of work characterized by an environment of state-sponsored attacks.
We’re also seeing steps to make endpoints — the Macs, iPhones, and iPads we use — more security-conscious elsewhere in the Apple ecosystem. Think of tools like Managed Device Attestation, improvements to Mac MDM, USB Restricted Mode and other tools that are making their way to the platforms. These improvements suggest the extent to which Apple’s security teams relentlessly and determinedly identify and attempt to shut down the many attack vectors used by modern criminals.
The one vulnerability that is most difficult to change is, of course, human error, which remains the weakest link at every level of the chain.
Copyright © 2022 IDG Communications, Inc.