The Apple security landscape: Moving into the world of enterprise risk

Apple’s devices aren’t immune to hacking, but for years, they seemed to be. While other vendors like Microsoft faced the brunt of complex exploits targeting the enterprise market, macOS and iOS didn’t face the same level of pressure as a consumer-focused vendor. 

Yet, this appears to be changing. During the height of the COVID-19 pandemic, Atlas VPN reported that Apple’s product vulnerabilities increased by 467% in the second half of 2021 to 380 exploits. 

Likewise, this year alone, there have been 8 publicly disclosed zero-day vulnerabilities used in attacks on iPhone and Mac devices. The most recent, CVE-2022-32917, enables an attacker to run malicious code on a user’s device with kernel privileges. 

While no vendor is immune to vulnerabilities, Apple devices are becoming a bigger target for cybercriminals to exploit, particularly as they enter enterprise environments. 

How the threat landscape is shifting for Apple 

The increase in vulnerabilities during the COVID-19 pandemic is notable because it took place around the same time that Apple devices began to see greater adoption in enterprise networks. 

That same year in 2021, IDC found that the average penetration of macOS devices in enterprises of 1,000 or more employees had increased to 23% compared to 17% in 2019. This came as organizations embraced remote working and enabled employees to use personal devices to work from home. 

It’s important to note that this increase also occurred shortly after the November 2020 release of the Apple M1 Chip — Apple’s first computer chip designed in-house that offers high-bandwidth and low latency — set an all-time Mac revenue record of $9.1 billion in Q2 2021. 

In any case, the increase in enterprise adoption has changed the threat landscape for Apple, and has made the vendor a bigger target for threat actors who see these devices as a potential entry point to gain access to protected information. 

“Attackers go to where their targets are, which will lead them to Apple,” said Jeff Pollard, vice president and principal analyst at Forrester. “As more enterprise users adopt Apple hardware and services, attackers will follow that trend and react accordingly. Apple software and hardware will continue [to] face attacks that become more frequent — and innovative — over time as adoption rates increase. It’s one of the side effects of high adoption rates.”

With the Apple M2 chip recently unveiled at Apple’s WWDC 2022 conference on June 6th, it’s likely that enterprise interest in the vendor’s solutions will increase. 

So, what’s the risk? 

At this stage, while the exploitation of Apple devices is increasing, the level of risk isn’t necessarily higher than any other software vendor. The number of zero-day vulnerabilities emerging from Apple has increased, but it’s still far below that of Microsoft. 

According to the CISA known vulnerabilities catalog, Microsoft has 242 known exploited vulnerabilities since the beginning of 2022, compared to Apple’s 50, and Google’s 43. 

Although this is to be expected, given Microsoft’s history as the most dominant enterprise vendor on the market, with threat actors working round the clock to target and exploit products in the Microsoft ecosystem.

Yet, Apple has also had to deal with the fallout of MIT researchers discovering an unpatchable vulnerability in the Apple M1 Chip, known as PACMAN. The exploit enables a hacker to perform a novel hardware attack to disable an Apple M1 chip’s pointer authentication mechanism to prevent it from detecting software bug attacks.

The severity of this vulnerability is debatable, with no attacks recorded using the vulnerability, and Apple has stated that, “this issue does not pose an immediate risk to our users and is insufficient to bypass operating security protections on its own.” 

More broadly, there is research to suggest that Macs do have inherent security resilience. 

After being commissioned by Apple in 2019, Forrester conducted an online survey of 351 security leaders from enterprises across the U.S., the U.K., Canada, Germany and Australia to assess the total economic impact of deploying Macs in the workplace. The survey found that Mac deployment may actually increase security. 

One of the key findings of the report was that the risk of a data breach was reduced by 50% per deployed Mac. During the survey, interviewees cited built-in security features like automatic data encryption, antimalware capabilities, and ease of enrollment into mobile device management (MDM) technology to help maintain their security posture. 

Likewise, the organization is aiming to harden its resilience with new security features in iOS 16, offering users passwordless authentication options in the form of Passkeys to protect against credential theft, as well as Lockdown Mode, a new security feature that’s designed to provide “specialized additional protection to users who may be at risk of highly targeted cyberattacks.” 

Lockdown Mode makes it so message attachment types and FaceTime calls are blocked, and disables link previews, complex web browsing technologies like just-in-time (JIT) JavaScript compilation, and wired connections (when the iPhone is locked). 

The real risk: Personal devices and remote working 

The main risk around these devices lies in the fact that they are often used as personal devices. 

Parallels research shows that, out of the organizations that do allow Mac devices in the workplace, 26.3% do so as part of a bring-your-own-device (BYOD) policy, while 29.4% do as part of a choose-your-own-device (CYOD) policy. This means there is a clear lack of integration with the organization’s wider endpoint management strategy. 

Such devices aren’t maintained directly by security teams who can take responsibility for patching and managing them, but by employees, who organizations have to trust to download the latest patches and maintain security-conscious behaviors. 

As a result, security leaders need to recognize that the uptick in the exploitation of Apple devices should be mitigated with robust controls on what personal devices are permitted in the workplace, and what resources they’re permitted to access. Failure to do so will increase the risk substantially. 

A Malwarebytes survey found that 20% of organizations faced a security breach as a result of a remote worker; there is a high likelihood that potential entry points can and will be exploited. 

Mitigating risks to Apple personal devices 

In general, enterprises can mitigate threats to devices by turning on automatic updates and ensuring that devices remain patched and up-to-date. The challenge is guaranteeing that employees are installing these patches. 

As a result, enterprises need to define clear policies on the usage of personal devices. While banning personal devices completely is impractical with so many employees working from home, there must be clear boundaries defined on the type of data assets and resources that employees can access. 

For employees using work devices from home, mobile device management (MDM) solutions like Jamf and Microsoft Intune can help security teams manage multiple Apple devices from a single location to ensure that each system is patched and not left susceptible to compromise. 

“Device management is really the first step in building a layered defense to protect mobile workers and the sensitive business data they access while on the go,” said Michael Covington, vice president of portfolio strategy at Jamf. “MDM solutions can help ensure devices are configured securely, that they’re running the most up-to-date operating system and have the latest security patches, while also configuring secure Wi-Fi settings and password requirements.”

Covington also notes that these tools can be used to install endpoint security solutions to remote devices, and provide a policy enforcement point for taking actions to mitigate threats, such as quarantining compromised devices. 

Originally appeared on: TheSpuzz