When Craig Federighi, Apple’s senior vice president of software engineering last year said, “We have a level of malware on the Mac that we don’t find acceptable,” he apparently really meant it. And Apple seems to be doing about something about it.
Apple is giant taking steps to secure the Mac
Federighi characterized Apple as being in an enduring battle against malware on the Mac. He also explained that between May 2020 and May 2021 the company identified 130 types of Mac malware that infected 300,000 systems.
Given the Mac’s reputation for security, that may seem counter intuitive, but maintaining a secure platform requires constant watchfulness.
We know Apple has intensified the degree to which it monitors its platform in recent years. Not only has the company been forced to do so as its growing market share makes its platforms attractive targets, but we’ve also experienced a scourge of "surveillance-as-a-service" businesses that have been attempting to crack Apple’s code for generally nefarious and repressive purposes.
The new threat environment: Nasty and well-connected
Apple last year sued controversial private surveillance company NSO Group.
When it did, the company’s head of Apple Security Engineering and Architecture, Ivan Krstić, said:
“Our threat intelligence and engineering teams work around the clock to analyse new threats, rapidly patch vulnerabilities, and develop industry-leading new protections in our software and silicon. Apple runs one of the most sophisticated security engineering operations in the world, and we will continue to work tirelessly to protect our users from abusive state-sponsored actors like NSO Group.”
[Also read: It’s time to secure the Apple enterprise]
A journey in multiple strides
The company has made numerous security improvements to its platforms in response, including working far more closely with the independent security research communities than it has done before. This seems to have led to earlier identification and cures for some of the vulnerabilities that may have been used by these private armies of digital spies.
The recent publication of an emergency security patch for iOS 12 is a case in point. Apple says the flaw may have been “actively exploited.” (The company fixed the same flaw on more recent iPhones and iPads a few weeks ago. The decision to release a fix for iOS 12 also reflects the scale of the threat.)
It's precisely this kind of flaw that's being abused by these surveillance companies, which are prepared to pay millions to purchase hacks and attacks. It’s because Apple now knows these enemies it is introducing Lockdown Mode in iOS 16, which is an ultra-secure mode for its devices which does sacrifices some utility for high security.
Macs gain smarter malware protection
But Apple has also done one more thing that hasn’t really been noticed until now: It is making Macs even more security conscious than ever before, introducing automated self-diagnosis and malware checking that provides a layer of protection the platform hasn’t really had.
“In the last six months, macOS malware protection has changed more than it did over the previous seven years,” explained Howard Oakley. “It has now gone fully pre-emptive, as active as many commercial anti-malware products, provided that your Mac is running Catalina or later.”
The new protection apparently relies on a new tool/engine called XProtect Remediator in macOS 12.3. This enhances Apple’s existing XProtect malware protection by giving systems the ability to both scan for and remediate detected malware. Scans take place at frequent intervals during the day, Oakley says. They address a range of trojans, adware, browser hijackers and other threats.
“Should malware make its way onto a Mac, XProtect also includes technology to remediate infections. For example, it includes an engine that remediates infections based on updates automatically delivered from Apple (as part of automatic updates of system data files and security updates). It also removes malware upon receiving updated information, and it continues to periodically check for infections,” an Apple tech note explains.
Apple is building a bigger wall in the poison garden
What this means is that Apple is introducing a degree of on-device intelligent malware protection to Macs. This intelligent protection can easily be updated with new malware definitions. In sum, it means the company has built an even bigger wall to protect against the poisons that lurk outside its PC garden.
We can’t know how much impact these protections deliver. In a sense, that’s the problem with security in general — the value of the armor isn’t visible until protection breaks. However, I’m inclined to agree with Oakley who notes that this kind of intelligent, on-device protection represents a degree of security awareness you’d only gain through use of security services until now.
That Apple is prepared to embrace this on a system level likely reflects recognition of of the need to protect distributed endpoints outside standard permiter security protections in a new world of work characterized by an environment of state-sponsored attack.
We’re also seeing moves to make endpoints — the Macs, iPhones and iPads we use — more security aware elsewhere across the Apple ecosystem. Consider tools like Managed Device Attestation, improvements to Mac MDM, USB Restricted Mode and other tools making their way to the platforms. These improvements suggest the extent to which Apple’s security teams are ruthlessly and determinedly identifying and attempting to close the many attack vectors used by modern criminals.
The one vulnerability that is hardest to change, of course, is human error, which remains the weakest link at any level of the chain.
Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.