As an avid Apple fanatic, I have always been keen on keeping up with the latest Apple product releases and news. The majority of the time (recently) the bulk of Apple product excitement comes in the fall when the Keynote is released. While the days of Steve Jobs and the unexpected, innovative announcements are behind us, Apple still gives us hope for the latest and greatest once a year. I am lucky enough to have grown up in an era where I was able to test out all the cellular devices as they were released, starting with my parent’s car phone that makes me think back in comic relief about how far we have come. I have experienced a broad range of cellular devices and products. I am still a big fan of slider phones, but the LG Chocolate couldn’t withstand my lack of coordination and succumbed to the newer generation of touch screen devices, which launched me into my obsession with Apple.
When I would younger, I grew up with an MS-DOS clunker of a PC and rarely saw a Mac until high school. Friends that had a Macbook were pretty rare, and usually the nerds of the bunch. Even at that age, I was obsessed with innovation and was curious about the devices that seemed so advanced compared to my dads magnanimous HP. Before the iPhone, I had never experienced an Apple device beyond enviously on looking as a friend utilized their Mac. When I started college, I decided to invest in a Macbook because I liked the hardware and they seemed to have fewer issues with crashing. As a student, I couldn’t fathom having to go through the struggle of a regular PC freezing up during the final pages of a long paper or report and losing all the progress. Luckily for me, I have never had my MacBook freeze up on me more than once in the years I have had it. To me, it was a great investment, and I still stand by that opinion. From a security standpoint, there are a lot of mixed reviews. Standard end users mention that they feel a certain sense of immunity to viruses and malware due to the lack of hearing about them. Since I am in the security field, I know the reason for that is because for hackers and the writers of malicious code are going to go after the bigger target. Why would you spend time writing code to target 10% of the population when you could spend the same amount of time and catch 70-80% (Because Linux is pretty high ranking as well)? So there has been this false sense of security for the common end user, and it is relatively understandable.
Since most of the individuals that I know who use a Mac consider themselves fairly tech savvy, it is surprising that more of them are not adamant about updating. I personally always update for the sake of getting the latest and greatest OS, but once I transitioned into security, it was a clear mission to have the most recent patch so my vulnerabilities aren’t being exploited. So with that in mind, as I combed through the National Vulnerability Database on February 20th, I noticed a significant amount of Apple vulnerabilities that were being announced. When I say a significant amount, I mean there were pages and pages, ranging from low severity all the way to high. If you search back to February 20th on the NVD, you’ll see almost ten pages of vulnerabilities. During this time, I also noticed a bulk of articles discussing MacOS malware that was being discovered. It seems as if the target isn’t just focused on PCs anymore, as hackers are attempting to broaden their reach. While this is no surprise to me, the common end user typically has no idea. Since there is no major iOS update release or MacOS update, I fear that the majority of Mac users are clueless.
How can we ensure that our end users, not just the majority, are aware and installing updates and patches? Ransomware is the top threat this year, and PCs are not the only target. We need to remind our Apple fans out there about the importance of updates and to follow the news on cyber security trends. From what I have noticed during this time, there haven’t been any updates released following the NVD findings, but a lot of the vulnerabilities are in older versions, which is why I am always a huge proponent of updating. While I may be preaching to the choir with a lot of my fellow security folk, we have to be mindful of our responsibility to encourage our non-security minded individuals about the importance of regularly checking for and installing updates.
