“I bought a Mac, because it’s safer than a PC.”
“I always surf the web with my iPhone, because I know it can’t get infected.”
“I got a virus on my first PC, so now I only use Apple products.”
Sound familiar?
Too often, the rhetoric around the Mac vs. PC debate focuses on Apple’s presumed invincibility to cybercrime. Many people believe (a belief that is bolstered by Apple’s marketing of “security by design”) that unlike Windows devices, Apple products are immune to cyber threats.
This logic is deeply flawed. Apple products can and do get hacked. People who believe their devices are unhackable are most at risk of falling to a cybercriminal. A false sense of security could blind people to the threats out there.
In this article, we’ll explore the myth of Apple’s immunity to viruses and outline a few recent threats Mac users should be on the lookout for.
The relative global unpopularity of Apple devices is likely a large contributor to the myth that they’re virus-proof. Worldwide, Android is far and away the most popular operating system. Seventy-two percent of global mobile devices run off Android. Apple iOS is in a far-away second place at 27%.1
Cybercriminals are busy people just like the rest of us and want to get the most reach for their nefarious efforts. That’s why they design most viruses to attack Android systems: Because there are more possible targets to infect and propagate their illegal bugs.
While Apple’s security systems are certainly robust, security is also a priority for every other mobile device and computing system out there. On your cellphone, tablet, or laptop, does it seem like you’re always getting alerts to update the software? In many cases, software updates are made in response to stop newly discovered threats that have or could possibly sneak through gaps in their current security protocols. No technology company wants to leave its users vulnerable to cybercriminals nor do leaders want their company in headlines for the wrong reasons. As long as you keep your devices up to date and follow a few digital safety best practices, you should be protected against many threats regardless of whether you have an Apple or Android operating system.
To further illustrate that Mac users should be just as careful online as everyone else, here are a few viruses that’ve broken through Apple’s excellent security lately.
Every villain necessitates a hero, and these recent Apple viruses underscore the importance of threat research and responsible vulnerability disclosure. Vulnerability disclosure refers to a company’s obligation to tell the public about their security flaws.
Cybercriminals are getting faster and smarter every day. The collective power of a global community of researchers collaborating to identify and disclose critical vulnerabilities is an important step in eliminating these types of malicious campaigns. Equally as important is dissecting attacks in their aftermath to expose unique and interesting characteristics and empowering defenders and developers to mitigate these threats in the future.
The common theme among these Apple viruses is that people let their guard down and visited risky sites that were best left alone. Make sure to stick to safe downloading practices and avoid “free” versions of TV shows, movies, video games, and expensive software. While you don’t have to pull out your wallet, you may have to pay for these “free” downloads by replacing infected devices or restoring your compromised online security.
To protect all your devices (including your Apple products) from viruses, consider investing in McAfee+ Ultimate. McAfee+ Ultimate includes antivirus for all your devices, unlimited VPN, and web protection to alert you to risky sites. Plus, if you’re ever unsure of the safety of your identity or your online privacy, McAfee lets you scan and remove your information from the dark web. Finally, the top-notch monitoring services allow you to go about your digital life confidently.
1Statcounter, “Mobile Operating System Market Share Worldwide”
2Bleeping Computer, “Pirated Final Cut Pro infects your Mac with cryptomining malware”
3MacPaw, “How to protect your Mac against oRAT malware”
The post Can Your Apple Devices Get Hacked? appeared first on McAfee Blog.
s3-ep124-auth--1200
Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week’s Patch Tuesday.
The security updates include patches for Azure, Microsoft Edge, Office, SharePoint Server, SysInternals, and the .NET framework. Six of the update bundles earned Microsoft’s most dire “critical” rating, meaning they fix vulnerabilities that malware or malcontents can use to remotely commandeer an unpatched Windows system — with little to no interaction on the part of the user.
The bug already seeing exploitation is CVE-2022-44698, which allows attackers to bypass the Windows SmartScreen security feature. The vulnerability allows attackers to craft documents that won’t get tagged with Microsoft’s “Mark of the Web,” despite being downloaded from untrusted sites.
“This means no Protected View for Microsoft Office documents, making it easier to get users to do sketchy things like execute malicious macros, said Greg Wiseman, product manager at security firm Rapid7. This is the second Mark of the Web flaw Microsoft has patched in as many months; both were first publicly detailed over the past two months on Twitter by security researcher Will Dormann.
Publicly disclosed (but not actively exploited for now) is CVE-2022-44710, which is an elevation of privilege flaw in the DirectX graphics component of Windows 11.
Another notable critical bug is CVE-2022-41076, a remote code execution flaw in PowerShell — a key component of Windows that makes it easier to automate system tasks and configurations.
Kevin Breen at Immersive Labs said while Microsoft doesn’t share much detail about CVE-2022-41076 apart from the designation ‘Exploitation More Likely,’ they also note that successful exploitation requires an attacker to take additional actions to prepare the target environment.
“What actions are required is not clear; however, we do know that exploitation requires an authenticated user level of access,” Breen said. “This combination suggests that the exploit requires a social engineering element, and would likely be seen in initial infections using attacks like MalDocs or LNK files.”
Speaking of malicious documents, Trend Micro’s Zero Day Initiative highlights CVE-2022-44713, a spoofing vulnerability in Outlook for Mac.
“We don’t often highlight spoofing bugs, but anytime you’re dealing with a spoofing bug in an e-mail client, you should take notice,” ZDI’s Dustin Childs wrote. “This vulnerability could allow an attacker to appear as a trusted user when they should not be. Now combine this with the SmartScreen Mark of the Web bypass and it’s not hard to come up with a scenario where you receive an e-mail that appears to be from your boss with an attachment entitled “Executive_Compensation.xlsx”. There aren’t many who wouldn’t open that file in that scenario.”
Microsoft also released guidance on reports that certain software drivers certified by Microsoft’s Windows Hardware Developer Program were being used maliciously in post-exploitation activity.
Three different companies reported evidence that malicious hackers were using these signed malicious driver files to lay the groundwork for ransomware deployment inside victim organizations. One of those companies, Sophos, published a blog post Tuesday detailing how the activity was tied to the Russian ransomware group Cuba, which has extorted an estimated $60 million from victims since 2019.
Of course, not all scary and pressing security threats are Microsoft-based. Also on Tuesday, Apple released a bevy of security updates to iOS, iPadOS, macOS, tvOS and Safari, including a patch for a newly discovered zero-day vulnerability that could lead to remote code execution.
Anyone responsible for maintaining Fortinet or Citrix remote access products probably needs to update, as both are dealing with active attacks on just-patched flaws.
For a closer look at the patches released by Microsoft today (indexed by severity and other metrics) check out the always-useful Patch Tuesday roundup from the SANS Internet Storm Center. And it’s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: AskWoody.com usually has the lowdown on any patches that may be causing problems for Windows users.
As always, please consider backing up your system or at least your important documents and data before applying system updates. And if you run into any problems with these updates, please drop a note about it here in the comments.