PWSHub News

Apple is ramping up its fight against malware

About |

Appleholic, (noun), æp·əl-hɑl·ɪk: An imaginative person who thinks about what Apple is doing, why and where it is going. Delivering popular Apple-related news, advice and entertainment since 1999.

Apple is updating fundamental Mac protection at a higher release cadence than ever before.

Ensuring platform security is hard, but when a company the stature of Apple begins to ramp up protection of its ecosystem, every IT decision maker should pay attention. Unfortunately, this is precisely what's happening: Apple is now updating fundamental protection at a faster clip than it's ever done before.

Apple’s security teams are alert

That important revelation comes from Howard Oakley at the excellent Eclectic Light Company blog. He notes that in the six weeks ending Feb. 9 Apple, has updated a Mac security feature called XProtect five times — introducing 11 new rules to the service.

The entire report is worth a read, but one paragraph in particular stands out and should be seen as a warning to everyone in tech.

“Apple’s security engineers appear to be in the midst of a campaign against a combination of agile, sophisticated, and recent attacks. Adload, Genieo and Pirrit have long histories of evading static detection, and this is perhaps the first time that they have been put under such pressure. Apple must be playing the long game, in the hope that the three won’t be able to sustain the pace.”

Those rules within XProtect aim to protect against a dizzying array of malware families. The report explains that three of these families are new and sophisticated.

Don’t be alarmed. Do be aware

Without wanting to create undue alarm, the frequency of updates strongly suggests Apple is aware of new attacks and that its security teams are hustling to protect users.

This also hints that tech decision makers (and everyone is a tech decision maker if they use tech at all) should do anything necessary to ensure that their own perimeter and edge security is agile and robust.

In the current complex-threat environment, everyone should ramp up their security awareness. Apple users in the EU should be particularly alert, given Apple will soon be forced to reduce security on app purchasing there.

The move reflects awareness at the top of the tech industry tree. Who else recalls when Apple CEO Tim Cook in 2016 warned that hacking is getting more sophisticated?

What is XProtect?

XProtect is an important part of Mac security. It’s built-in antivirus tech that tries to identify and remove some types of malware by using YARA signatures, which the company describes as “a tool to conduct signature-based detection of malware.”

The software runs in the background each time an app is launched, an app's file system is changed, or XProtect signatures are updated. If it detects any known malware, it will prevent the app from launching on a Mac. XProtect also includes technology to remediate infections once they are identified, even if already installed.

Apple’s own guidance states that XProtect, “includes an engine that remediates infections based on updates automatically delivered from Apple (as part of automatic updates of system data files and security updates). It also removes malware upon receiving updated information, and it continues to periodically check for infections. XProtect doesn’t automatically reboot the Mac.”

For most users, the only direct experience of XProtect is when they try to install software sourced from outside the highly secure Apple App Store.

Like Rapid Security Responses, XProtect is something Apple can update in the background. But the cadence of updates suggests Mac users should make sure they update their system software frequently, too.

Is your Mac updating XProtect? (It should)

To ensure your Mac is installing these XProtect updates, follow these steps:

  • In macOS Ventura or later, open System Settings>General, open Software Update and click the info button beside Automatic Updates. “Install Security Responses and system files” should be turned on.
  • In earlier versions of macOS, open Software Update in System Preferences. Click Advanced and ensure that "Install system data files and security updates" is on.

Personal protection self-service

Oakley’s report signs off with excellent advice for every Mac user to help them reduce their exposure to risk — that includes ensuring XProtect is active and that you are running the latest available system software.

He also advises that Mac users should never use torrented, cracked, or fake software, and that if they don’t trust the security and authenticity of any third-party software they should delete it. The author also strongly advises against crypto-related apps, warning that these can be high risk.

This is all common sense stuff, of course.

Logically, good security practice also extends to the other common-sense risk-avoidance techniques: avoid clicking links you don’t trust, don’t open messages you don’t recognize, update system software frequently, never use the same password twice, and so forth.

A regular virus check and investment in additional security protections, including use of Lockdown Mode if you are a potential target, also make sense.

Time to act

If you are running a business and you aren’t yet confident in your current security protection, you cannot simply rely on Apple’s platform protection. If Apple is ramping up protection on a platform basis, you should see this as a strong sign that you absolutely must bolster your own fleet/device/infrastructure protection as well.

Think of the extent to which technology is used across your business and consider the protection available to each of your connected — or connectable — systems. You don’t want to join the growing list of silent victims of successful exploits, exfiltration, ransomware, and attack. And you should also insist your partners and suppliers are equally serious when it comes to security.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Jonny is a freelance writer who has been writing (mainly about Apple and technology) since 1999.

Copyright © 2024 IDG Communications, Inc.


Related stories
2 weeks ago - Apple, one of the world’s most secretive companies, quietly ramps up testing of its self-driving car division as other companies face sharp public scrutiny.
2 weeks ago - It's already been a busy year for smartphone launches thanks to the arrival of Samsung's Galaxy S24 lineup, the OnePlus 12 and 12R, and Oppo's Find...
5 days ago - Useful quantum computers aren’t a reality—yet. But in one of the biggest deployments of post-quantum encryption so far, Apple is bringing the technology to iMessage.
1 week ago - Apple (AAPL) is working on a new artificial intelligence tool to help app developers work more efficiently, according to a report from Bloomberg. The tool would help Apple take on rival tech giant Microsoft (MSFT), which has its own...
Other stories
1 minute ago - A known insider has revealed that Sony Interactive Entertainment recently began sharing PS5 Pro specs more widely within the industry. One “midsize third-party publisher” claims to have recently received a presentation on the upgraded...
1 minute ago - Supermassive Games, the developer behind Until Dawn, The Quarry, and the upcoming Little Nightmares III, is laying off roughly 90 employees, according to a new report from Bloomberg. The publication reports that 150 staff members at the...
31 minutes ago - ENDER LILIES: Quietus of the Knights sequel ENDER MAGNOLIA: Bloom in the Mist will launch in Early Access for PC via Steam on March 25, followed by a full release across PlayStation 5, Xbox Series,…
31 minutes ago - Netflix is severing ties with Apple’s App Store billing system for good. Netflix stopped allowing new and rejoining subscribers to...
43 minutes ago - China's Ministry of Industry and Information Technology has warned local netizens that fake wallet apps for the nation's central bank digital currency (CBDC) are already circulating and being abused by scammers. The digital renminbi –...
1 hour ago - The European Commission is considering investigating Apple's move to disable Home Screen web apps in the EU, the Financial Times reports. ...