Latest news with #PatrickWardle
Tom's Guide
11-05-2025
- Tom's Guide
Mac users once skipped antivirus software — here's why that's no longer a good idea
Though it's often thought that Apple users with a Mac are exempt from worrying about viruses and malware, that isn't the case anymore and these days, more and more malware is being developed specifically for macOS. According to a blog post from security researcher Patrick Wardle who specialized in Apple products, there were 22 new Mac malware families in 2024 – up from 13 in 2022. Even without the surge of new malware being developed for Apple's operating system, much of the viruses and scams that are designed to infect Macs rely on user error, like phishing, cryptojacking or USB jacking. There are ways to protect yourself against those threats too, but they rely on, well, you. Here's a rundown of what security features are included in Apple's ecosystem, as well as what you can do to stay informed and alert on your end. XProtect runs in the background automatically without interrupting anything that you're doing, and you won't need to configure it or touch it much at all if ever really. It's basically a scanning tool that helps your system continuously check apps against a reference list of malicious and infected programs. If you attempt to open one that XProtect identifies as being on that list, it will tell you what kind of malware it is and give you a pop-up warning with details. If that happens, you should delete the file, though this won't provide you with complete protection. XProtect is considered basic protection, with the benefit of it being written directly into the operating system which keeps it from bogging down system performance. But because the updates to XProtect are vital to keeping its list relevant, and effective in protecting your system, it's essential that you keep your Mac up to date to keep it protected. Unfortunately though, unlike with Windows Defender on PC, you can't tweak its settings or run a manual malware scan. Gatekeeper, also automatic, is designed to block any software that is "unsigned" which means the developer hasn't been approved or verified by Apple. The company is notoriously strict about the software it approves, and though it is not unheard of for malware to sneak through, this is extremely rare. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. The Gatekeeper program checks for malicious software every time you run an app, and if you try to open something that is unsigned you'll get a warning message to notify you that the program is from an unidentified developer. Gatekeeper can be configured to only allow you to install programs from verified developers (as well as the App Store). You may be familiar with sandboxing from iOS, as it is also used there, but the concept carries over into macOS as well: Apps are isolated from the operating system and other apps in a way that keeps them from making any changes without prior permission. This means that, hypothetically, even if you were to download an infected app it couldn't spread to other apps or areas of your computer. However, there are various flaws known to sandboxing – such as, users are frequently asked permission to use the camera or microphone and don't think deeply upon giving this approval to apps. Additionally, Mac apps that are not sold on the App Store do not have to be sandboxed. Lockdown mode is a pretty straightforward feature, and was more recently introduced in order to combat cyberattacks. If you toggle the feature on to activate it, all your Apple devices are protected and threat actors will (theoretically) be prevented from stealing your data. The setting limits a variety of apps like Messages, Safari, FaceTime and Apple services from full functionality. Once you've regained control of your devices, it can be disabled and you can restart your device to enable normal functions. There are a variety of protections in place for Apple's Safari web browser from phishing prevention and anti-tracking technology. If you visit a fraudulent website, Safari will disable the page and show an alert. It also provides a Privacy Report that gives users information on the cross-trackers that Apple has prevented and allows users to keep advertisers from tracking them on the web. Other Safari features include alerts that inform users of weak passwords when they're creating accounts online, and Private Browsing which keeps others from viewing your screen when you're not around and stops trackers from using tracking codes and recording data about you online. As we mentioned, Apple will warn you if you try to create a weak password, but ecosystem will also alert you if you have reused a password, if your password has appeared in a leak, or if your password is easy to hack. And with the recent transition to Passkeys, more secure methods are being used more frequently in addition to the increased use of the iCloud Keychain password manager across all devices. There's a dedicated app to manage passwords, and one password to unlock all others as well as an option to set up verification codes instead of using an authentication app. So, with all of those features (and more) do you still need a third-party option on your Mac? Well, the answer to that depends on what kind of device you have, what version of the software you're running and how you're using your device. Apple offers a lot of well integrated features to keep users protected, and a third-party solution may provide you with an added layer of security. For instance, you might need a VPN or parental control software too. Third-party options like Bitdefender or Intego can scan your machine for malware, but can also back up files, provide dark web monitoring or identity theft coverage, cloud storage and more. Some of these features can extend to your mobile devices as well, so depending on what your needs are, it may be well worth an additional subscription fee to include a third-party software in your Mac security arsenal while also relying on Apple's built-in protection. However, that doesn't let you off the hook. Given that much of the malware that's developed for macOS is intended to prey on user error, you still need to watch your own online habits and make sure you're well informed. Whether or not you opt to install a third-party solution, you need to know and practice good security habits to stay safe. Phishing is one of the main ways that threat actors look to prey on Mac users, so make sure you know the signs: Don't click on or download anything from someone you don't know or are not expecting. When in doubt, ask the sender through an independent channel about a particular message or file they've sent over. Also, be suspicious of anyone who is trying to pressure you to do something with a sense of urgency or immediacy. Update your software as soon as new patches become available. Your Mac's built-in security features rely on those updates to keep you safe and hackers love to exploit any holes left by old or outdated software. Also, don't install apps from unknown sources, and don't plug your device into power chargers in public spaces or put unknown USB flash drives into your machine. Likewise, you want to avoid connecting to public Wi-Fi unless you're using a VPN. With this bit of background knowledge in hand and taking some proactive steps, you can keep both your Mac and the sensitive personal and financial data it contains safe from hackers and cyberattacks.
Express Tribune
03-05-2025
- Express Tribune
Apple's AirPlay vulnerability "AirBorne" risks iPhones, Macs, and more
Listen to article Apple's popular AirPlay feature, which allows seamless streaming of music, photos, and videos between devices, has been flagged for a serious vulnerability, putting millions of users at risk. The flaw, identified by cybersecurity researchers as "AirBorne," could allow hackers to infiltrate iPhones, iPads, Macs, and third-party devices connected to the same Wi-Fi network, particularly in public places such as airports and coffee shops. AirPlay, which enables wireless sharing between Apple devices and compatible third-party products, now presents a significant security risk. Researchers at Oligo Security have uncovered 23 vulnerabilities within AirPlay's software, with two particularly alarming flaws allowing cybercriminals to deploy malware, intercept personal data, and even eavesdrop on private conversations. The AirBorne flaw affects not only Apple devices but also third-party gadgets like smart TVs, set-top boxes, and Bluetooth speakers that support AirPlay. While Apple released security updates for its devices in March 2025, third-party products often lag behind with updates, leaving millions of devices still exposed. Experts warn that hackers can exploit these vulnerabilities to execute malicious code, steal sensitive information, and cause device malfunctions. Cybersecurity expert Patrick Wardle pointed out that the lack of timely updates from third-party manufacturers could undermine user trust in Apple's ecosystem, as vulnerabilities remain unpatched in devices beyond Apple's control. To mitigate the risks posed by the AirPlay flaw, users are advised to take immediate action: Update all Apple devices to the latest software, including iPhones, iPads, and Macs. Update third-party devices like smart TVs and Bluetooth speakers to ensure they are patched with the latest security fixes. Disable AirPlay when not in use, especially on public or unsecured Wi-Fi networks. Be cautious of idle devices, which may still serve as entry points for hackers. Apple has already addressed the vulnerability in its iOS 18.4.1 update, which was released last month. To update your Apple device, simply navigate to Settings > General > Software Update and tap Update Now. With millions of devices still vulnerable to the flaw, experts stress the importance of securing not only Apple products but also the third-party devices that use AirPlay. As the threat persists, users are encouraged to remain vigilant and take proactive steps to safeguard their privacy and data.
