A growing number of attackers have begun to target Apple operating systems, with the amount of infections and new malware threats increasing over the past two years. The number of new Mac OS X threats rose by 15 percent in 2014, while the number of iOS threats discovered this year has more than doubled, from three in 2014 to seven in 2015. Jailbroken devices are the focus of the majority of threats and, of the 13 iOS threats documented by Symantec to date, nine can only infect jailbroken devices.
While the total number of threats targeting Apple devices remains quite low compared to Windows in the desktop space and Android in the mobile sector, Apple users cannot be complacent. Should Apple platforms continue to increase in popularity, the number of cybersecurity threats facing Apple users will likely grow in parallel.
As outlined in the newly published Symantec whitepaper, the range of threats affecting Apple devices has multiplied. These threats span from ordinary cybercrime gangs branching out and porting their threats to Apple platforms, right up to high level attacker groups developing custom Mac OS X and iOS malware. Examples of the latter include the Butterfly corporate espionage group infecting OS X computers in targeted organizations and the Operation Pawnstorm APT group creating malware capable of infecting iOS devices.
A spike in Mac OS X threats
The number of new Mac OS X threats emerging is increasing year-on-year, rising by 15 percent in 2014. This followed an increase of 44 percent in 2013 and an increase of 29 percent in 2012.
Figure 1. Number of new OS X threats documented by Symantec by year
In tandem with this rise, the number of Mac computers hit by malware infections has increased enormously over the past year. The number of unique OS X computers infected with malware in the first nine months of 2015 alone was seven times higher than in all of 2014.
Figure 2. Malware infections on unique computers running OS X from January 2014
While the number of infections on OS X computers has increased dramatically over the past year, a significant amount of this spike has been accounted for by grayware, such as adware, potentially unwanted or misleading applications.
While these grayware infections accounted for much of the surge in infections between June 2014 and March 2015, recent months have seen a significant uptick in infections involving other forms of malware.
Figure 3. While malware threats are less prevalent, their infections can be more damaging.
Jailbreaking greatly increases risk of iOS malware
The number of iOS malware threats discovered to date remains quite small, although it is beginning to increase, with seven new threats discovered in 2015, up from the previous high of three in 2014.
Figure 4. Number of new iOS threats documented by Symantec by year
Attackers targeting the operating system need to find a way to install malware on a device, which can represent a significant hurdle. Many threats are installed when the target connects their device to a compromised desktop computer. Jailbroken devices present more opportunities for compromise and many threats are designed to take advantage of jailbroken phones. Of the 13 iOS threats documented by Symantec to date, nine can only infect jailbroken devices .
Figure 5. Jailbroken devices present more opportunities for compromise
Vulnerabilities
The overall number of new Mac OS X vulnerabilities emerging has remained relatively steady in recent years, at a rate of between 39 and 70 per year. In most years, the number of new Mac OS X vulnerabilities has been lower than the number of Windows vulnerabilities found. The greater numbers of Windows vulnerabilities may be reflective of the larger market share that the Microsoft operating system enjoys, prompting a greater level of scrutiny from attackers and security researchers.
Meanwhile, the amount of iOS vulnerabilities being found annually has trended upwards over the past four years. Between 2011 and 2014, the amount of vulnerabilities affecting iOS has exceeded those that were documented for its main competitor, Google’s Android. That trend has reversed in 2015 as new Android vulnerabilities have outpaced iOS.
However, security researchers have begun to focus on vulnerabilities in Apple software and have uncovered a number of high-profile flaws in the last year. Zero-day brokers have begun offering bounties for Apple vulnerabilities, with US$1 million paid recently for a jailbreak of iOS 9.1. This is sure to add more impetus to researchers who are interested in looking at Apple systems for vulnerabilities.
Conclusion
Although still small in terms of overall numbers, the number of new OS X and iOS threats discovered annually has been trending upwards over the past five years. Given this trend, Apple users cannot be complacent about security. Awareness of common threats combined with properly securing Apple devices should minimize the risk of infection.
Mitigation
- Use a robust security suite and keep it updated.
- Keep your operating system and all other software up-to-date. Software updates frequently include patches to newly discovered security vulnerabilities that could be exploited by attackers.
- If you are considering jailbreaking an iOS device, exercise caution and educate yourself on the risks you may be exposed to. The majority of iOS threats target jailbroken devices and unofficial app stores are more likely to host Trojanized apps.
- Only install software from reputable sources. Some third-party OS X app stores have been found to host Trojanized software. Grayware, such as adware, and potentially unwanted or misleading applications are often bundled with installers for other applications.
- Delete any suspicious-looking emails you receive, especially if they include links and/or attachments. Don’t even open them, just delete them. If they purport to come from legitimate organizations, verify with the organization in question first.