A recent lawsuit involving Epic Games and Apple brought some interesting and candid words about Mac to the public domain. During the trial, Apple’s own Senior VP of Engineering, Craig Federighi asserted in court that the level of malware on macOS is not acceptable. He recounted how even his family members have encountered malware on macOS.
Via the lawsuit and trial, Epic Games, developer of popular video games including Fortnite, is seeking to force Apple to scuttle mandatory in-app purchases and allow App Store competitors to distribute iOS apps. Currently on iOS, users cannot download applications outside of the App Store (otherwise known as “sideloading”). Apple takes a cut of all purchases made via the App Store. Epic Games was kicked out of the App Store for trying to circumvent these conditions last year.
While a ruling on the lawsuit is not expected for several months, some questioning and exchanges from the trial are already spurring some provocative titles, such as “Apple wants users to trust iOS, but it doesn’t trust iOS users,” from the Verge.
Here’s one telling excerpt from the trial:
Judge Rogers: “There are multiple stores on the Mac. So, if that [users able to download applications on macOS outside of the app store] can happen on the Mac, why should we not allow the same stores to exist on the phone?”
Craig Federighi: ”Yeah, it’s certainly how we’ve done it on the Mac and it’s regularly exploited on the Mac. iOS has established a dramatically higher bar for customer protection. The Mac is not meeting that bar today. And that’s despite the fact that Mac users inherently download less software and are subject to a way less economically motivated attacker base. If you took Mac security techniques and applied them to the iOS ecosystem, with all those devices, all that value, it would get run over to a degree dramatically worse than is already happening on the Mac. And as I say, today, we have a level of malware on the Mac that we don’t find acceptable and is much worse than iOS. Put that same situation in place for iOS and it would be a very bad situation for our customers.”
Unlike on the iOS, sideloading is allowed on macOS. From Federighi’s statement above and other remarks made during the trial, the implication is that macOS is inherently a less safe environment since sideloading is allowed. However, this perspective on safety has far less to do with the fact that malware is on the rise or at a dangerous level for macOS and more to do with Apple’s view on what can and can’t be downloaded on a machine. In essence, Apple expects Mac users to be more security savvy than iOS users. In other words, iPhone users require more protection from themselves. However, we all know that blanket generalization of Mac users versus iPhone users is often not true.
What’s most important to recognize is that malware aimed at macOS endpoints and users does exist and, while we wait to see how Apple intends to lessen the threat, Mac estate admins must ensure workers have a safe environment to work in, while maintaining productivity. To ensure these goals are accomplished, privilege management should be implemented as a foundational part of the security strategy.
BeyondTrust Privilege Management for Mac ensures organizations can be managed centrally, providing real-time insight and, at the same time, providing individual users with the flexibility to do their job well. With BeyondTrust’s endpoint privilege management solution for macOS, organization can vastly improve the security of their Mac device estate by:
- Removing admin rights and applying least privilege for all user types, including developers and even remote users
- Providing a solution that is user-friendly and frictionless to the workflow to ensure adoption is high
- Making it easy for the Service Desk to manage, and by not introducing the same burden it is meant to alleviate
- Delivering out-of-the-box capabilities with minimal ongoing overhead, so even ultra-lean macOS IT teams can deploy it rapidly
- Providing detailed audit records and reporting, with ability to pinpoint the who, what, when, and where of sessions
Together, these capabilities protect against internal and external threats, whether intentional or inadvertent (i.e. errors), preventing attackers from attaining that important first foothold, while also stymieing the ability to achieve lateral movement and privilege escalation, which are key phases of the cyber attack chain.
James Allan, Product Manager
Since 2015, James has worked in product teams across various industries. At BeyondTrust, he currently works as a Product Manager specializing in Privilege Management for Windows and Mac. James loves to engage with stakeholders, and enable engineering to solve real-world problems.