NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

The State of Mac Security: What We Learned at the Epic Games Versus Apple Trial

June 8, 2021

  • Blog
  • Archive

A recent lawsuit involving Epic Games and Apple brought some interesting and candid words about Mac to the public domain. During the trial, Apple’s own Senior VP of Engineering, Craig Federighi asserted in court that the level of malware on macOS is not acceptable. He recounted how even his family members have encountered malware on macOS.

Via the lawsuit and trial, Epic Games, developer of popular video games including Fortnite, is seeking to force Apple to scuttle mandatory in-app purchases and allow App Store competitors to distribute iOS apps. Currently on iOS, users cannot download applications outside of the App Store (otherwise known as “sideloading”). Apple takes a cut of all purchases made via the App Store. Epic Games was kicked out of the App Store for trying to circumvent these conditions last year.

While a ruling on the lawsuit is not expected for several months, some questioning and exchanges from the trial are already spurring some provocative titles, such as “Apple wants users to trust iOS, but it doesn’t trust iOS users,” from the Verge.

Here’s one telling excerpt from the trial:

Judge Rogers: “There are multiple stores on the Mac. So, if that [users able to download applications on macOS outside of the app store] can happen on the Mac, why should we not allow the same stores to exist on the phone?”

Craig Federighi: ”Yeah, it’s certainly how we’ve done it on the Mac and it’s regularly exploited on the Mac. iOS has established a dramatically higher bar for customer protection. The Mac is not meeting that bar today. And that’s despite the fact that Mac users inherently download less software and are subject to a way less economically motivated attacker base. If you took Mac security techniques and applied them to the iOS ecosystem, with all those devices, all that value, it would get run over to a degree dramatically worse than is already happening on the Mac. And as I say, today, we have a level of malware on the Mac that we don’t find acceptable and is much worse than iOS. Put that same situation in place for iOS and it would be a very bad situation for our customers.”

Unlike on the iOS, sideloading is allowed on macOS. From Federighi’s statement above and other remarks made during the trial, the implication is that macOS is inherently a less safe environment since sideloading is allowed. However, this perspective on safety has far less to do with the fact that malware is on the rise or at a dangerous level for macOS and more to do with Apple’s view on what can and can’t be downloaded on a machine. In essence, Apple expects Mac users to be more security savvy than iOS users. In other words, iPhone users require more protection from themselves. However, we all know that blanket generalization of Mac users versus iPhone users is often not true.

What’s most important to recognize is that malware aimed at macOS endpoints and users does exist and, while we wait to see how Apple intends to lessen the threat, Mac estate admins must ensure workers have a safe environment to work in, while maintaining productivity. To ensure these goals are accomplished, privilege management should be implemented as a foundational part of the security strategy.

BeyondTrust Privilege Management for Mac ensures organizations can be managed centrally, providing real-time insight and, at the same time, providing individual users with the flexibility to do their job well. With BeyondTrust’s endpoint privilege management solution for macOS, organization can vastly improve the security of their Mac device estate by:

  • Removing admin rights and applying least privilege for all user types, including developers and even remote users
  • Providing a solution that is user-friendly and frictionless to the workflow to ensure adoption is high
  • Making it easy for the Service Desk to manage, and by not introducing the same burden it is meant to alleviate
  • Delivering out-of-the-box capabilities with minimal ongoing overhead, so even ultra-lean macOS IT teams can deploy it rapidly
  • Providing detailed audit records and reporting, with ability to pinpoint the who, what, when, and where of sessions

Together, these capabilities protect against internal and external threats, whether intentional or inadvertent (i.e. errors), preventing attackers from attaining that important first foothold, while also stymieing the ability to achieve lateral movement and privilege escalation, which are key phases of the cyber attack chain.

To learn more about Privilege Management for Mac, read these Mac endpoint security best practices and request a customized demo.


Photograph of James Allan

James Allan, Product Owner

Since 2015, James has worked in product teams across various industries. At BeyondTrust, he works as a Product Owner, specializing in the Mac side of the Endpoint Privilege Management solution. James loves to engage with stakeholders, and enable engineering to solve real-world problems.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Up next

From June 1, 2021:
How to Penetration Test (Pentest) Remote Worker Endpoints: What’s in Scope, & What’s Off Limits
From June 10, 2021:
Defining & Protecting Critical Software to Improve U.S. National Cybersecurity & Supply Chain Resilience

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.