Apple Reconfigures Macs To Block Adware

Matthew Broersma,
Apple chief executive Tim Cook at WWDC 2020. Image credit: Apple

Apple will no longer allow user profiles to be installed on Macs without user interaction, in move targeting ‘plague of adware’

A security expert has welcomed Apple’s move to remove a loophole that had allowed attackers to install adware on Mac computers.

At its World Wide Developer Conference (WWDC) last month, Apple said it would remove a feature that had allowed profiles to be installed via the command line without user input.

The feature had been abused by attackers who accessed servers used to deploy Mac systems across an organisation to install malicious profiles.

In the next macOS release, Big Sur, profiles are to be treated as downloads, with users required to complete installation manually, Apple said.

Apple macOS Big Sur
Image credit: Apple

‘Plague of adware’

“Apple has done exactly what I was hoping they would do to cope with the plague of adware installing malicious configuration profiles,” commented Thomas Reed, director of Mac and Mobile at security firm Malwarebytes.

He noted that profile installation would now require “explicit user consent”, making it far more difficult for attackers to carry out such attacks.

Some were less welcoming of the news, which also makes it more labour-intensive to manage  large numbers of Mac desktop profiles.

“I’m going to miss being able to control profiles directly with configuration management tools,” Erik Gomez, a senior client platform engineer at Uber, said on social media.

Adware has become a major problem on the Mac.

Malwarebytes said earlier this year it had detected 30 million adware installations on Macs in 2019, compared to 24 million on Windows.

Significant jump

An adware strain called NewTab was the single most prevalent type of malware on Macs last year, with potentially unwanted programs (PUPs) and other types of adware making up most of the other common Mac malware, Malwarebytes said.

The surge in adware helped push the Mac platform past Windows for the total number of threats detected per endpoint last year, with Malwarebytes detecting 11 threats per endpoint on Macs and 5.8 per endpoint on Windows – although the firm noted that Windows threats tended to be more serious.

The figure represents a significant jump from the 4.8 threats per endpoint detected on Macs in 2018.

“The average number of threats detected on a Mac is not only on the rise, but has surpassed Windows – by a great deal,” Malwarebytes said in its study.

The company attributed the rise to Macs’ growing market share and to the fact that macOS’ built-in security systems “have not cracked down on adware and PUPs to the same degree that they have malware, leaving the door open for these borderline programs to infiltrate”.