Apple chief executive Tim Cook at WWDC 2020. Image credit: Apple
A security expert has welcomed Apple’s move to remove a loophole that had allowed attackers to install adware on Mac computers.
At its World Wide Developer Conference (WWDC) last month, Apple said it would remove a feature that had allowed profiles to be installed via the command line without user input.
The feature had been abused by attackers who accessed servers used to deploy Mac systems across an organisation to install malicious profiles.
In the next macOS release, Big Sur, profiles are to be treated as downloads, with users required to complete installation manually, Apple said.
“Apple has done exactly what I was hoping they would do to cope with the plague of adware installing malicious configuration profiles,” commented Thomas Reed, director of Mac and Mobile at security firm Malwarebytes.
He noted that profile installation would now require “explicit user consent”, making it far more difficult for attackers to carry out such attacks.
Some were less welcoming of the news, which also makes it more labour-intensive to manage large numbers of Mac desktop profiles.
“I’m going to miss being able to control profiles directly with configuration management tools,” Erik Gomez, a senior client platform engineer at Uber, said on social media.
Adware has become a major problem on the Mac.
Malwarebytes said earlier this year it had detected 30 million adware installations on Macs in 2019, compared to 24 million on Windows.
An adware strain called NewTab was the single most prevalent type of malware on Macs last year, with potentially unwanted programs (PUPs) and other types of adware making up most of the other common Mac malware, Malwarebytes said.
The surge in adware helped push the Mac platform past Windows for the total number of threats detected per endpoint last year, with Malwarebytes detecting 11 threats per endpoint on Macs and 5.8 per endpoint on Windows – although the firm noted that Windows threats tended to be more serious.
The figure represents a significant jump from the 4.8 threats per endpoint detected on Macs in 2018.
“The average number of threats detected on a Mac is not only on the rise, but has surpassed Windows – by a great deal,” Malwarebytes said in its study.
The company attributed the rise to Macs’ growing market share and to the fact that macOS’ built-in security systems “have not cracked down on adware and PUPs to the same degree that they have malware, leaving the door open for these borderline programs to infiltrate”.
Workers at Amazon warehouse near Raleigh vote against joining union, as company continues to challenge…
High-profile meeting with tech leaders seen as signal China is boosting tech sector after years…
South Korea hopes to gain leg up in international AI race with infusion of private…
Chinese electric vehicle giants rush to incorporate DeepSeek AI tech to cars after it creates…
South Korean data authority suspends Chinese AI start-up DeepSeek from Apple, Google app stores while…
Privacy advocates criticise Google over decision to allow companies to track users via digital fingerprints,…