The patch management company Action1 has revealed in its latest report a concerning increase in attacks on Apple devices, despite the decrease in the total number of vulnerabilities identified in macOS during 2023.
Increase in Vulnerability Exploitation
The report shows that, although the total number of macOS vulnerabilities identified decreased by 29% in 2023, the number of exploited vulnerabilities increased by over 30% compared to the previous year. In total, 18 vulnerabilities were exploited, reflecting a significant increase in the susceptibility of these devices to cyberattacks.
Trends in Mobile and Desktop Operating Systems
In the realm of mobile operating systems, iOS had an exploitation rate of 8%, significantly higher than Android’s 0.2%, indicating that attackers are focusing their efforts on iPhone devices, likely due to the perceived value of the data they store. Additionally, iOS suffered the highest number of remote code execution (RCE) attacks between 2021 and 2023.
For desktop operating systems, Windows’ exploitation rates remained stable at 4%, demonstrating a more stable vulnerability management process by Microsoft. In contrast, macOS saw a 30% increase in exploited vulnerabilities, highlighting a greater vulnerability.
Attacks on Load Balancers
The report also highlights that load balancers like NGINX and Citrix are being attacked at a record pace. NGINX recorded a 100% exploitation rate in 2023, while Citrix reached 57%. Despite representing only 0.2% of the total vulnerabilities, these exploitation rates are significant due to the potential impact of a successful exploit, allowing attackers to intercept, modify, and redirect network traffic, access confidential data, and disrupt services.
Recommendations for Organizations
Action1 analysts emphasize the need for organizations to not only ensure regular updates for Apple operating systems but also implement additional security measures to protect Mac devices. Juan Llamazares, CEO of Datos101, mentioned the importance of strengthening public cloud management capabilities to meet growing security demands.
The report recommends that security leaders (CISOs and CIOs) assess the risk of the software used in their organizations and prioritize patching critical vulnerabilities. Additionally, the importance of educating employees on best security practices and safe use of corporate applications to minimize exploitation risk due to human errors is highlighted.
The Action1 report underscores a concerning trend for Apple, indicating an increase in exploited vulnerabilities in their operating systems. This rise in vulnerability exploitation requires renewed attention and robust security measures to protect users and their data in an ever-evolving threat landscape.
Source: Appleismo.