Cyber Criminals Are Increasingly Targeting iPhones and Macs. Here's How to Thwart Them.
CR asked security experts to explain what's changed and what you can do about it
For a long time, people assumed that Apple devices—iPhones in particular—were safe from malware and other cyber threats, because they were too limited in number and too tough for cyber criminals to hack.
But attacks against Apple products have grabbed headlines in recent months, prompting concern as Apple raced to release a slew of software patches to fix critical vulnerabilities.
In late March, the company pushed out an update for iPhones, iPads, and Apple Watches to fix a vulnerability discovered by security researchers at Google’s Project Zero.
For many years, Apple’s computers represented just a tiny fraction of the world market, offering little upside for cyber criminals. But that’s changing. In 2020, the company claimed a 7.6 percent share of the global computer market, up from 6.7 percent in 2019, according to the research firm IDC. From one year to the next, global sales jumped 29 percent.
Attacks against Macs increased, too. According to Malwarebytes’ most recent State of Malware report, the threats against Mac computers detected by the company’s antivirus software jumped 61 percent in 2020. But note that the vast majority of those threats targeted business computer systems, rather than consumer devices.
When it comes to iPhones, however, criminals have plenty of incentive to attack, given the size and relative wealth of the user base, and the fact that, unlike Android phones, nearly all iPhones use the same exact operating system.
“iPhones are, of course, ubiquitous, but they are also notoriously hard to attack,” says Thomas Reed, director of Mac and mobile at Malwarebytes. But if breached, they “provide the ultimate attacker paradise,” he adds, noting that security software designed to scan iOS devices for malware doesn’t exist yet, like it does for laptop and desktop computers.
Still, Apple does a very good job of locking down its phones, says Hosgood. In general, they’re much harder to exploit than a traditional computer, which is why the vast majority of threats still target the latter.
And while the slew of recent Apple patches may seem troubling, it proves that security issues are getting resolved instead of looming in the dark.
When it comes to patching, Reed says, Apple has a pretty good track record, quickly rolling out quality fixes. You can do your part by making sure those fixes are installed without much delay.
How to Protect Yourself
To shield your laptops, tablets, and smartphones from security threats, the best thing to do is keep your operating system updated. Try to avoid the online traps that allow attackers to exploit undiscovered problems, too.
Here are some tips for making that easier.
Enable automatic updates. While updating your devices can sometimes be tedious, it’s important to not put off the task because that delays the installation of security patches.
To make things easier, set a phone or laptop up to update overnight, when the process is less likely to disrupt your life. Keep your device plugged in, too, because updates often require that.
Not sure if the device is up to date? Here’s how to check.
On an iPhone, go to Settings > General > Software Update.
On a Mac computer, go to Launchpad > System Preferences > Software Update.
If it’s clear the device is no longer getting operating system updates, it’s time to get rid of it.
Beware of phishermen. Attackers can’t exploit a security bug on a connected device unless you give them a way in. That usually happens when you click on a malicious link or attachment in an email, text message, or social media post.
While Apple and Google both do a pretty good job of keeping dangerous apps out of their stores, they occasionally sneak through and can be tough to spot. Beware apps that ask to collect more information than you’re comfortable giving. And don’t download apps from a third-party store. That’s almost always a bad idea.
If you think your phone already has been compromised, don’t just delete the malicious file or app. That won’t fix the problem. You’re going to have to perform a factory reset. (Hopefully, your data is backed up in the cloud, so you can restore it once the process is done.) If something still seems off, take the phone to a professional.
Use AV software. Macs and mobile devices need antivirus software, too. And there are a bunch of security suites out there that will cover nearly all of your gadgets, whether they run Android, iOS, MacOS, or Windows.
As mentioned before, due to Apple security restrictions, AV software can’t scan iPhones for viruses, but it can do other helpful things like block malicious websites, calls, and texts. Need help finding some software? Check out our ratings of antivirus software.