Written By Roark Pollock And Presented By Charles Leaver
Do you have Mac computers? That’s fine. I also own one. Have you locked your Macs down? If you haven’t, your business has a potentially major security weak point.
It’s a misconception to think that Macintosh computers are inherently safe and don’t have to be secured against malware or hacking. Many believe Macs are undoubtedly probably more safe than Windows desktops and notebooks, due to the design of the Unix-oriented kernel. Definitely, we see fewer security patches issued for macOS from Apple, compared with security patches for Windows from Microsoft.
Less security problems is not zero defects. And safer doesn’t mean complete safety.
Some Mac Vulnerability Examples
Take, for instance, the macOS 10.13.3 upgrade, released on January 23, 2018, for the present variations of the Mac’s operating system. Like many current computers running Intel processors, the Mac was vulnerable to the Meltdown defect, which implied that destructive applications may be able to read kernel memory.
Apple needed to patch this defect – as well as numerous others.
For example, another problem could permit destructive audio files to execute arbitrary code, which might violate the system’s security integrity. Apple needed to patch it.
A kernel defect suggested that a destructive application may be able to execute random code with kernel advantages, providing hackers access to anything on the device. Apple needed to patch the kernel.
A defect in the WebKit library indicated that processing maliciously crafted web material may cause random code execution. Apple had to patch WebKit.
Another defect meant that processing a harmful text message may result in application denial of service, locking up the system. Whoops. Apple had to patch that flaw as well.
Don’t Make The Exact Same Mistakes as Customers
Numerous customers, believing all the hype about how wonderful macOS is, choose to run without security, relying on the macOS and its built-in application firewall to obstruct all manner of bad code. Bad news: There’s no integrated anti virus or anti malware, and the firewall program can just do so much. And lots of enterprises wish to neglect macOS when it concerns visibility for posture monitoring and hardening, and hazard detection/ hazard hunting.
Consumers frequently make these presumptions due to the fact that they do not know any better. IT and Security experts should never ever make the exact same mistakes – we should understand much better.
If a Mac user installs bad software, or includes a harmful internet browser extension, or opens a bad email attachment, or clicks on a phishing link or a nasty advertisement, their computer is corrupted – similar to a Windows computer. But within the enterprise, we need to be prepared to handle these issues, even on Macs.
What To Do?
What do you have to do?
– Set up anti-virus and anti malware on corporate Macs – or any Mac that has access to your organization’s material, servers, or networks.
– Track the state of Macs, much like you do with Windows computers.
– Be proactive in applying fixes and patches to Macs, again, similar to with Windows.
You should likewise eliminate Mac computers from your business environment which are old and cannot run the latest variation of macOS. That’s a great deal of them, since Apple is pretty good at keeping hardware that is older. Here is Apple’s list of Mac designs that can run macOS 10.13:
– MacBook (Late 2009 or newer).
– MacBook Pro (Mid 2010 or newer).
– MacBook Air (Late 2010 or more recent).
– Mac mini (Mid 2010 or newer).
– iMac (Late 2009 or more recent).
– Mac Pro (Mid 2010 or newer).
When the next version of macOS comes out, some of your older devices may drop off the list. They should fall off your stock also.
At Ziften, with our Zenith security platform, we strive to preserve visibility and security feature parity between Windows systems, macOS systems, and Linux-based systems.
In fact, we have actually partnered with Microsoft to incorporate our Zenith security platform with Microsoft Windows Defender Advanced Threat Protection (ATP) for macOS and Linux monitoring and hazard detection and response coverage. The combination allows clients to spot, view, investigate, and react to sophisticated cyber-attacks on macOS devices (as well as Windows and Linux-based endpoints) directly within the Microsoft WDATP Management Console.
From our point of view, it has constantly been necessary to provide your security groups self-confidence that every desktop/ notebook endpoint is protected – and thus, the enterprise is secured.
Believe it or not, 91% of enterprises say they have a number of Macs. If those Macs aren’t protected, and also correctly incorporated into your endpoint security systems, the business is not protected. It’s just that simple.