Apple confirms Macs get malware

Apple confirms Macs get malware

Anyone following the court case between Epic and Apple is undoubtedly already aware of the “bombshell” dropped by Apple’s Craig Federighi yesterday. For those not in the know, Federighi, as part of his testimony relating to the security of Apple’s mobile device operating system, iOS, stated that “we have a level of malware on the Mac that we don’t find acceptable.”

This, of course, broke the internet.

Years ago, Apple promoted the idea that Macs don’t get viruses, as part of a flashy series of Get a Mac ads featuring Justin Long as a Mac and John Hodgman as a PC.

The irony of this 180 degree turnaround has caused a huge amount of snide commentary. Of course, these ads last played more than a decade ago, and things have changed significantly between then and now, so this isn’t exactly a sudden change of heart.

On the contrary, we should not be surprised by this. Apple’s actions over the last ten years speak volumes. It has implemented increasingly strict code signing requirements as a means for controlling some malware. It implemented Notarization requirements as a means of checking apps distributed outside the App Store for malware. (One could argue about the efficacy of these measures, but the intent is clear.)

Another recent addition is a series of access restrictions that must be approved on a per-app basis, such as access to the Documents or Desktop folders. (Ironically, there was a similar security feature in Windows that Apple mocked in another of the Get a Mac ads.) Admittedly, Apple really only talks about the privacy aspect of these restrictions, but the security aspect is pretty obvious.

Apple also implemented a new EndpointSecurity framework in macOS 10.15 (Catalina), in order to better support third-party antivirus software that—until then—was reliant on ageing, deprecated functionality provided by macOS. This was essentially an official acknowledgement from Apple that Macs get malware, and that there is a need for third-party antivirus software for the Mac.

It has also recently started adding information to its security update information disclosing when its aware of a fixed bug being actively exploited in the wild by malware.

macOS Big Sur 11.3.1 release notes

All this and more shows very clearly that Apple has been aware of the malware issue for a long time. It may not make a lot of public statements acknowledging the malware problem, but actions speak louder than words. In the end, this all boils down to mocking Apple for publicly acknowledging something it has been mocked for years for not acknowledging. The irony!

Is a macOS lockdown imminent?

Not all of the hot takes out there have to do with mocking Apple. Others are taking Federighi’s words in a different light. By pointing out the weaknesses in macOS as a means for illustrating the security of iOS, some fear this is a sign that Apple intends to lock down the Mac in the same way that it has iOS.

However, this also isn’t indicated by Apple’s actions. First, consider Notarization, which is intended to curb distribution of malicious apps outside the App Store. Its efficacy can be called into question, since many pieces of malware have managed to get a clean bill of health from the Notarization process, but that’s not the question here. If Apple’s intent were to shove all developers into the App Store, why would they spend time, effort, and money on an attempt to improve the user experience with apps distributed outside the App Store?

Another point to consider is the EndpointSecurity framework. Apple has put a lot of effort into this. It had conversations with security companies to find out what they needed. It did a great job of implementing something that was able to deliver what was requested, and it spent time bringing antivirus developers to Apple HQ to teach them how to use the new framework.

Antivirus software on iOS is impossible, due to Apple restrictions. So, if it had plans to lock down macOS in the same way, why would it spend all that time, effort, and money on better supporting antivirus software? It doesn’t make sense.

If you still need convincing, just consider Federighi’s own words during his testimony. He said that an iOS device was something that anyone—even an infant—could operate safely. He compared the Mac to a car, something that could be operated safely but that required caution, saying, “You can take it off road if you want, and you can drive wherever you want.”

This, to me, embodies what I perceive to be Apple’s stance on macOS and iOS. The Mac is the workhorse, used to really get things done and “go off road.” It’s the only platform it supports for writing both Mac and iOS apps. There would be no iOS if not for the Mac. The Mac is for those who “think different,” while the nature of iOS does not encourage that.

The future of macOS?

Obviously, I don’t represent Apple and all I can do is speculate based on evidence at hand. That said, I don’t see any reason to think that macOS is going down exactly the same road as iOS. That also means that we will likely continue to have problems with malware on macOS. As long as there is money to be made from increasing numbers of Macs, creators of malware will continue to target Macs.


Thomas Reed

Director of Mac & Mobile

Had a Mac before it was cool to have Macs. Self-trained Apple security expert. Amateur photographer.