Apple Reconfigures Macs To Block Adware

A security expert has welcomed Apple’s move to remove a loophole that had allowed attackers to install adware on Mac computers.

At its World Wide Developer Conference (WWDC) last month, Apple said it would remove a feature that had allowed profiles to be installed via the command line without user input.

The feature had been abused by attackers who accessed servers used to deploy Mac systems across an organisation to install malicious profiles.

In the next macOS release, Big Sur, profiles are to be treated as downloads, with users required to complete installation manually, Apple said.

Image credit: Apple

‘Plague of adware’

“Apple has done exactly what I was hoping they would do to cope with the plague of adware installing malicious configuration profiles,” commented Thomas Reed, director of Mac and Mobile at security firm Malwarebytes.

He noted that profile installation would now require “explicit user consent”, making it far more difficult for attackers to carry out such attacks.

Some were less welcoming of the news, which also makes it more labour-intensive to manage  large numbers of Mac desktop profiles.

“I’m going to miss being able to control profiles directly with configuration management tools,” Erik Gomez, a senior client platform engineer at Uber, said on social media.

Adware has become a major problem on the Mac.

Malwarebytes said earlier this year it had detected 30 million adware installations on Macs in 2019, compared to 24 million on Windows.

Significant jump

An adware strain called NewTab was the single most prevalent type of malware on Macs last year, with potentially unwanted programs (PUPs) and other types of adware making up most of the other common Mac malware, Malwarebytes said.

The surge in adware helped push the Mac platform past Windows for the total number of threats detected per endpoint last year, with Malwarebytes detecting 11 threats per endpoint on Macs and 5.8 per endpoint on Windows – although the firm noted that Windows threats tended to be more serious.

The figure represents a significant jump from the 4.8 threats per endpoint detected on Macs in 2018.

“The average number of threats detected on a Mac is not only on the rise, but has surpassed Windows – by a great deal,” Malwarebytes said in its study.

The company attributed the rise to Macs’ growing market share and to the fact that macOS’ built-in security systems “have not cracked down on adware and PUPs to the same degree that they have malware, leaving the door open for these borderline programs to infiltrate”.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Uber, Lyft Drivers Classified As Employees, Judge Rules

Gig economy change. Judge in California rules drivers for Uber and Lyft are employees, and…

12 hours ago

Tim Cook Now A Billionaire After Apple Share Surge

Welcome to the club. CEO Tim Cook now said to be a billionaire after almost…

13 hours ago

Police Use Of Facial Recognition Breached Privacy, Court Rules

Milestone ruling. The UK Court of Appeal rules use of automatic facial recognition (AFR) tech…

14 hours ago

Trump Administration Announces 5G Spectrum Auction

5G growth. The White House has announced a spectrum auction to strengthen “the United States’…

17 hours ago

Toshiba Confirms Exit From Laptop Sector

Japanese conglomerate sells its final stake in PC maker Dynabook, marking the end of 35…

18 hours ago

Researchers Uncover Stuxnet-Style Flaw In Windows

The zero-day vulnerability affects the same Windows component used by Stuxnet to attack critical infrastructure…

2 days ago