Apple Reconfigures Macs To Block Adware

A security expert has welcomed Apple’s move to remove a loophole that had allowed attackers to install adware on Mac computers.

At its World Wide Developer Conference (WWDC) last month, Apple said it would remove a feature that had allowed profiles to be installed via the command line without user input.

The feature had been abused by attackers who accessed servers used to deploy Mac systems across an organisation to install malicious profiles.

In the next macOS release, Big Sur, profiles are to be treated as downloads, with users required to complete installation manually, Apple said.

Image credit: Apple

‘Plague of adware’

“Apple has done exactly what I was hoping they would do to cope with the plague of adware installing malicious configuration profiles,” commented Thomas Reed, director of Mac and Mobile at security firm Malwarebytes.

He noted that profile installation would now require “explicit user consent”, making it far more difficult for attackers to carry out such attacks.

Some were less welcoming of the news, which also makes it more labour-intensive to manage  large numbers of Mac desktop profiles.

“I’m going to miss being able to control profiles directly with configuration management tools,” Erik Gomez, a senior client platform engineer at Uber, said on social media.

Adware has become a major problem on the Mac.

Malwarebytes said earlier this year it had detected 30 million adware installations on Macs in 2019, compared to 24 million on Windows.

Significant jump

An adware strain called NewTab was the single most prevalent type of malware on Macs last year, with potentially unwanted programs (PUPs) and other types of adware making up most of the other common Mac malware, Malwarebytes said.

The surge in adware helped push the Mac platform past Windows for the total number of threats detected per endpoint last year, with Malwarebytes detecting 11 threats per endpoint on Macs and 5.8 per endpoint on Windows – although the firm noted that Windows threats tended to be more serious.

The figure represents a significant jump from the 4.8 threats per endpoint detected on Macs in 2018.

“The average number of threats detected on a Mac is not only on the rise, but has surpassed Windows – by a great deal,” Malwarebytes said in its study.

The company attributed the rise to Macs’ growing market share and to the fact that macOS’ built-in security systems “have not cracked down on adware and PUPs to the same degree that they have malware, leaving the door open for these borderline programs to infiltrate”.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Microsoft Executive Indicates Departmental Hiring Slowdown

Amid concern at the state of the global economy, a senior Microsoft executive tells staff…

17 hours ago

Shareholders Sue Twitter, Elon Musk For Stock ‘Manipulation’

Disgruntled shareholders are now suing both Twitter and Elon Musk, over volatile share price swings…

18 hours ago

Google Faces Second UK Probe Over Ad Practices

UK's competition watchdog launches second investigation of Google's ad tech practices, and whether it may…

20 hours ago

Elon Musk Raises His Contribution To Twitter Acquisition

But one of Elon Musk's biggest backers on the Twitter board has tendered his resignation…

2 days ago

Broadcom Confirms VMware Acquisition For $61 Billion

Entry into cloud infrastructure software for US chip firm Broadcom after it confirms reports it…

2 days ago