Mac users: It's time to wake up and smell the vulnerabilities
Are you one of the millions of Mac users under the impression that your digital security is guaranteed simply due to the fact that you’re using a Mac? Then I’ve got some news for you that you may not want to hear: the popular and long-standing myth that Mac users are immune to security vulnerabilities is just that -- a myth. This myth largely derives from the fact that the global Windows market share dwarfs that of macOS. Hackers and cybercriminals would much rather target an operating system that serves nearly 90 percent of users worldwide than one that accounts for less than 10 percent.
The truth is that Macs are still very much susceptible to vulnerabilities that can be exploited by cybercriminals, or even by developers of apps you may use on a daily basis. So if you’re a Mac user who has been lulled into a false sense of security, it’s time for you to wake up and realize that your security is by no means guaranteed on a Mac. That’s the hard reality of it, and the sooner you come to grips with it, the sooner you can start taking steps to protect your digital security and personal privacy on your Mac.
Even after knowing that your Mac isn’t immune to vulnerabilities, you may still think that only hackers and cybercriminals would be a threat to the security of your Mac. Unfortunately, that isn’t the case. Bugs lurking undetected within some of the applications you may use on a daily basis could easily leave you exposed to a potential malicious attacker. What’s even more frightening, app developers themselves may be reluctant to squash those bugs even after they have been detected and reported to the company developing the application.
Case in point is the recent revelation that the popular video conferencing app, Zoom, contained a vulnerability that allowed for a third-party actor to remotely enable Mac users’ microphones and cameras without their permission simply by having the victim click on a Zoom meeting link. In March, a cybersecurity researcher responsibly disclosed to the company a number of serious vulnerabilities contained within the Zoom application. The most egregious of which was the aforementioned camera vulnerability that was made possible by a local web server that was automatically installed with the Zoom application on Mac computers. The local web server was installed in the background as a way for Zoom to create a seamless video conferencing experience for its Mac users. Essentially, it made it possible for the software to bypass a security feature in the Safari web browser that required user confirmation prior to launching the app on a Mac, thus saving the user a mouse click or two by automatically launching the app without having to click the confirmation dialogue.
It turns out that this vulnerability could easily be exploited by a malicious actor and used as a way to remotely hijack unsuspecting Mac users’ cameras and microphones, leaving them fully exposed to a flagrant invasion of privacy. Shockingly, according to the security researcher’s blog post, Zoom persistently attempted to downplay the seriousness of the vulnerability during ongoing conversations with the researcher over a 90-day period and was resistant to properly addressing the issue. Even after public disclosure of the vulnerability, Zoom initially continued to downplay the gravity of the issue and declined to take the researcher’s recommended action to remove the local webserver completely. Only after public backlash following the researcher’s disclosure did Zoom cave and agree to remove the webserver from an updated version of the app.
Ultimately, Zoom’s misguided notion that user experience trumps user security led the company to develop an application that allowed for potentially severe user privacy infringements. It is certainly alarming and indeed eye-opening for a company -- especially of Zoom’s stature -- to deliberately build into its software a way to bypass a browser security feature intended to protect Mac users’ privacy, even if it was in the interest of enhancing the user experience.
If worrying about developers building security vulnerabilities into their applications isn’t enough, it’s important to understand that hackers and cybercriminals can absolutely target you even if you’re on your trusty Mac computer. The good news, though, is that there are concrete steps you can take to mitigate those cyber threats and minimize your chances of having your security compromised when using your Mac. You may think that antivirus software is only meant for Windows systems. However, since Macs can also be vulnerable to viruses and malware, cybersecurity experts have been increasingly recommending that Mac users install antivirus software as well.
Another necessary privacy tool to use on your Mac would be a virtual private network (VPN). By using a VPN on your Mac, you can secure your privacy by fully encrypting all of your internet traffic, essentially hiding everything you do online from hackers, cybercriminals, and even your internet service provider. A VPN is a simple and extremely effective way to stay secure and protect your privacy when using your Mac.
Although even Macs can be vulnerable to various cyber threats, there are certain steps you can take to ensure your privacy and security are properly maintained. It is fundamentally important to be aware of what security threats exist, and what you can do to counter them and keep yourself, and your Mac, safe and secure.
Attila Tomaschek is a digital privacy expert at ProPrivacy.com and a staunch advocate for a free and open internet. Attila is constantly investigating and analyzing matters of digital privacy and is always eager to share his knowledge with readers. Follow Attila on Twitter and LinkedIn.