Why Macs and iPhones Should Avoid Installing ‘Orphaned’ Apps

There are many reasons why any business with a connected fleet of technology products you need strong security policies. But the need to protect the business against legacy vulnerabilities with third-party software should be among the top motivators. While I shouldn’t need convincing computer world readers to keep things under lock and key, I want to repeat two recent reports to reinforce the warning.

Half of all macOS malware comes from an app

Elastic Security Labs (via 9to5Mac) recently estimated that half of all macOS malware is installed as a result of poor management of the MacKeeper utility application. The report says that almost 50% of Mac malware comes through its installation.

What the utility does is to optimize Mac performance and monitor the internal resources of the computer; the problem is that to do so requires the user to give it permission to access critical processes and files. It’s not the app that’s at fault per se, but those permissions make it an attractive target for adversaries looking for weaknesses in it to undermine system security.

The impact?

Rather than being protected by all of the system-level security settings inherent in Apple’s desktop platform, MacKeeper users find their systems protected only by the application’s inherent security, which appears to be less secure, given how often with which Elastic Security Labs claims it is used. to make an attack. This is the danger of any software granted inherent system privileges, but it’s also the risk you run when you use any form of third-party software on a Mac, iPhone, PC, or iPad that hasn’t been updated in a while.

Millions of apps are orphans

New investigation from fraud protection firm pixelated claims that more than 1.76 million apps currently available on the Google Play Store or Apple App Store have not been updated in two years or more. The researchers also identified 324,000 apps that have not seen maintenance updates of any kind for more than five years.

Copyright © 2022 IDG Communications, Inc.

Leave a Reply

Your email address will not be published. Required fields are marked *