For years, Apple users felt snug (and smug) in the knowledge that a smaller market share made Apple operating systems a less tempting attack target and that Apple's closed development environment succeeded in keeping the App Store free of malicious Mac and iOS apps. Yet, recent events suggest that Apple users might no longer be able to rely on those protections.
The popularity of iOS -- even in the enterprise -- has made attackers more interested in cracking into Apple's locked-down development environment. They're starting to make a dent: the proof is in recent events, like XCodeGhost -- which snuck Trojanized iOS apps into the official App Store -- and proof-of-concept exploits that allow unsigned code to run on OS X. Research released today by Bit9 + Carbon Black Threat Research found that five times more OS X malware appeared in 2015 than during the previous five years combined.
After years of getting away with low standards, Apple security vendors might not be ready with products that can handle this new threat landscape.
Read on for DarkReading's take on the state of Apple security. Plus, in a DarkReading exclusive, researchers at ThreatBook Labs provide more information about the creators of XCodeGhost and explain that while the authors may have tweeted a public apology about their actions, their intentions weren't so innocent.