In a report going over the state of malware in 2024, device management firm Jamf says that 9% of mobile users were caught by phishing, while 20% of companies were at risk because of bad smartphone configurations.
Jamf is a service for companies to manage devices such as iPhones, and it also operates a Jamf Lab that looks at security issues. It's now issued an annual report about the safety and security of devices, specifically all smartphones.
Overall, it claims that "40% of mobile users are running a device with known vulnerabilities," and that "39% of organizations had at least one device" with such issues. The report typically refers to iOS and Android together, rather than breaking out any differences, but says this is because there are growing issues even with the iPhone.
More specifically, it says that "9% of users fell for a phishing attack in 2024 [sic] and 18% of organizations had at least one user fall for a phishing attack."
"[While] mobile devices are made up of more than just Apple's platform," says the full report, "a significant portion of our research points to growing trends strongly underscoring the position that threat actors are increasingly targeting the Apple ecosystem with considerable technical resources directed toward developing novel and difficult-to-detect attacks to compromise the iOS/iPadOS platforms."
"Apple has led the defensive on this front by making security and privacy crucial tenets of their design philosophy," it continues. But security features are of no use if they are ignored, and Jamf says that is what is happening across Apple's platforms.
FileVault, for instance, a "basic feature that provides critical protection of user data by encrypting it" was reportedly "found disabled on 36% of devices" surveyed. Then across 2023, "3% of [iPhones] devices had lock screen disabled and 25% of organizations had at least one user with lock screen disabled."
Malware and virus thread expanding on Mac
"While the myth that Mac doesn't get viruses persists," it says, "Jamf Threat Labs tracks around 300 malware families on macOS."
"In fact, 2023 saw the rise of 21 new malware families on Mac!" it continues. The report then shows 18 forms of malware in its chart of "new Mac malware instances studied and counted in 2023."
There's then no indication of how prevalent any of the listed malware is. The report does rank the malware by what "% of all Mac malware" it represents, with "Adware" accounting for 36.77%.
The list of malware, though, also includes what Jamf calls potentially unwanted applications (PUA).
"[This] category is tricky to quantify since it could be that the application was installed knowingly by the user that is otherwise benign," says Jamf, "or could be something that was intentionally hidden from the user during installation to mask its detection."
Jamf's solution
Jamf recommends that users keep their devices up to date, and calls doing so "perhaps the single most impactful practice than an organization can implement." It says, however, that "not everyone is able to keep up with the pace of innovation."
"Though there are many reasons to delay applying software updates from fear of conflicts to excessive agents that need to be tested for compatibility following each update," it continues, "not applying OS updates means that work devices are likely running with known vulnerabilities that are waiting to be exploited."
This is another area where the report makes broad statements without breaking down the differences between devices. Traditionally, iOS users have updated to their latest OS version vastly more than Android ones, although there has been a decline for iOS 17.
6 Comments
Scare tactics. Adware while annoying is not a threat. PUA is probably not a huge deal either. Trojans and the rest are bad news. Of course none of these affect iOS.
Curious to see how this evolves with the advent of 3rd party stores.
"But you can 'sideload' apps on the Mac. Are you saying macOS is less secure than the iPhone?" — every defender of turning iOS into a free-for-all.
The answer is Yes. macOS may be more secure than other platforms, but it is less secure than iOS.
I’d like to know more about what viruses they are talking about. I can’t remember the last time I needed to worry about an actual virus on Mac. If the real world risk is as small as I think it is, it’s effectively not a myth as they claim.