In early May, the company released emergency fixes for the operating systems behind iPhones, Apple Watches, iPads, and Mac computers to address a flaw related to the Safari web browser.
And the recent iOS 14.6 rollout featured a handful of non-critical security fixes.
“You could say Apple has had a bad year overall,” says Adam Gordon, a cybersecurity consultant who teaches cybersecurity classes for ITProTV.
He noted the announcement last fall from five hackers who said they had discovered 55 Apple vulnerabilities, 11 of which were deemed critical, over a period of three months. As of October, the group had received just under $300,000 in “bug bounties” from Apple for uncovering the issues.
But just one of those security issues could have commanded a higher sum from a group eager to exploit it, says Richard Hosgood, director of engineering for the cybersecurity firm Votiro.
“A single organization or nation state is willing to pay tens of millions of dollars for something like that,” he says, adding that while Apple does pay substantial bug bounties, “you have to jump through hoops to get it.”
The fact is, while the vast majority of cyber threats still target PCs running the Windows operating system, Apple’s devices are not—and never have been—immune from these dangers. And yet, many security experts were surprised to hear Craig Federighi, Apple’s head of software, actually acknowledge in court last month that the company isn’t pleased with the amount of malware found on its MacOS operating system.
Apple does a better job keeping malicious software out of its iOS mobile platform than MacOS, Federighi said. But, experts warn, threats against smartphones in general are on the rise, as people use them to do more work than ever on the go.
And, the millions of iPhones currently in use—pretty much all running the same software—represent an especially juicy target.
Apple did not respond to requests from Consumer Reports for comment, but here’s what you need to know about the security of your Apple devices—along with tips from cybersecurity experts on how to protect them.