Computer security is constantly evolving, as new issues and vulnerabilities are discovered, as new software and devices are deployed, and as hackers figure out new ways to get around barriers.
Some security and privacy threats change over time. Ten years ago, we didn’t have to worry much about Internet of things (IoT) devices or data breaches, let alone hardware and even CPU architecture vulnerabilities like Spectre and Meltdown; we continued to see the emergence of similar discoveries and a continuance of these trends throughout 2019.
One thing that hasn’t changed over the past decade is that some Mac malware continues to disguise itself as Flash Player updates, even though Adobe is abandoning Flash at the end of 2020. Perhaps the fake-Flash malware trend will finally die toward the end of this year; time will tell.
Here is an overview of the main issues that affected Apple products and software in 2019:
In 2019, Apple issued a total of 102 updates containing security fixes (many of which patched numerous vulnerabilities) covering all its supported platforms, including macOS, iOS, watchOS, tvOS, and, starting in the fall, iPadOS. There were also security updates for iCloud and iTunes for Windows, for Xcode (Apple’s app development software), and for a few other apps (such as Shazam and Texture, both recent Apple acquisitions). Interestingly, there were even updates for discontinued AirPort Wi-Fi devices. You can see a list of all Apple security updates on this Apple support page.
Many of these updates fixed vulnerabilities that were present across multiple Apple operating systems, since the core underpinnings of macOS, iOS, iPadOS, watchOS, and tvOS are the same. When updates are available for one of your Apple devices, you should check for and apply updates on all of your Apple devices as soon as possible. It’s a good idea to have all of your devices automatically check for and alert you to updates when they become available.
SPOILER was an Intel processor vulnerability disclosed in March, similar in nature to the Meltdown and Spectre vulnerabilities, that exploited a speed-enhancing hardware feature called speculative execution to access sensitive data. In May, another Intel processor vulnerability, dubbed ZombieLoad, was disclosed to the public.
Here on The Mac Security Blog, we covered some of the highlights of various Apple security updates throughout the year, and we discussed many other vulnerabilities on various episodes of the Intego Mac Podcast.
Mac malware isn’t going away any time soon, and 2019 was another busy year for Mac malware analysts.
In June, Intego was also the first to detect OSX/NewTab, malware that attempted to inject tabs into the Safari browser.
Although that may seem like a lot (especially given the commonly held myth that Macs don’t get malware), that’s not even an exhaustive list of all the new malware and variants that we observed in 2019. Other Mac malware seen throughout 2019 included CookieMiner, Siggen, and various malware associated with the Lazarus Group (including Yort, Yort.B, GMERA, Lazarus Loader, and a new AppleJeus variant).
Naturally, Mac users running Intego VirusBarrier X9 are protected from all this malware.
In recent years, data breaches have increased in frequency and severity, as huge amounts of user data is concentrated, and as companies may not always use the strictest security to protect this data.
Your identity is worth money. Not only for advertisers, but for malicious cybercriminals who want to get hold of your usernames and passwords to access your accounts. One reason that data breaches are so serious is that many people reuse the same credentials on multiple accounts. So if a cybercriminal gets ahold of a user’s username and password from some small website, if the user has reused these same credentials elsewhere, anyone with this data could get into their Facebook, Twitter, or Instagram accounts—or even their email accounts, which is quite dangerous because most password-reset mechanisms send an e-mail to the account on file.
As just one notable example, in January a huge data dump was found. Called Collection #1—because other collections would follow—this was the largest such data dump to date, with 2.7 billion records, including 1.2 billion unique email address and password combinations, 773 million unique email addresses, and 21 million unique passwords in plain text. This data had been aggregated from multiple small and large breaches, and was available to hackers around the world. We discussed Collection #1 (and various other data breaches throughout the year) on the Intego Mac Podcast.
Intego provides a thorough how-to article called “How to avoid getting hacked after data breaches,” because these breaches have become so common.
One of the more serious threats is phishing. This is when you get an email that seems to be real, telling you that you need to log into an account on a website. Typically, you click a link and enter your credentials, but the site is fake, and now someone can access your email account, Facebook account, or even your Apple ID account.
One recurring case of fraudulent email stood out this year: these were emails purportedly from a CIA agent saying that you had been accessing child porn. These weren’t actually phishing, at least not in the sense that you click a link to go to a website; these emails instructed you to send money in Bitcoin, something that most people wouldn’t know how to do, but which is anonymous.
Phishing and other email scams are common, and we have an article explaining how to spot phishing emails.
Consumers and business professionals today need to be aware that “smart home” (or smart office) gizmos that connect to the Internet may contain vulnerabilities that could provide an attacker access to your network.
The “Internet of things” is a nickname given to the web of smart home devices that generally each perform limited tasks, but together combine to provide a lot of control over your home or office. We looked at Apple’s HomeKit at the end of the year, explaining what this framework is and how it works, but all throughout the year, we witnessed issues with IoT devices.
From breaches of databases run by IoT companies to new, innovative ways of hacking smart speakers—such as using lasers—smart home devices are a relatively new target for hackers and cybercriminals. Smart TVs may be spying on you, and the companies making smart speakers may have listened to some of your conversations.
In this article I’ve only touched on the issues of the eventful year 2019. You can find more by listening to (or skimming the show notes from) past episodes of our podcast.
Also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for updates.
And make sure you’re following Intego on your favorite social and media channels: Facebook, Instagram, Twitter, and YouTube (click the 
