Why recent hacks show Apple’s security strength, not its weakness

Follow the news of any security breach on Apple’s systems and the pattern is predictable. Alongside reporting of the problem comes a common warning that Apple users “are not as secure as they think.”

It might be tempting to follow that line of thinking in light of two recent stories of vulnerabilities affecting the Mac and the Apple Watch. In the first instance, the Zoom video-calling app could be abused to let someone spy on you through your webcam. In the second, a flaw in Apple’s Walkie Talkie app could let a hacker eavesdrop on your iPhone conversations. They’re both troubling security issues.

But both cases actually serve as great examples of Apple’s security strength, not its weakness. Apple responded quickly and effectively to stamp out the threat before it could spread — and in this case, Apple isn’t getting as much credit as it deserves.

Actions speak louder than words

MacOS Catalina Hands-on | Macbook Pro
Dan Baker/Digital Trends

No company, system, or platform is totally immune to hacking. Companies love to boast about securing their users, but something is bound to give at some point. One way we can judge a company in terms of its security credentials, though, is the way it reacts to a crisis. And Zoom and Apple could not have provided a better example.

The issue revolved around the way Zoom’s click-to-join video conference system works. Installing Zoom also installed a localhost web server on your machine, which stayed on your Mac even when you uninstalled Zoom. This could be abused to stealthily reinstall Zoom, then access your webcam to pry on you without your knowledge.

When security researcher Jonathan Leitschuh published his findings on the issue on July 8, he revealed that he’d first alerted Zoom to the security breach on March 8 and received no reply. He tried again on March 26, pointing out a “quick fix” and saying he’d alert the public to the breach in 90 days.

Amazingly, Zoom waited until the last of those 90 days to do anything substantial, and even then it only implemented the quick fix and nothing more — which itself was promptly found to be vulnerable a few days later on July 7.

The vulnerability was made public on July 8, and the next day Zoom removed the web server from its app “via a prompted update.” From being made aware of the problem to finally removing the offending piece of software, Zoom took 105 days — almost three and a half months.

Now let’s look at Apple’s response. As we mentioned above, the vulnerability was made public on July 8. The next day, Apple instructed its built-in malware removal tool — installed on every Mac by default — to nuke the Zoom web server on sight. This was done via a silent update, meaning everything was done automatically with no holdups caused by user input (unlike Zoom’s own fix).

That’s right: It took Zoom 105 days to act. And Apple? Just a single day. Apple took no chances, implementing a quick fix that solved the problem once and for all. Zoom dithered.

The reason is simple: The two companies have very different philosophies. The one-click convenience of Zoom is one of its key selling points. To Zoom’s leadership, that was too valuable to lose — surely there had to be a way of addressing the security problem without risking this functionality? Fearing negative publicity and unsure of how to preserve its app’s advantage, the company became paralyzed — and in doing so put millions of Zoom users at risk by not securing their machines.

Apple, on the other hand, understands that the security of its systems is paramount not only to its users but to the success of the company itself. Apple has built a reputation for taking security extremely seriously — look at how it refused to build a backdoor into iOS at the FBI’s request, lest every one of its users be made vulnerable. It knows that prompt action in the face of danger — even if it means some functionality must be sacrificed — is a necessary cost.

Comparing the available resources of Apple and Zoom might not be totally fair, but Apple’s response is certainly the mark of a company that’s serious about security — not one that engages in mere virtue signaling.

No false sense of security

Macbook Air (2018) Review
Riley Young/Digital Trends

The Zoom incident wasn’t a one-off. From the foundations of MacOS to the way Apple responds to crises like these, the whole company is geared towards security.

MacOS has several features built-in that help to protect the system. There’s Gatekeeper, which will block software that Apple has not approved from running on your Mac unless you expressly allow it to. Any app that runs on the system is sandboxed, meaning it is kept completely separate from critical system components and cannot damage them. Various plugins like Flash, Silverlight, Java, and QuickTime won’t run if they’re not updated to the latest version — and Flash has been disabled by default since 2015’s MacOS Sierra.

Then there’s the T2 Security Chip, which not only safely stores your fingerprint data used in Touch ID, but also manages encrypted storage and enables Secure Boot. The last of these prevents unauthorized or modified operating systems from loading at startup and is set to the most secure settings by default.

Apple also has a system in place that allows people to report security flaws in its products. It was through this system that the Walkie Talkie vulnerability was disclosed and quickly addressed.

Windows has some nifty built-in security features, such as Controlled Folder Access that prevents unauthorized changes to your desktop, documents, and other folders, but is only just starting to catch up to MacOS. In contrast, MacOS has had a number of security features built-in for years thanks to its Unix-based architecture.

That combination of quick action and ingrained security systems highlights Apple’s security strengths. These days no operating system is truly “malware-proof,” but the actions of the company that distributes it — be that Apple, Microsoft, or anyone else — go a long way to keeping it secure and bringing peace of mind to us all.

The views expressed here are solely those of the author and do not reflect the beliefs of Digital Trends.


Oppo Reno 10x Zoom vs. Huawei P30 Pro camera shootout: Zooming in on the action

When Huawei introduced its zoom lens on the P30 Pro, it opened up a whole new world of photographic opportunity on a smartphone. Now, Oppo's challenging it with the Reno 10x Zoom, so we've found out which is best.

Protect your new Prime Day devices with IPVanish VPN, on sale until Sunday

If you scored a new device during Prime Day, then you'll want to protect your tech with a good VPN like IPVanish. IPVanish has extended its Prime Day week sale through the weekend, too, making now the best time to sign up and save 63%

Slack is resetting user passwords in response to a 2015 data breach

In response to recently discovered information regarding a 2015 data breach, collaboration software company Slack will be resetting the passwords of some of its user accounts beginning July 18.

Not on my watch: How to fix the most annoying Apple Watch problems

Have you been struggling with one or several Apple Watch problems? Here, we’ve compiled a list of some of the most common issues people are having, along with a few workarounds and fixes for dealing with them.

Is your PC slow? Here's how to restore Windows 10 to factory settings

Computers rarely work as well after they accumulate files and misconfigure settings. Thankfully, with this guide, you'll be able to restore your PC to its original state by learning how to factory reset Windows.

Lose the key for your favorite software? These handy tools can find it for you

Missing product keys getting you down? We've chosen some of the best software license and product key finders in existence, so you can locate and document your precious keys on your Windows or MacOS machine.

Nvidia’s RTX shows how Neil Armstrong would appear if Apollo 11 landed today

If the grainy images captured on the moon in 1969 by Neil Armstrong and Buzz Aldrin were taken today, we now know what they'd look like, thanks to Nvidia, which used ray tracing technology to remaster these stunning shots.

Use one of these password managers to help protect yourself online

The internet can be a scary place, especially if you don't have a proper password manager. This guide will show you the best password managers you can get right now, including both premium and free options.

Amazon Prime Day deals are ending, but you can still get great bargains

Prime Day 2019 has come to an end for Amazon, but that doesn't mean the Prime Day deals are over. With deals from Walmart, Best Buy, and Amazon still going on, this massive shopping event is continuing on through the week.

Walmart extends Prime Day sale into Sunday: 4K TV, Apple, and Smart Watch deals

Prime Day 2019 has come to an end for Amazon, but that doesn't mean the deals are over. Walmart's Prime Day sale has been extended into the weekend. With 4K TVs, Apple Watches, and Nintendo Switch deals, there are great savings.

A PC anyone can build: The 2018 Kano computer kit is the cheapest it’s ever been

The pocket-sized Raspberry Pi is a dream toy for tinkerers, coders, do-it-yourselfers, and even kids, and the Kano computer kit (a perfect gift for any budding tech enthusiast) is now on sale from Amazon for the lowest price we’ve seen.

AMD is leaving Intel in the dust on die size, with no 7nm Intel chips until 2021

Intel CEO Bob Swan revealed this week at Brainstorm Tech 2019 that Intel will not begin producing chips with 7nm fabrication until 2021. This news comes only two months after Intel's Computex 2019 keynote unveiled 10nm chips for the first…
Small Business

Norton vs McAfee: Which Antivirus software is best for your small business?

Effective antivirus software is essential within a small business environment. With Norton and McAfee the biggest names in the business, we take a look at what's best for your company.

Walmart slashes $70 off the Acer Chromebook Spin 11 for summer clearance sale

Need a laptop that you’ll just use primarily for web browsing? Buy a Chromebook. Chromebooks are cheaper alternatives to normal laptops, like the Acer Chromebook Spin 11. It's available on Walmart for only $229, which is $70 less than its…