The number of flaws discovered and abused in Apple’s ecosystem skyrocketed in the second half of 2021, according to new research.
A report by Atlas VPN indicates that cybercriminals found and exploited a total of 380 new vulnerabilities in Apple’s software offerings in the second half of 2021, up 467% from the first half.
Most of the exploits affect Safari, the company’s Internet browser, as well as the operating system (OS) itself. “Because all Apple software is interchangeable and connected, a vulnerability found can typically affect all devices,” the researchers explain.
Popular products are also popular with criminals
One of the most dangerous vulnerabilities for Apple devices is CVE-2021-30858, he added, as it has a severity score of 8.8. It targets iPhones and iPads with iOS version 14.8, as well as Mac devices with macOS Big Sur 11.6.
The flaw allows threat actors to execute arbitrary code, which means they could install malware or ransomware on the target device, or perform a myriad of other malicious activities (e.g., data exfiltration or theft of login credentials).
The researchers believe that the growing interest of cyber crooks in Apple is due to the ever-increasing popularity of its products:
“Products owned by tech giants like Apple or Google are used by billions of people around the world. This leaves billions of users vulnerable to exploits discovered by cybercriminals,” says Vilius Kardelis, Cybersecurity Writer at Atlas VPN. “To stay away from these threats and protect your devices, users should always update their software to the latest version.”
In terms of raw numbers, however, Google and Microsoft had the most vulnerabilities exploited in the second half of the year. Google has accumulated a total of 511 vulnerabilities, mostly in Android and the Chrome browser.
Microsoft was second, with a total of 428 vulnerabilities. Most of them were found in Windows, Office and the browser – Microsoft Edge.
Apple has been contacted for comment.