
Apple Security Update: Is It All Set for an Enterprise?
Over the past years, security experts have announced that Apple is not as concerned about security features as its prominent competitors are! In 2012, Kaspersky Lab’ s CEO, Eugene Kaspersky, who was worried about security, stated that Apple’s security features lag behind Microsoft Corporation’s as much as ten years. He expressed his apprehension for the growing malware threats and slow response after a critical Java update that made customers’ systems susceptible to the Flashback Trojan.
However, Apple has been acclaimed for smart security decisions, such as alleviating the usage of endangered Java versions on its devices. In March 2013, added support for two-step verification on Apple IDs was also initiated. So the question remains the same—does Apple offers you a model of robust security, or is it simply being more attentive to safety to dodge backlash?
Another criticism that it faced is the lack of transparency! Apple has never come out with honesty about malware threats and weaknesses in its products. Although the effects of this lapse are never too hard to measure, some people follow the perspective that is closed and secretive is advantageous in security terms.
Therefore, better to focus on the available security features, the vulnerabilities that have been exploited and how Apple changed its practices concerning the adverse response to events.
In 2011, the App Store for Apple added a bunch of purchasing programs for businesses, including B2b apps for iPhones, iPads, and mini-iPads. These devices are reviewed by using the company’s rigorous process for approvals.
However, developers are held responsible for acquiring the data safely in B2B apps. In terms of security, Apple’s app store is way ahead of its competitors as it performs stringent screening of the third-party apps.
The latest discovery disclosed that Apple’s app store never consistently used Hypertext Transfer Protocol Secure (HTTPS) to safeguard web communications and transactions, which resulted in another big security blunder. The company has since fixed the issue.
Also, Apple was the first company to include the concept of downloading apps from an authorized App store. Even though the iPhone 5 possessed much vulnerability, nearly 200 vulnerabilities were fixed with the initial release of iOS 6, except for jailbroken phones. Other iOS vulnerabilities have enabled hackers to access iPhones physically to sidestep the users’ passcodes.
Even if the chances of Mac OS X and iOS being vulnerable to exploitation are minimal, and keeping its reputation in mind, there is a misconception about security among many Apple users who think that their systems are invincible to malware.
Additionally, Apple used Xprotect, a scanner that has a blacklisting capability built into Mac OS X to prevent weaker versions of Java from running. Consequently, Java users were forced to upgrade to patched versions, thereby preventing potential exploitation.

THE INHERENT SECURITY OF PRODUCTS
Today, there is no quantitative way to measure the security features of the dissimilar systems. Therefore, keeping the history of vulnerabilities and functionalities from a comparative perspective is the only way out. Earlier, Mac OS X systems have lagged on centralized security management features if compared to Windows PCs. Every cellphone device, including the Apple iPhone that runs on the iOS mobile operating system, lagged behind Research in Motion’s Blackberry handsets, which offered much stronger storage encryption technologies. However, Apple’s recent releases of Mac OS X and iOS have raised the standards. Changes to iOS and Mac OS X have assisted the centralized security management of Apple devices from the Mac OS X server. The company complained about the security of Mac OS X Lion v10.7, e.g., extending encryption of FileVault full disk to external hard drives, with XTS-AES 128. After the release of OS X Mountain Lion v10.8 in July 2012, Apple introduced a Gatekeeper feature for blacklisting and whitelisting applications. The tools that assist software updates in regularly checking Apple security updates became part of the Mac App Store.
REACTION TO SECURITY PROBLEMS
Apple confronted the two biggest security problems that involved Java. In 2012, the first problem occurred where Apple was providing its version of Java with Mac OS X. A set of significant vulnerabilities was discovered in Java across different platforms. For this, Apple offered its own patch rather than using the Java Security update that Oracle provides to outside vendors. However, other platforms were fixed in a few weeks; Apple almost took three months to create a Java security update on Mac OS X. During that prolonged vulnerability period, a fake Adobe Flash installer, Flashback Trojan, attempted to entrap passwords and other information. It infected Mac OS X systems, compromising more than 60,000 systems damaging Apple’s security reputation. Eventually, Apple released a security update that removed Flashback Trojan’s variant from infected Mac OS X systems. For many Apple users, Mac Flashback was a wake-up call that made clear that Apple is also prone to malware infections. Then, Apple decided to cease updating Java and rely on the version supplied by Oracle. Consequently, the fixes would be available for all the platforms when in need. Further, Apple stopped hustling Java with Mac OS x 10.7 Lion; users still have the privilege of downloading and installing Java for free. However, Apple decided to disable Java in Web browsers unless the users exclusively turned on Java. Apple got into a better position when it discovered the faults with Java in late 2012.