Apple is using the growing threat of malware on its Mac platform as a defense in a lawsuit that could force the company to open up new channels of applications for its mobile iOS platform.
In testimony in a California court Wednesday, Apple head of software engineering, Craig Federighi called the level of malware threat against the Mac platform one that the company finds “unacceptable” and continue to defend against with restrictive application-distribution platforms, according to a published report on CNET.
Federighi’s comments were made as Apple executives begin testifying in a court case (PDF) Epic Games—the maker of the hugely popular Fortnite—have brought against the tech giant for what Epic views as restrictive policies on the iOS App Store. Proceedings in the case began earlier this month in the United States District Court, Northern District of California, and top Apple executives were testifying to defend their side this week.
Throwing the security of its own platform under the bus is an about-face for Apple, which for years boasted about the security of Mac over rival Windows platform. The company even began running a popular comedic television advertising campaign illustrating this point of difference starting in 2006.
For years, it was certainly true that PCs suffered the bulk of the malware woes while the Mac platform remained a more secure option, largely due to its proprietary nature. While all of the software on an Apple machine was more or less vetted by Apple and could only be used on computers sold by the company, the use of Windows on different hardware platforms—and its general ubiquity as a PC platform—made it a more open playing field for attackers.
But now the malware threat landscape has changed—particularly with the explosion of the iPhone, iPad and mobile devices in general–and Apple is now under attack, Federighi said. This is why security remains a primary focus for Apple and why it should be able to continue its strict management of the software available via the App Store—including policies that are at the center of the Epic lawsuit, he testified.
“It’s an endless game of whack-a-mole,” Federighi said of the Apple malware problem, according to the report. He said Apple’s closed approach to the App Store is key to protecting the security of the massive iPhone user base, which numbers more than 1 billion.
“It’s an attractive target,” he said, according to the report, also noting that cameras, microphones, location data and two-factor authentication are standard technology for the modern smartphone. “All of these things make access or control of these devices potentially incredibly valuable to an attacker.”
Indeed, attackers certainly have been finding ways to exploit both Mac and iOS platforms in unprecedented ways in recent years, with the company patching vulnerabilities and making security fixes as quickly as they can find them.
Earlier this month, Apple released a quartet of unscheduled updates for iOS, macOS, and watchOS, to slap security patches on flaws in its WebKit browser engine. A week before that, Apple patched a zero-day vulnerability in its MacOS that can bypass critical anti-malware capabilities and which a variant of the notorious Mac threat Shlayer adware dropper already had been exploiting for several months.
Indeed, 2021 has been a less-than stellar year so far for Apple security. The company kicked off the year by removing a contentious macOS feature that allowed some Apple apps to bypass content filters, VPNs and third-party firewalls. They quickly followed that up with an emergency update to patch three zero-day vulnerabilities discovered in iOS after a major software update in November of last year already fixed three that were being actively exploited.
Prior to that, 2020 also saw a flurry of Apple patches for zero-day flaws on iOS, including two that had apparently been abused for years before discovery.
Epic’s Case Against Apple
All of this now could be used as leverage in Apple’s defense of Epic’s suit against the company, which alleges violations of antitrust laws through its Apple App Store policies on iOS devices, according to the California court’s website for keeping up with the proceedings.
Fortnite’s creators also brought a similar suit against Google after Fortnite was kicked off both the App Store and the Google Play Store for trying to bypass 30 percent developer fees each takes from developers of apps to sell on each respective market.
Apple’s counter claim against Epic in the suit is that the breached its developer agreements and App Store guidelines by introducing a direct pay option for Fortnite on iOS devices to bypass the fees.
Now it’s up to the court to decide whether Apple should be allowed to maintain its practice of permitting apps to only be installed on its devices through its own proprietary App Store, and whether these developer fees can be maintained. The trial continues this week.
Download our exclusive FREE Threatpost Insider eBook, “2021: The Evolution of Ransomware,” to help hone your cyber-defense strategies against this growing scourge. We go beyond the status quo to uncover what’s next for ransomware and the related emerging risks. Get the whole story and DOWNLOAD the eBook now – on us!