Apple has protected against seven zero-day attacks this year

Apple is seeing rapid growth in enterprise markets, and in the wake of the Crowdstrike disaster and Microsoft’s forced Windows 11 upgrades, there’s no good reason for that trend to end. It’s no wonder its platforms have become such a big target for organized crime — meaning constant security vigilance is necessary for every user as the scale of attacks intensifies.

That doesn’t mean Apple’s products are insecure; they’re not. But no platform is completely secure, and as more enterprise data is held on those platforms it becomes increasingly essential to ensure you have the correct security stance in place.

How much is too much?

Apple’s highly-skilled security teams are the first line of platform defense to protect system integrity, and they know how constant the attempts against its platforms have become. We don’t know how constant, but only this week we’ve heard of two relatively serious security warnings, including the seventh zero-day attack this year.

• CrowdStrike (remember it?) recently warned of a spike in exploits targeting Macs on the part of a bunch of cybercriminals known as Cookie Spider. These attacks use malware infested advertising to trick people into visiting fraudulent help websites where they are fooled into executing malicious commands that steal their data.
• The second, perhaps more disturbing, zero-day exploit is one that has been actively exploited in “extremely sophisticated” attacks against “specific targeted individuals.” That strongly suggests it to have been used in a sophisticated spyware campaign. Known as CVE-2025-43300, it enables attackers to compromise Apple device security just by getting the user to open a malicious image file. How severe is this exploit? Very. The Cybersecurity and Infrastructure Security Agency (CISA) has given this vulnerability a severity rating of 8.8 out of 10.
• One reason the latter attack exploits malicious images is because Apple has made it much harder to use more conventional link-based attacks. These barriers are far from being complete — Apple has now patched a total of seven zero-day attacks this year — and it’s only August.

In discussing this, Adam Boynton, senior security strategy manager at Jamf, suggested the zero-day attack might have been used by one of the surveillance mercenaries. “While Apple has not confirmed whether this specific flaw was linked to spyware, similar vulnerabilities in ImageIO and WebKit have previously been used in Pegasus campaigns,” he said. 

Surveillance-as-a-service

Pegasus is just one of a hungry horde of amoral, zero-day spyware attacks to be sold for profit by surveillance-as-a-service firms, many of which seem to emanate from Israel.

“This is a zero-click exploit that requires no user interaction, and can be triggered simply by processing a maliciously crafted image file, which could be delivered through various channels including messages, emails, or web content,” according to Qualys security research manager Mayuresh Dani.

Developing such attacks is very costly, which suggests the level of resources being thrown into breaking Apple device security. (It’s worth noting that these are the kinds of resources that would also be used to identify and exploit any security backdoors put in place at an operating system level in the event authoritarian surveillance-loving governments get their way.)

That cost certainly doesn’t seem to be a massive turn-off to the highly sophisticated and well-resourced companies profiting from the delivery of digital chaos. Many of these firms, such as NSO Group, have faced international sanctions and lawsuits, which doesn’t seem to have stopped them at all. Meanwhile, many of the exploits they create are sold to repressive governments that use them against journalists, dissidents, political rivals and others. Beyond that, older, patched exploits have reportedly been traded on the dark web, meaning these dangerous attacks can proliferate.

The danger of such attacks should be top of mind for any prominent business executive, as enterprises can be targets, too — particularly as corporate execs jet around the world. Travelers should now carry burner phones with only limited access to important corporate (or personal) data.

Don’t be paranoid, but be aware

The growing sophistication and frequency of attacks reflect Apple’s growing ecosystem but underline the obvious need to maintain a robust security posture. That includes keeping all your devices updated with the latest security patches and ensuring that all the systems you do use are running — or capable of running — the latest security updates.

While Apple is evolving, attackers are evolving in tandem. Are all your systems updated with the latest security patches? 

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.