Apple Security and Privacy in 2022: The Year in Review
Posted on by Kirk McElhearn and Joshua Long
There was no shortage of Apple security and privacy news in 2022. Every year, Apple touts new privacy and security features in its operating systems, and develops some of the most modern features to keep you safe. At the same time, malware evolves, new cybersecurity threats come to light, and new vulnerabilities are discovered in operating systems and apps. This cycle of new threats and new fixes repeats itself every year.
In 2022, a number of zero-day vulnerabilities led Apple to issue emergency security updates, while new features were introduced to help ensure privacy and security in macOS, iOS, and iPadOS.
Let’s take a trip down memory lane and rediscover some pivotal moments in the privacy and security of the Mac and other products in the Apple ecosystem. This article will feature an overall look at Apple security and privacy from the year 2022, including our coverage on The Mac Security Blog and the Intego Mac Podcast.
In a separate article, we dive deeper into 2022’s top 20 Mac malware threats.
The biggest stories in January were about Mac malware, so we’ll focus on those in this overview. But be sure to see our separate feature specifically about all the Mac malware of 2020.
In January, new malware called SysJoker was discovered. SysJoker is cross-platform malware that pretends to be an operating system update mechanism. In addition to being able to infect Macs, it can also infect PCs running Windows or Linux. It has been observed collecting specific information about the infected computer, such as the MAC address, user name, and IP address. Its primary goal appears to be espionage.
Read SysJoker: Cross-Platform Backdoor Malware for Mac, Windows, and Linux for more technical information about SysJoker, and listen to episode 222 of the Intego Mac Podcast, SysJoker Malware and Scams in the App Store to learn more about this malware.
SysJoker: Cross-Platform Backdoor Malware for Mac, Windows, and Linux
New details came to light in January about DazzleSpy malware (variants of which had been called MACMA and CDDS in November 2021), which has the hallmarks of a state-sponsored, cyber-espionage campaign. First discovered and analyzed by multiple malware research teams in November 2021, the malware leveraged a vulnerability that did not affect the then-current version of macOS Big Sur, but was exploitable on macOS Catalina. Google believed “this threat actor to be a well-resourced group, likely state backed, with access to their own software engineering team based on the quality of the payload code.” Read more about DazzleSpy, with a lot of technical detail, in DazzleSpy Mac Malware Used in Targeted Attacks.
In February, a zero-day vulnerability, that was being actively exploited, led to an uncommon warning from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to order federal agencies to patch their affected systems no later than February 25. Apple published little information about this vulnerability, and updates to all of the company’s operating systems were issued. See Apple fixes active zero-day vuln with macOS 12.2.1, iOS 15.3.1, Safari 15.3 for more.
On February 14, Apple released security updates for macOS Big Sur and macOS Catalina. But strangely, Apple did not provide a single detail about which security issues were addressed in the updates. Apple stated that “This update has no published CVE entries” for both updates, which is the first time we have ever seen this for a security update. Vulnerabilities generally have CVE numbers assigned to them to help researchers identify whether the same security issue affects multiple products. Read Apple releases mystery security updates for macOS Big Sur, Catalina for more on these updates.
Apple releases mystery security updates for macOS Big Sur, Catalina
A vulnerability in Apple’s T2 security chip was discovered, which allowed brute-force attacks to crack passwords and bypass File Vault disk encryption. Should you worry? We discussed this in episode 228 of the Intego Mac Podcast, Apple T2 Security Vulnerability, New Gmail Spam Rules, and How Thread Makes Your Home Smarter.
Apple has a confusing policy about issuing security updates for its operating systems. On March 31, Apple patched two “actively exploited” security vulnerabilities for macOS Monterey. However, the company did not release updates for the two previous operating systems, macOS Big Sur and macOS Catalina. This meant that an estimated 35–40% of all supported Macs were at risk from actively exploited vulnerabilities. Apple eventually released patches for these operating systems, six and a half weeks later. See Apple Neglects to Patch Two Zero-Day, Wild Vulnerabilities for macOS Big Sur, Catalina, and listen to episode 234 of the Intego Mac Podcast, Apple’s Security Approach Endangers Users of macOS Big Sur & Catalina.
Apple Neglects to Patch Two Zero-Day, Wild Vulnerabilities for macOS Big Sur, Catalina
At the end of April, we took a look back at the first year of Apple’s AirTags. These devices are great to find your keys, but they have been used by stalkers and abusers, and have been used to help steal cars. Apple made some changes in the way alerts work, and released an Android app to detect AirTags. Read Apple’s AirTags: One Year On, and listen to episode 238 of the Intego Mac Podcast, Apple AirTags: One Year On.
Apple released an ad called Ellie’s Data Auction, showing how personal data is collected and sold by apps, and how Apple’s privacy features can help keep users’ data private. We discussed this in episode 241 of the Intego Mac Podcast, Ellie’s Data Auction.
At the annual Worldwide Developer Conference in June, Apple introduced the operating systems that would be released in the fall. We gave an overview of these new operating systems in Apple Presents macOS Ventura, iOS 16, iPadOS 16, and New Macs.
The announcement of these new operating systems included lists of which devices would be able to run them. Apple dropped a lot of older devices from their compatibility lists, which means that people using older devices, especially Macs, will no longer get security updates. See Apple’s Planned Obsolescence: iOS 16, macOS Ventura Drop Support for Many Models for more on this issue.
Apple’s Planned Obsolescence: iOS 16, macOS Ventura Drop Support for Many Models
One of the more interesting new security features, available for Mac, iPhone, and iPad, is Lockdown Mode, which enables the most robust security features, but with some limitations. We discussed what Apple pre-announced about this feature in episode 248 of the Intego Mac Podcast, Lockdown Mode.
In August, Apple released updates for the current versions of macOS, iOS, and iPadOS to fix two “actively exploited” vulnerabilities. While they didn’t issue security updates for macOS Big Sur or macOS Catalina, the two previous versions of macOS, they released Safari 15.6.1 for Big Sur and Catalina to address one of the two vulnerabilities. See Apple Patches Two Actively Exploited Vulns in Monterey 12.5.1, iOS and iPadOS 15.6.1.
Since the early days of the iPhone, when your data was only protected by a passcode — and only a four-digit passcode at that — Apple has progressed with two biometric authentication systems: Touch ID and Face ID. We took a look at all three ways of protecting mobile devices in Which Is More Secure: Face ID, Touch ID, or a Passcode?. We looked at the pros and cons of each, and you may be surprised to find out which is the most secure.
On the last day of August, Apple released updates for older iPhones, iPads, and iPods touch, to fix the actively exploited vulnerability patched for current operating systems earlier in the month. See Apple Releases iOS 12.5.6 for Old iPhone, iPad, iPod touch Models to Fix Actively Exploited Vulnerability.
In September, Apple started releasing its new operating systems. iOS 16 was released on September 12, iPadOS 16 on October 24, and macOS Ventura on October 24. We took a look at the New Security and Privacy Features in macOS Ventura, iOS 16, and iPadOS 16.
New Security and Privacy Features in macOS Ventura, iOS 16, and iPadOS 16
Also on September 12, Apple released security fixes for older operating system to patch zero-day vulnerabilities. See Apple releases macOS Monterey 12.6, iOS 15.7, and more; fixes zero-day vulns.
One of the new ways to try to scam people is to set up web pages that look like Apple App Store pages. We took a look at this trend in Fake App Store pages are the new fake Flash Player alerts.
When domain names expire, anyone can take them over and pretend to be a person or company in order to trick you. Old email addresses can be even more dangerous; if someone gets a hold of a company’s expired domain, they can potentially use its addresses to access accounts of former employees. We discussed this on episode 259 of the Intego Mac Podcast, The Dangers of Expired Domains and Old Email Addresses.
One airline, Lufthansa, said they were banning AirTags on flights. But it wasn’t that simple; we looked into this story and got to the bottom of it. See Are airlines banning Apple AirTags? Here’s the complete story.
Are airlines banning Apple AirTags? Here’s the complete story
In October, researchers discovered a new malware attack framework known as Alchimist. Threat actors use Alchimist to infect and remotely control macOS, Linux, and Windows computers. It is likely to have been used in the wild. Read Malware Attack Framework “Alchimist” Designed to Exploit Macs.
Near the end of October, a security researcher published details about SiriSpy (aka CVE-2022-32946), an iOS bug that had allowed apps to eavesdrop on users’ conversations with Siri. It took Apple two months to release a fix for the issue; the vulnerability was finally addressed in iOS 16.1.
After Elon Musk purchased Twitter, he planned to offer the “blue check” that indicates which accounts are verified, for $8 a month. The problem with this is that any user could look like they were verified, and easily impersonate anyone. This happened very quickly, with many accounts impersonating Elon Musk himself. Intego’s experts warned about the potential dangers of this approach in episode 264 of the Intego Mac Podcast, The Dangers of Verified Accounts on Social Networks. We followed up about some of the fallout of the paid-verification badge debacle in episode 266, Twitter, AirDrop, and Continuity Camera.
With some Twitter users deciding to delete their accounts, including a prominent Apple executive, this raised potential concerns about Twitter’s policy of allowing usernames to be re-registered by anyone else after a grace period. This could allow malicious parties to impersonate the person who previously managed the account. We published guidance on safely deactivating a Twitter account, as well as potential security and privacy issues surrounding the newly popular Mastodon social network; see Mastodon Safety: How To Protect Against Security and Privacy Risks.
Mastodon Safety: How To Protect Against Security and Privacy Risks
Apple’s new Lockdown Mode provides extreme security and privacy on the iPhone, iPad, and Mac. After the feature had been available for a couple of months — and Intego’s Chief Security Analyst, Josh Long, had been using it during that time — we dove deeper into how it works, and the downsides of using this feature, on episode 265 of the Intego Mac Podcast: Extreme Security and Privacy on the iPhone.
In early December, Apple announced three forthcoming security and privacy enhancements: iMessage Contact Key Verification, support for security keys, and Advanced Data Protection.
The first, iMessage Contact Key Verification, will arrive sometime in 2023. Apple claims that users of the new feature will “receive automatic alerts if an exceptionally advanced adversary… were ever to succeed breaching cloud servers and inserting their own device to eavesdrop on these encrypted communications.” While Apple offers a screenshot of a hypothetical example where the alert “⚠️ An unrecognized device may have been added to Jenny’s account” appears at the bottom of an iMessage chat screen, it isn’t yet clear how exactly the feature will work.
Second, Apple says that in early 2023 it will begin to allow physical security keys, which can either connect directly to an Apple device or use near-field communications (NFC) technology, as a second-factor method for signing into iCloud with an Apple ID.
Finally, the most anticipated feature, Advanced Data Protection for iCloud, officially launched in the U.S. just under a week after Apple’s announcement. The feature allows for more advanced encryption to be enabled account-wide for iCloud users, including true end-to-end encrypted iCloud backups for iMessage chats that even Apple cannot access. It can only be enabled if all devices signed into the user’s Apple ID are running iOS or iPadOS 16.2 or later, or macOS Ventura 13.1 or later. Apple says that the feature will begin to be available “to the rest of the world in early 2023.”
For more details on all three features, see our article Apple’s Advanced Data Protection and Other Features Harden Security. You can also listen to our discussion on Intego Mac Podcast episode 270, Apple’s Advanced Data Protection.
Apple’s Advanced Data Protection and Other Features Harden Security
How can I learn more?
Don’t miss our companion article with a deep dive into all the notable Mac malware of 2022!
Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, including security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes.
You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: