Mac malware: Federighi fesses up (video)

“It’s an endless game of whack-a-mole.” — Apple Software Engineering SVP Craig Federighi

From CNET’s “Apple cites ‘significant’ malware on Mac while defending iOS App Store in Fortnite trial” posted Wednesday:

As Apple has notched the most successful sales of Mac computers in history, its head of software engineering, Craig Federighi, says attacks have risen as well. “Today, we have a level of malware on the Mac that we don’t find acceptable,” he said Wednesday during testimony defending Apple in a lawsuit with Fortnite maker Epic Games in a California court.

Each week, Apple identifies a couple pieces of malware on its own or with help of third parties, Federighi added, and it uses built-in systems to automatically remove them from customers’ computers. But still, the malware can infect hundreds of thousands of computers before Apple stamps it out. Since last May, Federighi said, there have been 130 types of Mac malware, and one of them alone infected 300,000 systems.

Federighi said he believes Macs are still more secure than PCs, but he made clear that the Mac’s facing a “significantly larger malware problem” than are iPhones, iPads and Apple’s other devices. “It’s an endless game of whack-a-mole.”

Apple’s choice to essentially attack the security of its own software may seem shocking after the company spent years criticizing competing PCs as insecure.

My take: How times have changed. In its 2020 State of Malware Report, Malwarebytes counted 30 million pieces of dangerous Mac adware compared with 24 million on Windows. As many have noted, the joke at the heart of the classic Mac vs. PC viruses ad no longer applies. Cue the video:

Federighi’s confession, of course, has a strategic purpose. In the context of the Epic trial, it’s to underscore the need to maintain tight control over the App Store. As a friend of the blog put it:

“It’s a dangerous world out there, you need a trusted gatekeeper…”

But I can’t help noticing that it’s only when Apple needs to contrast the new with the old that its executive’s are willing to talk about the old’s shortcomings.


  1. David Emery said:
    I have zero confidence in Malwarebytes reports. What really counts is ‘infection in the field,’ and Macs are still a lot better than Windows. What bothers me in particular is the ability of malware to spread (like a virulent Covid strain) across Windows boxes once an organization gets infected.

    But I agree with Federighi, Mac OS needs to do better. That doesn’t mean I want Mac OS locked down. What it means is “zero vulnerabilities and bugs.”

    May 20, 2021
    • Fred Stein said:
      Thanks David, I upvoted.

      I tried to read and make sense of the MalwareBytes report and could not. More specifically, I could not get an idea how many Macs or PCs attacks result in successful ransomware, data theft etc.

      That said, adware is on the rise, and disturbing.

      May 20, 2021
  2. Gregg Thurman said:
    Last I read (about 10 years back) MacOS has 15 million lines of code, while Windows has 50 million line of code. Just by sheer size, and the utter lack thought given to security holes in the early days preceding the internet, Windows has many orders of magnitude more vulnerability than the Mac.

    Then throw in Mac’s origins, BSD Unix, a robust modern OS designed from the outset to be networked AND secure, and Macs (despite today’s whack-a-mole environment) is far more secure than Windows.

    May 20, 2021
    • Hugh Lovell said:
      The analogy I often used when talking to customers in the store, was that MSDOS was built on sand, while macOS was built on rock.

      May 20, 2021
      • David Emery said:
        The problem is that Microsoft has taught most people that software is inherently buggy. Apple’s not perfect, but people are now understanding that not all software is created equal (equally crappy!)

        May 20, 2021

Leave a Reply