Security 360 spotlight: Back to basics

What are the security trends for Apple and mobiledevices in 2025?

Jamf prevents malware, mitigates vulnerabilities and protects against social engineering campaigns on Mac and mobile devices.

Introduction

Jamf’s Security 360 report 2025 analyzes global data from 1.4 million devices to reveal key macOS security and mobile device threats. The report highlights malware, vulnerabilities and social engineering as active attack vectors targeting Mac and mobile devices. It features expert insights from Jamf’s CISO and emphasizes steps IT and security leaders can take to reduce risk, including zero-trust frameworks, user training and adopting Apple’s best practices.

Key cyberthreat trends impacting Apple devices

• Malware introduces cross-platform risks
• A single vulnerability can help attackers gain systemwide access
• Social engineering continues to compromise users
• Unvetted apps pose risk from bypassing security protections
• Targeted attacks put mobile devices at risk

Security and privacy are key tentpoles to Apple’s design for both its hardware and software. Built-in controls, like XProtect (malware prevention), Notarization (code signing) and Gatekeeper (app verification) keep devices protected from known threats. However, as threat tactics evolve, organizations need to look at layering security tools to protect against the growing wave of sophisticated threats targeting macOS and mobile environments. Threats like AI-based malware, targeting vulnerable apps and in-network attacks, such as zero-day phishing URLs require additional controls to mitigate risk and harden attack surfaces.

Top 3 threats to Mac in 2025

Jamf’s latest findings reveal that macOS environments face growing threats from credential-stealing malware, unpatched vulnerabilities and increasingly sophisticated phishing campaigns.

Infostealers malware

“The top spot this year goes to infostealers. In fact, infostealers saw a 28.08% increase of the overall malware studied.”

Features commonly associated with infostealers are:

• Harvests user credentials through deceptive password prompts

• Executes arbitrary AppleScript payloads from attacker server

• Extracts saved credentials from the macOS Keychain

• Scans filesystems to steal cryptocurrency assets

Vulnerable software

“32% of organizations operate at least one device with critical (and patchable_ vulnerabilities.”

Recent, notable vulnerabilities include:

• TCC bypass allowed an application to access private information without the user’s consent or knowledge
• Led to the execution of an unsigned and unnotarized application without displaying Gatekeeper prompts
• Password autofill fills in passwords after failing to authenticate successfully, granting access to protected content

Zero-day phishing

“1 in 10 users clicked on a malicious phishing link.”

• Attackers regularly employ new domains to carry out phishing attacks that have not yet been identified as malicious
• Sophisticated campaigns target users and organizations alike through multiple avenues, like social media – not just email or text messages
• Top 20 brands used in phishing campaigns targeting users include entertainment, business, utilities and personal categories

Top 3 threats to Mobile in 2025

Jamf’s latest findings reveal that mobile devices are increasingly targeted through sophisticated phishing, app risk and targeted attacks aimed at data-rich, high-profile individuals.

Mobile phishing

“25% of organizations were impacted by a social engineering attack.”

• Attacks increasing in scope, from smishing (text) to quishing (QR code), social media to phony websites
• Increased reliance on mobile in industries like retail, healthcare, manufacturing and aviation make them attractive targets for threat actors
• Popular brands are used to exploit end-user trust on mobile devices includes, financial institutions, ISPs, retail sites and business software/services

App risk

“55.1% of mobile devices used at work are running a vulnerable OS.”

• Proof of concept (PoC) discovered how security researchers maintain persistence on iOS-based mobile device
• Risky app attributes include malicious code patterns, dangerous permissions or dynamic behaviors
• Side-loading apps or unsanctioned app stores introduces risks to security and user privacy through “modified, yet perfectly functional” code

Targeted attacks

“Apple sent notifications this week to several people who the company believes were targeted with government spyware.”

• Demonstrations show attackers gaining access to email, corporate messaging, MFA and personal data
• Mercenary spyware attacks target high-profile individuals like journalists, executives, politicians and diplomats
• Attacks originating from nation-states or specialty groups are becoming more common and leveraging advanced persistent threats (APTs)

Defense for IT and Security teams

To safeguard the enterprise, IT and Security teams must curate trusted apps, harden endpoints and monitor device health to reduce vulnerabilities and prevent malicious code from running. Applying consistent protections across platforms and educating users on evolving attack methods ensures a resilient and compliant security posture.

App management

Continually vet applications and establish an enterprise app store for a centralized, curated user experience that ensures apps are safe from threats and meet organizational and regulatory requirements.

Endpoint hardening

Regularly update operating systems, apps and services. Furthermore, limit the attack surface by disabling unnecessary controls, helping organizations remain compliant with baseline security postures.

Active monitoring

Collect and analyze telemetry that provides insight into endpoint health statuses, while identifying and reporting on threats. Gaining real-time visibility aids teams in reducing the impact of malicious threats through proactive response.

Security parity

Implement a defense-in-depth security strategy that treats mobile like any other device. Enterprises ensure technical and administrative controls monitors, mitigates and remediates threats discovered on all platforms equitably and holistically across the infrastructure.

Awareness training

Implement an ongoing training program that keeps pace with trends and tactics used by attackers, including adaptive training that personalizes phishing simulations based on user roles, behaviors and risk appetite.

Conclusion

Jamf Security 360 provides enterprises with a unified view of the threat landscape across Mac and mobile, helping IT and Security teams proactively identify and mitigate risks. By combining expert insights with real-world data, the report empowers organizations to strengthen defenses, close security gaps and stay resilient against today’s most advanced attacks.