macOS security: the ultimate guide

In this series of articles, Jamf uncovers the seedy underbelly of Mac and iOS-based security threats in an effort to provide clear guidance on how to best protect your desktop and mobile device endpoints through a combination of information and best practices regarding Apple security basics for users new to the platform all the way to those that are tasked with shoring up the security of data and protecting end-user privacy.

March 15 2023 by

Jesus Vigo

King chess piece standing victorious over all other pieces.

By limiting the ambiguity that sometimes exists between technologies that are somewhat similar but just unique enough in their approach, design and/or implementation to make them unique, the mysticism will be (hopefully) peeled back enough to permit users and administrators alike to utilize the resource to their benefit.

Apple products, like the ones that rely on macOS and iOS to drive the hardware, empower users to reach their maximum potential when being productive at work or school, or generally creating new content. And while Apple has arguably placed security and privacy at the forefront of all its software and hardware endeavors, the knowledge of the underlying concepts that go into actively enabling and securing data and end-user privacy is not always fully understood by those that use the devices – or those tasked with comprehensively implementing and managing data security protections.

To address this gap in Mac-based security knowledge, Jamf has not only identified the needs present based on user feedback, industry trends and the modern threat landscape, but has paired this with the knowledge base necessary to successfully identify and understand Apple-centric security threats, and also provide the knowledge needed to actively protect against common (and uncommon) threats as the threat landscape evolves to include new attack vectors and campaigns carried out by bad actors to exploit and compromise your fleet of desktop and mobile computing devices.

Armed with this knowledge, users and administrators will not only understand what the state of security is on Apple endpoints but also be able to make that information actionable, helping to limit the attack surface by utilizing configuration profiles to harden devices, secure networking communications over untrusted networks and by leveraging the best-of-breed security solutions to stomp out attacks that seek to:

  • exfiltrate critical data
  • breach business networks
  • steal sensitive privacy information
  • impact device performance and productivity

macOS Security Basics

To be mindful of the various levels of understanding between users that are relatively new to Apple and more experienced Mac administrators, this blog will serve as a landing page or index that connects readers to the information they are looking for. Links presented here will be broken down into sections with a brief summary of what each section covers to make this process more organized while making it easier to find what you’re specifically looking for – when you need fast access to it.

The one about Macs (not) being the safest OS

A persistent Mac misconception that still exists in the minds of some Apple users goes back several decades. Despite built-in protection tools and security-forward design, no system is infallible and here we discuss three categories regarding macOS security that may lead to a false sense of protection for end users:

  • Macs get attacked less than other OSs
  • Built-in security tools are enough
  • Common threats are always stopped

The one where Mac is inherently safer (because it doesn’t require frequent updates)

Jamf shines a light on macOS security, more specifically, patching macOS and the incorrect belief that Apple devices, et al, don’t need updates because they’re designed to be inherently safe. Not only has this been dispelled, but we explain why it simply does not fit in with the modern-day computing environment or the evolving threat landscape.

The one about being the best (VPN vs ZTNA)

If this were a martial arts film, this rivalry would be akin to the Shaolin and Wu-Tang for Kung-Fu supremacy. Only in this case, the battle pits VPN and ZTNA to determine which of the technologies is best suited for securing endpoints, users and network connections against cyber security attacks.

(Spoiler alert: unlike the film, it’s not the Qing Lord, but rather bad actors looking to compromise your devices and steal your data that are the true threat!

The one about a Phishing trip

Not just a popular tactic that threat actors commonly rely on to compromise devices, laterally move throughout networks and exfiltrate sensitive data, but one that can bypass nearly any security control or mitigation strategy. In fact, regardless of your level of cybersecurity knowledge or years of experience, phishing attacks still pose a significant threat.

When combined with the minimal resources or setup required by attackers with the huge success factor to yield significant payoff, well, it’s no wonder that this social engineering tactic remains the de facto “go to” attack type preferred by threat actors.

The one where everyone read your data because it wasn’t encrypted

No longer the stuff of spy novels or for keeping military secrets safe, encrypting data is a fundamental security control that is built-in into every version of macOS (and iOS) that serves a singular purpose: keeping unauthorized users from accessing your personal, corporate and end-user privacy data whenever you’re not logged in to your computer or away from your mobile device. And while encryption in general can mean many things to many people, the straightforward process and ease of use with which Apple makes enabling this security control a “no-brainer” for all usage cases.

The one about Macs (Not) getting Malware

Macs don’t get viruses.


Welcome to another grave misconception that was never quite accurate, but nonetheless continues to permeate into Apple security conversations somehow. Let this blog debunk the myth by providing clear, concise, accurate and up-to-date information on common security practices that can be used to better secure your endpoints against macOS malware, keeping your sensitive data and user privacy protected.

Back to Security Basics

Just like the ‘macOS Security Basics’ section above, blogs indexed in this portion provide a similar breakdown of information security best practices, alongside a brief history of the types of attacks under each category, what to look out for and tips on how to best mitigate or avoid them altogether. The key difference? Entries in this section skew toward mobile device users and best practices to keep your data safeguarded when using your smartphones and tablets.


Chances are the average user doesn’t have the same level of security defenses on their mobile devices as they do on the laptop or computer they use for work. And yet, ironically enough users spend almost half the time on the former as they do on the latter. That’s why it’s critical that all the devices we use – regardless of form factor – have all the protection possible to ensure they’re safeguarded against cyber threats.

This article focuses on phishing attacks, including:

  • how to recognize if you’ve been phished
  • how it happens
  • and what to do about it


Like the phishing article above, chances are great that your mobile device doesn’t share parity with the types of robust security defenses in use on your work laptop or desktop computer. In fact, the average user may not even be aware if they download malicious software to their device or have executed risky code or apps…but Jamf is here to help as always!

This article focuses on malware’s impact on mobile devices, and more specifically:

  • how to recognize if your mobile device is infected
  • how it can happen and where it’s most likely to happen
  • what to do next to get rid of the infection
  • what steps to take to mitigate future threats

Looking for the infosec equivalent of the “One ring to rule them all” defense-in-depth security strategy?

Review Jamf’s macOS Security Checklist to identify if you’re properly layering defenses to capture and filter out threats and attacks effectively.

Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.