Apple's macOS and iOS are reportedly being targeted more by threat actors this year than last year. A new cybersecurity report found that Microsoft Office and other software are also being exploited due to their high vulnerability to cyberattacks.
The Software Vulnerability Ratings Report 2024 states that between 2022 and 2023, the exploitation rates for macOS and iOS climbed by 7% and 8%, respectively, indicating that malevolent actors are increasingly focusing on these platforms.
(Photo : Photo by PATRICK T. FALLON/AFP via Getty Images)
The exploitation rate, which is calculated as the ratio of exploited vulnerabilities to all vulnerabilities, is an indicator of the software's vulnerability to exploitation. On the other hand, the exploitation rates of desktop Windows operating systems stayed constant at 4%, demonstrating Microsoft's robust vulnerability control procedure.
Even though 29% fewer macOS vulnerabilities were found overall in 2023, 18 reported exploited vulnerabilities, which was more than a 30% increase over the previous year.
In terms of mobile OSs, iOS had an exploitation rate of 8%, which was noticeably greater than Android's 0.2%. This indicates that threat actors concentrated their efforts on exploiting iPhones, even though more vulnerabilities were disclosed for Android devices.
Out of all the mobile operating systems examined in 2021, 2022, and 2023, iOS also had the greatest number of remote code exploitation (RCE) assaults. Attackers may be able to access more potential entry points into an application with a higher RCE count. The paper's authors speculate that the impression of the valuable data stored on iPhones may be the reason for their targeted nature.
Read Also: Australian Businesses Face 'Irreversible Brand Damage' Due to Data Breaches
Apple Warns Against Spyware
The study's findings were released more than a month after the Cupertino business warned iPhone owners to be on the lookout for mercenary spyware attacks due to a recent rise in 92 countries.
Apple's alerts were striking, warning customers of attempts to infiltrate their devices with spyware. As users from India to Europe started receiving similar alerts, the scope of the problem became evident, and social media sites began to see broad alarm.
Microsoft Vulnerability
On the other hand, Microsoft Office has the greatest total number of vulnerabilities out of all office applications. Almost 80% of its vulnerabilities are classified annually as critical, with 40-50% being RCEs. Moreover, in 2023, its rate of exploitation rose by 5%.
Because office apps are user-facing and prone to human mistakes, attackers see them as easier to hack than other software. Phishing attacks can target common user actions, including clicking embedded links, enabling macros, and opening documents.
Because Microsoft Office is so widely used, trusted, and recognized by users, it offers the highest chance for an assault of this kind to be effective. According to the authors, there will likely be an increase in phishing attempts that target Microsoft Office vulnerabilities.
Microsoft Edge has the most RCE vulnerabilities over the past three years and 14 of all the major web browsers. From 2021 to 2022, the number increased by 500%; from 2022 to 2023, it increased by 17%. While only 1% of vulnerabilities in Chrome and Firefox were RCEs, they made up 10% of all disclosed vulnerabilities.
Related Article: Ransomware Attack Disrupts Operations in London Hospitals, Russian Cyber Gang Believed to Be Behind It
