How macOS leaves users vulnerable, and unaware of their vulnerability

It isn’t the first time that a Mac user has asked me a simple question, only to discover that, while they thought their Mac was fully protected against malicious software, because of shortcomings in macOS, their Mac has been vulnerable all the time. The reason, as always, is because macOS is so secretive about its protection that the user doesn’t know when it has failed.

Small slip

This particular user, I’ll call him John, posed a common problem. Although he’s diligent about not opening suspicious emails, when trying to open an innocent message, he inadvertently opened something that looked more unpleasant in intent. It had an attachment which made him wonder if he had perhaps run the risk of malware being installed.

As he was running Monterey 12.4 at the time, my immediate suggestion was for him to check the results from his XProtect Remediator scans. If they didn’t detect any malware, then he’d be more than half way to knowing that what he’d done hadn’t caused something to regret. I also suggested that he looked at a third-party anti-malware product for a second opinion. Sadly, he wasn’t able to identify a suitable product to perform a one-off scan for malicious software without starting to pay for it by subscription, so his only check is that from XProtect Remediator.

macOS protection?

As XProtect Remediator in current macOS only reports its scans in the log, he downloaded and ran my free utility XProCheck to view its scan reports. These were completely unhelpful, consisting only of entries containing
and nothing else. I encouraged him to install the waiting update to macOS 12.5.1, but that didn’t help. Whatever XProtect Remediator was doing, it wasn’t prepared to let anyone else know.

It was then that I got him to check the version of XProtect Remediator installed on his Mac, which turned out to be 62, pushed by Apple on 17 June, and subsequently updated six times to reach the current version 72. Somehow, though, Software Update had failed to install any of those six updates, and not even bothered to inform John.

John had his little misadventure on 4 September. It wasn’t until a week later that he was able to use third-party software to download and install the latest security data updates, and provide his Mac with the full protection that he had been expecting all the time.

In John’s case, this doesn’t appear to be the result of the known and reported bug in installing security data updates through a local Content Caching server. Unravelling just what went wrong with Software Update is unlikely to prove possible, as is often the case.

Vulnerability of secrecy

John’s problems wouldn’t have happened if macOS had alerted him to the fact that its security protection was so badly out of date. He would have taken whatever action was necessary to download and install the current version of XProtect Remediator, and after his small slip could have had immediate confidence that he hadn’t installed malware.

But being one of the tens of millions of ordinary users of macOS:

  • he didn’t know that macOS had new protection that regularly scans for known malware and can remove it;
  • he hadn’t been informed that his Mac’s security software was woefully out of date;
  • he hadn’t been informed that there were security updates waiting to be installed.

We all like systems that don’t trouble us with unnecessary alerts or notifications, but when they’re so secretive that ordinary users don’t know that macOS security protection isn’t working, they’re a vulnerability in themselves. If this article does nothing else, please take the opportunity to check that your Macs are fully up to date and that their protection is functioning properly. Although that’s far from simple in macOS, you’ll find third-party tools like my own SilentKnight, silnite and XProCheck a good start. And they’re completely free to use, and have no annoying habits.

I’d like to acknowledge the advice of others who helped me sort John’s problem out.