Jamf Security 360: Why Your Mac Fleet Is More Vulnerable Than You Think

The "Macs Don't Get Malware" Myth Is Dead

If you're still telling your board that Macs are inherently more secure than Windows PCs, Jamf's latest Security 360 report has some uncomfortable news.

The numbers don't lie. And for mid-market IT teams managing mixed fleets, the reality is stark: Apple endpoints are now prime targets, and most organisations have no idea how exposed they really are.

What Jamf Found (And Why It Matters)

Jamf analysed data from 1.4 million Macs across 90 countries over the past 12 months. The findings demolish the old assumption that Apple's built-in security is enough.

50% of Mac Malware Are Now Trojans

Trojans have exploded from 16.6% of detections in 2024 to 50.3% today — a surge of over 33% in just one year. Trojans have officially overtaken infostealers as the dominant malware type on macOS.

Why the shift? As Mac adoption in enterprise has grown, attackers have followed the user base. Trojans are particularly dangerous because they disguise themselves as legitimate software — a fake productivity app, a dodgy browser extension, a pirated tool downloaded from an unofficial source. Once inside, they open backdoors, exfiltrate data, and drop additional payloads.

For IT teams: Your users aren't getting hit by sophisticated zero-days. They're being tricked into installing malware that looks legitimate. That means user education and application control are more critical than ever.

44% of Devices Had Malicious Network Traffic

Nearly half of all Macs in the study showed signs of communicating with known malicious infrastructure. That doesn't mean 44% were fully compromised — but it does mean something on those machines was talking to threat actors.

For IT teams: If you're not monitoring outbound network traffic from Mac endpoints, you're flying blind. DNS filtering, firewall logs, and EDR network telemetry aren't optional anymore — even for Apple devices.

41% Run Critically Out-of-Date Operating Systems

Over two in five Macs are running macOS versions with known, patchable vulnerabilities. This is a management problem, not a technology problem. Apple patches quickly. The devices aren't updating because:

• Users are deferring updates
• MDM policies aren't enforcing them
• Legacy apps are blocking upgrades
• Devices are off the network for long periods

For IT teams: An unpatched Mac is as vulnerable as an unpatched Windows machine. If your patch cycle is quarterly (or worse), you're leaving endpoints exposed to N-day exploits that attackers are actively weaponising.

73% Have At Least One Vulnerable App Installed

Three-quarters of Macs in the study had at least one application with a known vulnerability. This isn't about obscure software — it's the apps your users install every day: browsers, PDF tools, media players, messaging apps.

For IT teams: Application whitelisting and vulnerability scanning aren't just for Windows anymore. You need visibility into what's installed on every Mac, and you need a process to remove or update vulnerable software quickly.

Why Mid-Market IT Teams Are Especially at Risk

Enterprise organisations with dedicated Mac teams and Apple-focused security tools are adapting. But mid-market IT departments — where one person manages Windows, Mac, cloud, network, and everything else — are struggling.

Here's why:

1. The "Set and Forget" Trap Many organisations bought Macs, enrolled them in a basic MDM, and assumed Apple would handle the rest. The Jamf data proves that's not enough. Trojans bypass Gatekeeper. XProtect doesn't catch everything. And MDM without security policies is just remote management, not protection.

2. Mixed Fleet Blindness When your primary EDR focuses on Windows and treats Mac as an afterthought, you miss threats. When your vulnerability scanner doesn't support macOS app detection, you have a 73% blind spot. When your SOC analysts don't know how to read Mac logs, incidents go undetected.

3. The BYOD Problem In the mid-market, personal Macs accessing corporate data via OneDrive, Slack, and web apps is common. These devices aren't enrolled in MDM, aren't patched, and run whatever software the user installs. Jamf's data suggests many of these are compromised and nobody knows.

What You Can Do (Without Buying More Tools)

You don't need a dedicated Apple security stack to close these gaps. Here's a practical roadmap:

1. Audit Your Mac Fleet (This Week)

• How many Macs are in your environment? (Include BYOD if they access corporate data)
• What macOS versions are they running?
• What MDM policies are actually enforced?
• What's your patch cycle for macOS and third-party apps?

2. Harden Your MDM Policies (This Month)

• Enforce automatic macOS updates with a maximum deferral window
• Enable Gatekeeper and restrict app installs to the App Store + identified developers
• Block unsigned kernel extensions
• Require FileVault encryption on all Macs
• Disable automatic login

3. Get Visibility Into Network Traffic (This Quarter)

• Ensure your firewall/SD-WAN logs outbound connections from all endpoints
• Configure DNS filtering to block known malicious domains
• If you have EDR, verify it's actually collecting Mac telemetry (not just installed)
• Review your SIEM rules — do they include macOS-specific indicators?

4. Fix the Application Problem (Ongoing)

• Inventory all installed apps across your Mac fleet
• Remove unsupported or vulnerable software
• Implement a software approval process for new installations
• Subscribe to vulnerability alerts for commonly used macOS apps

5. Train Your Users (Ongoing)

• Mac users often believe they're immune to malware — correct this misconception
• Focus on trojan delivery methods: fake software updates, pirated apps, browser extensions
• Make reporting suspicious activity easy and blame-free

The Bottom Line

The "Macs don't get malware" era is over. The Jamf Security 360 data proves that Apple endpoints face the same threats as every other platform — and in many organisations, they're less protected because the security team assumes Apple handles it.

For mid-market IT leaders, the question isn't whether your Macs are targeted. It's whether you'll find the problems before attackers do.

---

Take the Next Step

Managing Apple devices without clear visibility into their security posture? DMC offers a complimentary Mac Fleet Security Assessment for mid-market organisations. We'll help you:

• Discover unmanaged and vulnerable Macs across your environment
• Assess patch compliance and application risk
• Review your MDM policies for security gaps
• Build a practical hardening roadmap that fits your team

[Schedule Your Free Mac Fleet Assessment →]