It’s a long-held belief of Mac users that their computers are immune to the kind of malware and viruses that plague Windows PCs. While there is some credibility in this idea, we shouldn’t get over-confident when it comes to Mac security, as there are exploits that criminals can use to hack your Mac and leave it like a wide-open door through which they can steal your data or worse.
In this article we take a look at whether Macs can be hacked, how to tell if your Mac has been hacked or if someone is spying on your Mac, and what you can do if your Mac is being remotely accessed. Here’s what you need to know – and what you need to do.
Can Macs get hacked?
Apple has gone to great lengths to make it difficult for hackers to gain access to Macs. With the protections offered by Gatekeeper, the Secure Enclave features of the M1- and M2-series of chips and the T1 or T2 chip, and Apple’s built in anti-virus XProtect, targeting Macs may well be considered too much effort by hackers. We discuss this in more detail here: How secure is a Mac? and in Do Macs need antivirus software?
However, from time to time security vulnerabilities are detected that could be used by hackers to exploit Macs. These vulnerabilities are sometimes referred to as back doors or as a zero day vulnerability. When these are identified by security researchers (or friendly hackers) they usually alert Apple to them in the hope that the company will quickly close the vulnerability, quickly – or within zero days – before it is exploited.
Such vulnerabilities, though rare, could allow an attacker root access to your Mac.
Apple is usually quick to fix, but there have been cases where Apple has been criticised for being slow to respond to the threat once it’s been identified.
For example, in 2019 researcher Filippo Cavallarin found a Gatekeeper vulnerability that he alerted Apple to. Having had no response from Apple within 90 days he went public with details of the vulnerability.
Back in 2018, the news was filled with stories about the Meltdown and Spectre flaws that attacked vulnerabilities in Intel and ARM processors. The Guardian reported that Apple confirmed “All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time.” The risk was mitigated by updates to the operating system which closed off the areas that were exposed.
In 2021, Apple paid a student $100,000 after he discovered a dangerous vulnerability relating to Macs and reported it to Apple. The vulnerability, which could enable a hacker to gain control of a Mac user’s camera, was identified by Ryan Pickren in July 2021 and fixed by Apple in macOS Monterey 12.0.1 on October 25, 2021. More information here: Hacker ‘could take over any Apple webcam’.
Apple is kept busy patching these security flaws as and when they arise. In macOS Ventura Apple introduced a new way to get security updates onto Macs as background updates, so the update to the operating system isn’t required to get the important security component–after all some people delay installing operating system updates. This means that the security part of any macOS update can be automatically installed on your Mac without you having to do anything–although we recommend you check the following to ensure it is set up on your Mac:
- Open System Settings.
- Choose General.
- Click on the i beside Automatic Updates.
- Make sure that the option to Install Security Responses and system files is selected, even if you choose not to select the others (although we recommend you do).
If you aren’t running Ventura or later then when Apple issues a macOS update with a security component it is important to install it as soon as possible. You can still set your Mac to automatically download and update the operating system is you follow these steps:
- Open System Preferences.
- Click on Software Update.
- Click on Advanced.
- Make sure that the option to Install system data files and security updates is selected.
Now your Mac will check for updates, download the update, and install the update without you needing to do anything.
Do Macs get hacked?
It may be rare when compared to Windows, but yes, there have been cases where Macs have been accessed by hackers.
This can take various forms and there are various types of Mac malware that have been discovered ‘in the wild’ on Macs as you can see from our run through of the various threats affecting macOS: List of Mac viruses, malware and security flaws. Malware has even been found on the M1 Mac – read about Silver Sparrow and the first case of malware for M1 Macs.
We’ll run through the types that are more pertinent to the hacking of Macs below:
Cryptojacking: This is where someone uses your Mac’s processor and RAM to mine cryptocurrency. If your Mac has slowed right down this could be the culprit.
Spyware: Here hackers attempt to gather sensitive data about you, such as your log in details. They might use key loggers to record what you type and eventually have the information they need to log in to your accounts. In one example, the OSX/OpinionSpy spyware was stealing data from infected Macs and selling it on the dark web.
Ransomware: Some criminals use Ransomware to try and extort money from you. In cases like KeRanger hackers could have encrypted files on Macs and then demand money to unencrypt them. Luckily Security researchers identified KeRanger before it started infecting Macs so it was addressed before it became a serious threat. In April 2023 security researchers warned that a collective known as LockBit was working on ransomware encryptors that work on both Macs using Apple M-series chips and Intel processors.
Botnet: In this case your computer becomes a remotely operated spam machine. In the case of the Trojan Horse botnet OSX.FlashBack over 600,000 Mac computers.
Proof-of-concept: Sometimes the threat isn’t actually seen in the wild, but is a proof of concept based on a loophole or vulnerability in Apple’s code. While this is less of a threat the concern is that if Apple isn’t quick enough to close the vulnerability it could be utilised by criminals. In one example Google’s Project Zero team designed a proof-of-concept know as Buggy Cos which was able to gain access to parts of macOS thanks to a bug in macOS’ memory manager.
Port exploits: It’s not always the case that the hack is made possible by some sort of malware downloaded onto the Mac. In some cases Macs have been hacked after something is plugged into a port. It is possible that Macs could be hacked via the USB and by the Thunderbolt port – which is a good reason to always be careful about what you plug into you Mac or leaving your Mac unattended. For example, in the
checkm8 exploit it could have been possible for hackers to gain access to the T2 chip by plugging in a modified USB-C cable. Similarly in the case of
Thunderspy a serious vulnerability with the Thunderbolt port could have granted a hacker access to a Mac.
Can a Mac camera be hacked?
Once a hacker has access to your Mac there are various ways in which they might try to gain information about you, or use the processing power of your Mac for their own purposes. As we mentioned above, in the case of spyware the hacker might attempt install a keylogger so that it can record what you are typing and look out for your password. The hacker could also attempt to highjack your mic or video camera.
Theoretically this shouldn’t be possible: since macOS Catalina launched in 2019 Apple has protected Mac users from these kind of exploits by ensuring that you have to give your permission before the mic or video camera is used, or before a screen recording can take place. And if your video camera is being used you will always see a green light next to it. However, the example we mention above, where Ryan Pickren alerted Apple to a vulnerability that could enable a hacker to gain control of a Mac user’s camera, suggests that Apple’s alert wasn’t enough to stop the camera being accessed.
There was also a camera related vulnerability that affected Mac users of the video conferencing service Zoom. In this case hackers could add users to video-calls without them knowing and then activate their webcams but keep the light turned off. This would enable any potential hackers (or law enforcement bodies) to monitor your activities and you wouldn’t have any idea that the camera was watching you. Zoom patched the vulnerability, but only after it became public knowledge when the person who found it reported that the flaw had been left in place for three months after the company had been privately informed of the risk. For more information read: How to stop your Mac webcam being hacked.
Wondering about whether FaceTime is secure? Read
Is Apple FaceTime safe?
How to tell if your Mac has been hacked
If you think your Mac has been hacked there are a few ways to find out. First of all look for the signs: Has your Mac slowed down? Is your web connection painfully slow? Do the ads you are seeing look a bit more dodgy than usual? Have you noticed anything strange on your bank statements?
- If you think an account might have been hacked then check the website haveibeenpwned.com and pop in your email address to see if it’s featured in a data breach. If it has been then be sure to change your password! This doesn’t mean you have been hacked, but it’s certainly possible that if this information is out there you could be.
- Another way to tell if there is some strange activity going on would be to check Activity Monitor and look specifically at network activity.
- You could also go to System Preferences > Sharing and check if anyone suspicious has access to anything.
- Your best bet is to run a sweep of your system with some kind of security software that can check for any viruses or malware that may have made it onto your system. We have a round up of the best Mac antivirus apps, in which we recommend Intego as our option of choice.
You may also like to read our guide on how to remove a virus from a Mac.
How to protect your Mac from hackers
macOS is a very secure system, so there’s no need to panic, but if you want to reduce the chances of being compromised then there are a few things to do.
- The first is to try to only download software from either the Mac App Store or the official websites of manufacturers.
- You should also avoid clicking on links in emails – just in case they lead you to spoof websites and malware.
- Don’t use USB cables, other cables, or memory sticks, that if you can’t be sure that they are safe.
- When you are browsing the web surf in private or incognito mode.
- If you ever receive a ransomware request or a phishing email do not respond as all this does is confirm that you exist.
- Another is to make sure you download updates to macOS as soon as they become available as they usually include security patches. In fact you can set up your Mac to automatically download such updates. Turn on Automatic Updates in System Preferences > Software Update and click beside Automatically keep my Mac up to date.
- Finally, consider using a dedicated security software package. You’ll find our pick of the current offerings in best Mac antivirus. Right now our top choices are Intego Mac Internet Security X9, but we also like McAfee Total Protection 2021, and Norton 360 Deluxe.
- You should also consider using a password manager, as this will allow you to have multiple, complicated login details across all your accounts without having to remember them. Here our recommendations are LastPass, 1Password, and NordPass.
Feeling more secure now? Learn even more by reading the helpful tips in How to keep your Mac secure.