• Macs are secure…no need to test them?? You might want to rethink that approach.

    16 Feb 2022

    Macs are secure! Right…? They don’t really need to be tested…including them in an overall vulnerability management program is likely overkill.

    It’s an age-old philosophy coming from those who need some enlightenment…perhaps get caught up on their reading.

    The next time someone tells you that macOS is secure, respectfully push back and ask: How do you know?

    Here’s a screenshot of the Tenable.io findings from just one scan of a macOS system. I’ve highlighted some key findings. There were multiple systems on the network with similar findings.

    I may be wrong – I often am – but this Mac doesn’t look too secure. As so many are saying in the name of “healthcare” today: better to be safe than sorry. Include those Macs in the scope of your vulnerability and penetration testing! Here’s a piece I wrote on this topic that may serve as a good starting point:

    Determining the Scope of Your Security Testing