Jamf Releases 2025 Security 360 Report on Mobile and Mac Threats

HONG KONG SAR - On June 19, 2025, Jamf (NASDAQ: JAMF), a leading provider of Apple management and security solutions, unveiled its 2025 Security 360 Report, offering a comprehensive analysis of security risks associated with Mac and mobile environments. The report highlights critical threats organizations face, including phishing attacks, infostealers, and operating system vulnerabilities, providing actionable insights for security professionals tasked with safeguarding their enterprises.

According to Josh Stein, Vice President of Product Strategy at Jamf, "Our goal with this research is to inform security leaders about the risks impacting their organizations – whether those risks impact Mac or mobile – and provide tangible recommendations for safeguarding their organizations against increasingly sophisticated attacks." This sentiment underscores the importance of understanding the evolving threat landscape and taking proactive measures to mitigate risks.

The report categorizes the analysis into mobile and macOS environments, each facing unique challenges. In the mobile sector, Jamf identified four primary threat categories impacting organizations globally:

1. **Mobile Phishing**: Jamf reported approximately 10 million phishing attacks over the past year, with 25% of organizations experiencing social engineering attacks. Alarmingly, 10% of users clicked on malicious links. Experts recommend implementing training programs and adopting a zero-trust methodology to mitigate these threats.

2. **Vulnerability Management**: The findings revealed that 32% of organizations operated at least one device with critical vulnerabilities, while 55.1% of mobile devices were running outdated operating systems. Regular updates from Apple and Google are critical to patch known vulnerabilities, emphasizing the need for ongoing device management.

3. **Application Risk and Malware**: Earlier reports by Jamf highlighted a vulnerability in iOS related to Transparency, Consent, and Control (TCC) bypass, illustrating how sideloaded apps can infringe on user privacy. The importance of securing the application layer is paramount, as it can significantly affect organizational security.

4. **Malware and Spyware**: High-profile users, including journalists and diplomats, are particularly vulnerable to advanced spyware attacks. Apple notified users in approximately 100 countries about potential spyware compromises, indicating the necessity for organizations to treat mobile devices as critical endpoints.

In the macOS environment, the report outlines the following critical areas of concern:

1. **Application Risk and Malware**: Infostealers have surged, now constituting 28.36% of all Mac malware examined, a dramatic increase from just 0.25% the previous year. This rise is particularly concerning for employees in high-stakes industries such as cryptocurrency.

2. **Vulnerability Management**: Jamf's Threat Labs have repeatedly debunked the myth that Macs are impervious to threats. For instance, a vulnerability in Gatekeeper, which protects users from unauthorized applications, was identified, emphasizing the need for robust security controls and employee training.

3. **Social Engineering**: As Mac usage in the workplace rises, so does the attack surface. Phishing is no longer confined to email; Jamf's research highlighted a campaign from the Democratic People's Republic of Korea (DPRK) that utilized LinkedIn messaging to lure victims. This indicates the necessity for training employees on various phishing tactics.

The methodology underpinning this report examined 1.4 million devices protected by Jamf across 90 countries, utilizing real-world usage metrics alongside original threat research. This comprehensive approach provides a robust foundation for understanding and addressing current security threats.

In conclusion, the 2025 Security 360 Report by Jamf serves as a critical resource for organizations navigating the complex landscape of mobile and Mac security. With threats evolving, organizations must remain vigilant and proactive in their security measures to protect their data and maintain operational integrity. As Stein noted, continuous threat research is essential not only for protecting customers but also for contributing valuable insights to the broader security community. The findings of this report underscore the pressing need for organizations to adopt comprehensive security strategies that encompass both user education and up-to-date technological defenses.

For more information on the report and to access the full findings, visit [Jamf's official website](https://jamf.com).