In an era where the lines between corporate and personal data have blurred, a stark new warning has been issued for security leaders. Jamf’s annual Security 360 Report, reveal that vulnerable applications and critically out-of-date operating systems are the top concerns facing organisations today.
The report paints a concerning picture of the modern mobile landscape, where productivity anywhere often comes at a cost. While mobile malware remains relatively uncommon, 95% of assessed applications contained at least one medium-severity vulnerability.
Furthermore, 62% of these apps requested dangerous permissions, with a fifth actively engaging in privacy-impacting behaviours. This massive attack surface is compounded by poor security hygiene, as over half (53%) of organisations have devices running critically out-of-date operating systems.
“Our goal with this research is to spread awareness among security leaders regarding the risks impacting their organisations,” said Michael Covington, VP of portfolio strategy at Jamf. “Avoidance of a holistic, proactive approach to Mac and mobile security places any organisation at unnecessary risk.”
The findings for macOS environments are equally urgent, driven by a 16.4% growth in market share that has made Apple devices a primary target for adversaries. The report notes a significant strategic shift in 2025, with trojans claiming the top spot and representing roughly half of all attacks.
This marks a notable departure from 2024, when infostealers and adware dominated the threat landscape . Overall, trojans, infostealers, adware, and unwanted applications now account for 90% of all Mac attacks.
Compounding this shift in tactics, Jamf Threat Labs added over 26,000 malware samples to their database last year. The data reveals that 44% of devices are experiencing malicious network traffic, and 26% of organisations have been impacted by cryptojacking.
This aligns with independent research highlighting the rise of sophisticated macOS-specific infostealers, which are increasingly capable of bypassing native defences like Gatekeeper to scrape sensitive data directly from endpoints .
Perhaps the most alarming statistic for enterprise IT is the state of basic patch management. The Jamf report found that 58% of organisations are running Macs with critically out-of-date operating systems, and a staggering 73% of evaluated Mac devices contain at least one vulnerable application .
“As Apple devices continue to expand across the enterprise, security solutions should be built specifically for the Apple ecosystem,” Jamf advised, warning against adapting tools from a Windows-first approach.
With 25% of organisations having a user fall victim to a phishing link and advanced persistent threats (APTs) leveraging zero-click attacks, the report is clear that a reactive security posture is no longer viable.
For those responsible for protecting the modern workforce, the message is simple: treat Mac and mobile security with the same rigour as any other critical infrastructure .
