Apple signals that the new attack surface is time itself
The nature of security threats is changing. AI hasn’t just driven up energy prices and consumer electronics costs, it’s also ushering in a new era of AI-augmented cyberattacks, one where the time between a flaw being discovered and being exploited is shrinking fast.
Apple is already signaling that it sees this coming.
Why Apple moved first
The company has begun accelerating the release of security updates specifically to counter AI-assisted hacking. This week’s patch was pushed out ahead of Apple’s usual schedule, and the company told Reuters it’s adapting to a reality in which artificial intelligence can speed up the development of malicious tools.
The logic is simple. If an AI system can find a flaw for one user, it can identify vulnerabilities for other users; that’s a benefit for well-resourced attackers prepared to move fast once a vulnerability becomes public. Hackers are, after all, one group in tech that really doesn’t worry much about moving fast and breaking things.
Apple said it has no evidence any of the patched vulnerabilities were actively exploited before the fix shipped, but that’s not a reason for complacency — especially in business and education, where deployment tends to lag.
Caution has become risk
That lag is a vulnerability. Traditionally, some industries — particularly, regulated ones — have delayed the installation of system upgrades. That was sensible because it enabled them to identify compatibility problems before a company-wide deployment took place.
The new problem is that AI-accelerated attackers can specifically target organizations that haven’t yet patched, turning a cautious rollout window into a viable attack surface.
IT must now think deeply about company security policy. The old playbook needs rethinking, and Apple’s new approach to fast and swift security upgrades shows the way. You only need to review some of the data from a Kandji (now Iru) report to see the extent to which business is vulnerable to time itself.
Legacy hardware? A gift to attackers
There’s another big problem for most enterprises: legacy hardware. Old, unsupported devices that can’t run the latest security protection must be replaced fast. That old hardware is a viable and attractive launch point for any wise cybercriminal.
That’s not just an Apple issue; those firms still running Windows 10 systems are very much at risk. That risk is wide, given estimates that around 35% of US business systems are still running Windows 10.
Manufacturing is particularly exposed to the specter of an AI-attack. Apple and Tata Electronics are still reeling from the consequences of the recent attack at Apple’s India iPhone maker, which saw vast troves of confidential data stolen. (We don’t know whether AI was used in that attack, but we do know it is being used in attacks.)
Manufacturing is a target
Manufacturing has emerged as the most heavily targeted sector. Attackers have identified structural vulnerabilities that beset the market, including legacy infrastructure, sprawling supplier networks with inconsistent security postures, and tight margins that limit how fast companies can modernize.
None of that is likely to change anytime soon, so attackers will continue to make extensive use of artificial intelligence to probe for weak links in manufacturing tech infrastructure. Combined with rapid increases in tech hardware prices and continued constraints on renewal budgets, companies are likely to find themselves even more exposed before things improve.
What does this mean for the industry?
In general, the manufacturing industry will likely need to invest in more effective security protection, potentially amplifying ongoing inflationary pressure.
At Apple, it means the company must now intensify its race to secure its vast endpoint perimeter as AI weapons are applied by a variety of entities, including the nation state-adjacent hackers who want to subvert platform security in service of authoritarian control and surveillance.
For business, it means IT — and regulators — must swiftly review best-practice approaches to account for a fast-moving security environment in which failure to swiftly deploy updates can leave a company open to attack. For platform providers, it implies an imperative moral obligation to widen the security support windows for older devices.
And for the rest of us, it means we must be even more conscious of the need to follow good security practices, including timely installation of security updates. And it may be time to retire some of the old devices, or at least take them offline. This is all unfolding at the same time the economy seems ready to call a time-out on affordable consumer electronics everywhere. Good times, indeed.
Please join me on social media at BlueSky, LinkedIn, or Mastodon, and do subscribe my daily human-curated Apple news headline summary on Substack.Apple signals that the new attack surface is time itself – ComputerworldRead More