Outdated Systems and Vulnerable Apps Leave Most Enterprises Exposed to Cyberattacks
scsecApril 10, 20262 Mins read 
A recent security analysis highlights a widespread problem in enterprise environments: many organizations are still operating devices with outdated operating systems and vulnerable applications, leaving them exposed to cyberattacks.
According to findings from a mobile device management firm, an examination of more than 150,000 Mac devices revealed that over half of organizations have at least one device running a critically outdated operating system. In total, 53% of organizations were found to have such systems in use, indicating significant gaps in patch management and security hygiene.
The report also uncovered serious issues with application security. Around 95% of analyzed applications contained at least one medium-severity vulnerability, while 62% requested high-risk permissions. Additionally, 21% of apps showed privacy-invasive behavior, raising concerns about data exposure and user tracking risks.
User behavior further contributes to the risk landscape. A quarter of organizations reported employees falling victim to phishing links, while nearly one-fifth admitted users had connected to insecure public networks, increasing the chance of credential theft and device compromise.
Security researchers warn that attackers are increasingly combining multiple vulnerabilities to launch more advanced attacks. Modern threat campaigns are leveraging techniques such as zero-click and browser-based exploits, enabling infections without requiring direct user interaction. Recent examples include spyware distribution through messaging app vulnerabilities and JavaScript-based attack chains.
The macOS ecosystem is also facing a growing range of threats. Despite built-in protections such as Gatekeeper, System Integrity Protection, and Transparency, Consent, and Control, a significant portion of devices still experienced malicious network activity. Around 44% of devices showed signs of malicious traffic, while 26% of organizations reported cryptojacking incidents.
Malware trends are also shifting. Trojans have become the dominant threat type, accounting for roughly half of all attacks, overtaking infostealers and adware from previous years. Overall, trojans, infostealers, adware, and potentially unwanted applications make up the vast majority of Mac-based threats. One malware family, PuAgent, was identified as the most common strain.
In addition, 58% of organizations were found running Macs with critically outdated operating systems, and 73% of devices had at least one vulnerable application installed.
Security experts emphasize that while Mac systems are often chosen for productivity and usability, their growing popularity has also made them a more attractive target for attackers. Threat actors are increasingly developing Mac-specific malware that evolves quickly, focusing on data theft, persistence, and large-scale exploitation.
Experts conclude that without a proactive and comprehensive security approach—covering both operating systems and applications—organizations remain at significant risk of exploitation from modern threat actors.
1 Comment
Leave a Reply to scsec Cancel reply
Related Articles
APT28 Turns Vulnerable Routers into a Global DNS Hijacking and Espionage Network
A Russia-linked cyber espionage group, widely tracked as APT28, has been connected...
Iran-Linked Hackers Disrupt U.S. Critical Infrastructure via PLC Attacks
Iran-Linked Hackers Target U.S. Critical Infrastructure via Internet-Exposed PLCs Iran-affiliated cyber actors...
Cybercrime, FBI IC3, Investment Fraud, Ransomware, Cryptocurrency Scams
FBI Reports Cybercrime Losses Nearly $21 Billion in 2025 The FBI’s Internet...
Cybersecurity Alert: Android Rootkit, ChatGPT Data Leak, and Ransomware Strikes Highlight Global Threats
Weekly Cybersecurity Roundup: ChatGPT Data Leak, Android Rootkit, and Ransomware Hits SecurityWeek’s...
This report underscores a critical but often overlooked issue in enterprise security: delayed patching and outdated systems remain one of the easiest entry points for attackers. Even with advanced security tools in place, weak update practices and risky application permissions can significantly increase exposure. A stronger focus on continuous updates, user awareness, and application control is essential to reduce these preventable risks.