Apple @ Work is brought to you exclusively by Mosyle, Apple’s only unified platform. Mosyle is the only solution that integrates all the solutions needed to seamlessly and automatically deploy, manage and protect Apple devices at work into a single enterprise-grade platform. More than 45,000 organizations trust Mosyle to make millions of Apple devices ready to work effortlessly and affordably. Request your EXTENDED TRIAL today and understand why Mosyle is all you need to work with Apple.
If you spend enough time managing Apple devices in an enterprise environment, you start to spot trends in how security incidents occur. It’s rarely an Ocean’s 11-style cinematic hack. It’s usually a user delaying an iOS update for three months or an employee connecting to an open Wi-Fi network in a hotel or cafe. Jamf recently released its Security 360: Annual Trends Report on Mobile Devices, and the data paints a very clear picture of the vulnerabilities IT organizations are currently facing. Even in the age of AI, what’s old is new again
About Apple @Work: Bradley Chambers managed an enterprise IT network from 2009 to 2021. With his experience deploying and managing firewalls, switches, a mobile device management system, enterprise-grade Wi-Fi, thousands of Macs and thousands of iPads, Bradley will highlight how Apple IT managers deploy Apple devices, build networks to support them, train users, stories of IT management and ways Apple could improve its products for IT services.
The operating system update problem
As IT administrators, we are constantly thinking, stressing, or stressing about updates. The report highlights exactly why this is a huge liability. According to the data, 53% of organizations have at least one device with an extremely outdated operating system. This means that more than half of the companies surveyed have unpatched, highly exploitable vulnerabilities in their employees’ back pockets.
In 2025, we discovered critical vulnerabilities such as CVE-2025-31200, where processing an audio stream from a maliciously crafted media file could result in code execution. The user doesn’t even need to tap a link; their device simply processes the audio message to preview it, memory corruption occurs and the device is compromised. If you don’t apply operating system updates through your device management platform, you’re leaving the door wide open to these advanced persistent threats.
The challenge is that employees are trying to work while constantly receiving updates, which is good for information security but can be a challenge for busy employees.
Jailbreaks and alternative markets
Apple’s siled approach to the App Store since its launch has been a huge advantage for IT security. However, as the ecosystem evolves, new risks emerge. The report reveals that one in every 850 work devices is jailbroken. When a device is jailbroken, it bypasses Apple’s security restrictions, creating a backdoor that attackers can use to gain access to your system.
2% of organizations had devices using alternative app markets. Although power users appreciate the flexibility of sideloading, it’s a nightmare from a business data perspective. Alternative stores are not subject to the same rigorous security and privacy requirements as the official App Store, which significantly increases the risk of malware entering your environment. Plain and simple: In my opinion, the App Store works for business.
The network is the new perimeter
Even with the world’s strictest device configurations, your data remains at risk the moment it leaves your corporate environment. The report notes that 18% of organizations have users logging into risky access points. Connecting to an unsecured public Wi-Fi network exposes users to Adversary-in-the-Middle attacks, in which hackers can intercept data in transit or steal session cookies.
In addition to network infrastructure risks, standard web risks remain incredibly high. In 25% of organizations, a user has been the victim of a phishing link. Generative AI has made it easier than ever for attackers to create convincing phishing messages that perfectly mimic services like Microsoft, Apple, and major financial institutions.
9to5Mac’s point of view
The key takeaway from this data is that IT administrators cannot rely on end users to make the right security decisions. Users will connect to airport and hotel Wi-Fi. They will click on convincing phishing links. They will ignore the software update prompt for as long as macOS lets them.
This reinforces the reality that robust device management and security tools are an essential security control, not just a tool to distribute configuration profiles. Apply rapid security updates, use tools like Tailscale and Kolide to determine who can touch your dataand leveraging endpoint security to monitor device health are the only ways to proactively defend against a mobile threat landscape that becomes more challenging every quarter.
Read the full report to find out more.
Apple @ Work is brought to you exclusively by Mosyle, Apple’s only unified platform. Mosyle is the only solution that integrates all the solutions needed to seamlessly and automatically deploy, manage and protect Apple devices at work into a single enterprise-grade platform. More than 45,000 organizations trust Mosyle to make millions of Apple devices ready to work effortlessly and affordably. Request your EXTENDED TRIAL today and understand why Mosyle is all you need to work with Apple.
FTC: We use automatic, revenue-generating affiliate links. More.