Apple Blocked $2.2bn in App Store Fraud in the Last Year
Total figure for fraudulent transactions Apple has blocked since 2020 now stands at over $11bn
Apple develops operating systems and devices whose vulnerabilities, security advisories, and updates affect users, enterprises, and connected ecosystems.
Search across headline titles and summaries.
Background for this topic.
Apple’s ecosystem consists of proprietary operating systems like iOS and macOS, powering devices such as iPhones, iPads, and Macs. These platforms integrate hardware-based security features—such as secure enclaves for cryptographic operations, mandatory app sandboxing, and biometric authentication—to protect user data and system integrity. Apple’s tightly controlled app distribution through the App Store reduces exposure to malware but does not eliminate risks from zero-day exploits or sophisticated attacks targeting system vulnerabilities.
Security practitioners must prioritize timely application of Apple’s security updates, as unpatched iOS and macOS flaws are frequently targeted for privilege escalation and remote code execution. Credential attacks against Apple ID and iCloud services remain common, enabling unauthorized access to sensitive data and backups. Understanding Apple’s privacy settings, encryption mechanisms, and forensic artifact availability is critical for detecting and mitigating threats within environments that include Apple devices.
Total figure for fraudulent transactions Apple has blocked since 2020 now stands at over $11bn
CEO Beth Tschida: AI Developers' Apple Preference Could Strengthen Jamf's PositionChief Technology Officer Beth Tschida takes over as CEO of Minneapolis-based Jamf with a mandate to define how the Apple management and security vendor uses AI internally while helping CISOs govern shadow AI, identity and policy controls across enterprise Apple fleets.
Apple revealed that it blocked over $11 billion in fraudulent App Store transactions over the last six years, more than $2.2 billion in potentially fraudulent App Store transactions in 2025 alone. [...]
The SHub Reaper stealer, which hides behind fake WeChat and Miro installers, marks a shift from ClickFix social engineering to Apple script-based execution.
While also spoofing all the trusted domains - Apple, Microsoft, and Google - in the same attack
A new variant of the 'SHub' macOS infostealer uses AppleScript to show a fake security update message and installs a backdoor. [...]