More than Half of Enterprises Are Using Devices with Out-of-Date Operating Systems – and It’s Leaving Them Wide Open to Attacks

The latest Jamf Security 360 Report, based on more than 150,000 macOS devices, reveals that outdated operating systems are no longer a niche problem but a systemic risk. Over half of surveyed enterprises—53 %—host at least one Mac running a critically out‑of‑date OS, and 58 % admit the same for their broader fleet. Vulnerable applications compound the issue: 95 % of the apps examined contain a medium‑severity flaw, with 62 % requesting dangerous permissions. These figures underscore a gap between Apple’s built‑in protections and the real‑world security hygiene of organizations.

Attackers are exploiting this hygiene gap with increasing sophistication. The report cites a surge in zero‑click and browser‑based exploits, highlighted by the recent WhatsApp image‑parsing vulnerability (CVE‑2025‑43300). Threat groups are chaining multiple weaknesses—out‑of‑date OS, vulnerable apps, and insecure public Wi‑Fi—to deliver one‑click spyware payloads. On macOS, 44 % of devices generated malicious network traffic and 26 % fell victim to cryptojacking, while trojans, infostealers and adware together represent 90 % of all Mac‑focused attacks. The diversity of vectors makes remediation more complex.

Enterprises can no longer rely on patch‑and‑pray. A holistic, proactive approach that couples continuous OS updates with rigorous application vetting, network segmentation, and real‑time threat detection is essential. Jamf’s findings suggest that security leaders must prioritize macOS and mobile device management as core components of their broader cyber‑risk strategy, especially as the popularity of Macs grows across industries. Investing in automated compliance enforcement and user‑education against phishing can reduce the attack surface, protecting both data integrity and corporate reputation in an increasingly hostile threat landscape.