PR, cybersecurity and data privacy experts explain how operating system security bugs could threaten trust in the tech giant.
Apple is urging users to update the operating systems on their devices to address underlying security vulnerabilities it discovered in some versions of its iOS and macOS frameworks.
On Wednesday the tech giant rolled out three new system updates designed to patch security bugs that it said in a blog post “may have been actively exploited.” The new updates include iPad and iOS 15.6.1, and macOS 12.5.1.
Devices that are not updated, said Apple, are at risk of being hacked. The security vulnerabilities leave the door open – via the operating system itself or via WebKit, which powers Safari and Apple device applications like Mail and App Store – for bad actors to run code without permission.
The news, which, predictably, has many users concerned, comes ahead of the release of iPhone 14, which is expected to be made available within the coming month.
But it’s not just the timing that’s bad for Apple. In admitting that its operating systems face security problems, Apple undermines the privacy-obsessed brand it has so meticulously curated in recent years. (The tech company has in recent years made a variety of changes to its technology and user controls so as to give users greater power over how their personal information is used – and underscored these efforts with multi-million dollar ad campaigns and public endorsements of more stringent privacy regulation).
And it’s not the first time within the past year that the company has faced backlash over software security issues: in September of 2021, an Israeli surveillance firm exploited a vulnerability present in all versions of Apple's iOS, OSX and watchOS.
Will this latest slip-up damage the tech behemoth’s brand perception – or threaten sales of its forthcoming iPhone?
“If [a brand] puts forth a strong pillar or issue they will want to be known for, this comes with both great opportunities – to [distinguish] themselves from other competing brands – and challenges, if they do not fulfill their promise,” says Dr Karen Freberg, a professor of strategic communications at the University of Louisville.
The market has seen similar PR crises in the past, of course. Few can forget Dove’s tonedeaf 2017 ad for a product that likened cleanliness to whiteness – a stumble that undercut years of hard work the Unilever-owned brand had poured into its diversity and inclusivity-focused messaging.
Water under the bridge for consumers?
Still, experts are skeptical that Apple’s brand image will take a real hit in light of the news. “Apple’s ubiquity among consumers, coupled with its aggressive marketing efforts around privacy and security, has ensured the company’s banked enough good will with users,” says Mike Stolyar, head of cybersecurity communications at Crenshaw Communications, who has more than a decade of experience in managing public relations for cybersecurity brands.
Stolyar also points out that the Apple operating system hack exposed last September barely made an impact: “It seems [the brand’s] reputation can come out unscathed through quick disclosure and device operating system update warnings.”
Considering that the company has already been proactive in alerting users of this latest issue and explaining how they can take action to protect the integrity of their systems, Stolyar predicts the brand is hardly at risk of long-term reputational damage. “The average person really isn’t steeped in a ton of cybersecurity knowledge – and terminology like ‘zero-day’ and ‘exploits’ are usually too technical to draw widespread consumer panic. There’s inherent trust that Apple’s security team has the situation handled and will roll out necessary fixes as soon as they’re available.”
And other PR pros agree with the sentiment. “For most people, this will barely be a blip on their radar screen,” says Kelcey Kintner, senior vice-president at crisis communications firm Red Banyan. “They will upload the security update and move on with their day.”
Red flags remain
But while consumers may not be spooked, industry professionals might be. Zero-day vulnerabilities like those discovered in Apple’s operating systems indicate that any device that hasn’t yet been patched is at risk of being hacked – which threatens the safety and security of users’ personal data. “Those with more technical knowledge will see this as a major red flag for the company’s offerings and its ability to keep people’s data safe,” says Stolyar.
Another group whose ears may have pricked up over the debacle is regulators, suggests Arielle Garcia, chief privacy officer at ad agency UM Worldwide. “Regulators are likely to be less forgiving [than consumers],” she says. With the US Federal Trade Commission announcing plans to crack down on data privacy and security, Garcia notes, this misstep “substantiates, and will likely amplify, big tech data scrutiny.”
Indeed, the news comes amid increasing focus – from consumers, policymakers and interest groups – on corporations’ data practices and consumer data protections.
Even if consumers remain trustful of Apple and its data privacy and cybersecurity practices, PR and communications experts suggest that the tech giant shouldn’t use this moment to sit on its laurels.
This incident, says University of Louisville’s Dr Freberg, should serve as a wake-up call for Apple. “They need to continue investing in this area if they are committed to privacy and data protection, and [they should understand that] being ahead just a few steps is not enough – they have to be yards or miles ahead on this issue to be protected … amongst their customers and other key stakeholders.”