Apple is seeing rapid growth in enterprise markets, and in the wake of theCrowdstrike disasterand Microsofts forced Windows 11 upgrades, theres no good reason for that trend to end. Its no wonder its platforms have become such a big target fororganized crime meaning constant security vigilance is necessary for every user as thescale of attacks intensifies.That doesnt mean Apples products are insecure; theyre not. But no platform is completely secure, and as more enterprise data is held on those platforms it becomes increasingly essential to ensure you have the correct security stance in place.How much is too much?Apples highly-skilled security teams are the first line of platform defense to protect system integrity, and they know how constant the attempts against its platforms have become. We dont know how constant, but only this week weve heard of two relatively serious security warnings, including the seventh zero-day attack this year.CrowdStrike (remember it?) recently warned of a spike in exploits targeting Macs on the part of a bunch of cybercriminals known asCookie Spider. These attacks use malware infested advertising to trick people into visiting fraudulent help websites where they are fooled into executing malicious commands that steal their data.The second, perhaps more disturbing, zero-day exploit is one that has been actively exploited in extremely sophisticated attacks against specific targeted individuals. That strongly suggests it to have been used in a sophisticated spyware campaign. Known asCVE-2025-43300, it enables attackers to compromise Apple device security just by getting the user to open a malicious image file. How severe is this exploit? Very.The Cybersecurity and Infrastructure Security Agency (CISA)hasgiven this vulnerability a severity rating of 8.8 out of 10.One reason the latter attack exploits malicious images is because Apple has made it much harder to use more conventional link-based attacks. These barriers are far from being complete Apple has now patched a total ofseven zero-day attacksthis year and its only August.In discussing this, Adam Boynton, senior security strategy manager atJamf, suggested the zero-day attack might have been used by one of thesurveillance mercenaries. While Apple has not confirmed whether this specific flaw was linked to spyware, similar vulnerabilities in ImageIO and WebKit have previously been used in Pegasus campaigns, he said.Surveillance-as-a-servicePegasus is just one of a hungry horde of amoral, zero-day spyware attacks to be sold for profit by surveillance-as-a-service firms, many of which seem toemanate from Israel.This is a zero-click exploit that requires no user interaction, and can be triggered simply by processing a maliciously crafted image file, which could be delivered through various channels including messages, emails, or web content, according to Qualys security research manager Mayuresh Dani.Developing such attacks is very costly, which suggests the level of resources being thrown into breaking Apple device security. (Its worth noting that these are the kinds of resources that would also be used toidentify and exploitany security backdoorsput in place at an operating system level in the event authoritarian surveillance-loving governments get their way.)That cost certainlydoesnt seem to be a massive turn-offto the highly sophisticated and well-resourced companies profiting from the delivery of digital chaos. Many of these firms, such as NSO Group, have faced international sanctions and lawsuits, which doesnt seem to have stopped them at all. Meanwhile, many of the exploits they create are sold to repressive governments that use them against journalists, dissidents, political rivals and others. Beyond that, older, patched exploits have reportedly been traded on the dark web, meaning these dangerous attacks can proliferate.The danger of such attacks should be top of mind for any prominent business executive, as enterprises can be targets, too particularly as corporate execs jet around the world. Travelers should now carry burner phones with only limited access to important corporate (or personal) data.Dont be paranoid, but be awareThe growing sophistication and frequency of attacks reflect Apples growing ecosystem but underline the obvious need to maintain a robust security posture. That includes keeping all your devices updated with the latest security patches and ensuring that all the systems you do use are running or capable of running the latest security updates.While Apple is evolving, attackers are evolving in tandem. Are all your systems updated with the latest security patches?You can follow me on social media! Join me onBlueSky, LinkedIn, andMastodon.