Apple’s enterprise footprint has grown dramatically since 2020, but IT departments still treat Safari as someone else’s problem. 9to5Mac highlighted recent survey data showing 68% of organizations report increasing browser-based security incidents, yet most mobile device management strategies ignore Safari entirely.
The disconnect is structural. Enterprise security teams have spent a decade building controls around Chrome and Edge—certificate pinning, extension whitelists, data loss prevention hooks. Safari receives none of this attention despite shipping on every MacBook and iPhone in the fleet. When an employee clicks a Slack link on their iPhone, it opens Safari by default. When a marketing manager tests a campaign on their MacBook, Safari is right there. These sessions bypass every browser security control IT has deployed.
The irony is that Apple has built sophisticated management capabilities into Safari through MDM profiles and configuration options. Organizations can restrict extensions, enforce HTTPS, and deploy content filters. Few bother. Chrome dominates enterprise browser discussions so completely that Safari exists in a policy vacuum, even as SaaS applications multiply and browser sessions become the primary attack surface. The 2024 CircleCI breach, which started with a malware-infected browser session, demonstrated how a single compromised browser can expose an entire infrastructure.
Parallels commissioned the Omdia research, which creates obvious bias toward their virtualization solutions, but the underlying finding holds: enterprises manage devices, not the applications running on them. Safari gets updates through macOS patches and exists within Apple’s walled garden, which creates a false sense of security. That complacency breaks down the moment an employee syncs a compromised bookmark or clicks a phishing link in Messages.
The fix requires treating Safari as a managed application rather than an OS component, which means actually using the MDM capabilities Apple provides instead of assuming the problem doesn’t exist.
Reporting reference: 9to5Mac ↗