A major appeal of using Apple products is that the threat of viruses and malware is vastly reduced as compared to other operating systems (particularly PCs running Windows). Apple’s “walled garden” approach to software distribution means that if you install software or an app, you have to do it through Apple’s internal systems, so you can be assured that they’ve thoroughly screened it for threats before allowing it to be hosted with them.

That doesn’t mean Apple products are entirely free of security issues, of course. In recent years, malware has even found ways to creep onto Apple devices. While an Apple product is still generally less demanding than a PC or an Android device in terms of requiring users to be pro-active about security, there are at least a few major threats and attack vectors that all users should be aware of.

1) Trojans Through Java/JavaScript

Though Apple’s closed system protects effectively against trojans getting in through apps and software, they can still get in through the Safari web browser by way of Java or JavaScript code. JavaScript is always disabled by default, but many users opt to enable it as it is widely used by websites. This does create an attack vector that is largely beyond Apple’s control, however. The most famous trojan passed in this way to date was Flashback, which is estimated to have infected up to a million Apple devices.

2) Cloud Vulnerabilities

Apple’s cloud storage service is no longer vulnerable to “brute force” password guessing, the technique used to break into celebrity accounts in 2014. That doesn’t mean iCloud is completely secure at this point, however, and its security largely rests on the shoulders of its users. This also holds true for any other cloud-based service, Google Drive and Dropbox among them.

First, it’s important to review exactly what data of yours is automatically synced to cloud storage, and whether it is necessary or good security practice for it to be there (or if it perhaps should be encrypted). Users can also have their login credentials stolen through a variety of other means, such as “phishing” attacks by email that fool you into following bogus links that look legitimate, so it’s additionally vital to set up two-factor authentication so that something other than your username and password is needed to get into your accounts.

3) Keyloggers and Ransomware

Keyloggers quietly lurk in the background of your device and send your keystrokes to a remote observer so they can steal your personal information and login credentials, while ransomware locks down your computer and requires you to pay a fee to regain access to it.

Though still more rare on Apple devices than they are on PCs, they are both being seen with increasing frequency. Two problem areas that they are passed through are open source software projects (which in some cases are approved by Apple for download but not as tightly monitored) and unapproved downloads that can only be run on jailbroken devices. The Transmission BitTorrent client has been a particular problem, with two of the more notorious ransomware variants (KeRanger and Keydnap) thought to have primarily spread through it.

4) SSL Vulnerability

SSL is the protocol used to allow you to pass data back and forth privately when you visit websites, even when you’re on a public connection (like the free WiFi at a coffee shop). If you have an older version of iOS than 7 or an older version of macOS than 10.9.2, however, it’s vital to upgrade as there’s a serious weakness in them that allows other people to potentially see data that is supposed to be encrypted. If you have an older iPhone or iPad that can’t be upgraded to iOS 7, you can fix the problem by upgrading to iOS 6.1.6.