A comprehensive analysis of the year's new malware

While conducting routine threat hunting for macOS malware on Ad networks, I stumbled upon an unusual Shlayer sample. Upon further analysis, it became clear that this variant was different from the known Shlayer variants such as OSX/Shlayer.D, OSX/Shlayer.E, or ZShlayer. We have dubbed it OSX/Shlayer.F.

Get root on macOS 13.0.1 with CVE-2022-46689 (macOS equivalent of the Dirty Cow bug), using the testcase extracted from Apple’s XNU source.

Learn about all the new malware targeting macOS users in 2022 and how to stay safe from the latest Mac-focused campaigns.

WeightBufs is a kernel r/w exploit for all Apple devices with Neural Engine support. Bugs and Exploit by @simo36, you can read my presentation slides at POC for more details about the vulnerabilities and the exploitation techniques.

True or false? Apple supports macOS for three years. Apple’s security updates are sufficient. New versions of macOS are full of bugs. It’s safer to delay upgrading.

The offensive macOS cyber capabilities of the WINDSHIFT APT group provide us with the opportunity to gain insight into the Apple-specific approaches employed by an advanced adversary. In this talk we’ll comprehensively dissect OSX.WindTape, a second-stage tool utilized by the WINDSHIFT APT group when targeting Apple systems. First we’ll discuss the malware’s anti-analysis mechanisms, and then once these have been thwarted, we’ll explore its capabilities. To conclude, we’ll present heuristic methods that can generically both detect and prevent WindTape, as well as other advanced macOS threats.

Some time ago I was using Logic Pro to record some of my music and I needed a way to start and stop the recording from an iPhone, so I found about Logic Remote and was quite happy with it.

Read how macOS vulnerability in Archive Utility could lead to the execution of an unsigned and unnotarized application without displaying security prompts.

First Coinbase, now Crypto.com. Lazarus campaign targets more crypto exchange platform job seekers with multi-stage malware.

With the enterprise adoption of MacOS and iOS devices increasing, the Apple security landscape is becoming increasingly complex.

With iOS 16 and macOS Ventura, Apple is introducing passkeys—a more convenient and secure alternative to passwords.

One of the things Apple cares about in terms of its bug bounty program is your location data. Apple rightly categorizes real-time or historical precise location data as "sensitive data" which in some cases qualifies for a significant monetary award.

Here are two proof-of-concepts for CVE-2022-26766 (CoreTrust allows any root certificate) and CVE-2022-26763 (IOPCIDevice::_MemoryAccess not checking bounds at all), two issues discovered by @LinusHenze and patched in macOS 12.4 / iOS 15.5.

New domains and new behavioral indicators, but malware authors stick to tried and tested architecture despite Apple’s updates.