Apple fixes three new zero-days exploited to hack iPhones, Macs
Apple has addressed three new zero-day vulnerabilities exploited in attacks to hack into iPhones, Macs, and iPads.
Apple fixes two zero-days exploited to hack iPhones and Macs
Apple has released emergency security updates to address two new zero-day vulnerabilities exploited in attacks to compromise iPhones, Macs, and iPads.
Session Cookies, Keychains, SSH Keys and More | 7 Kinds of Data Malware Steals from macOS Users
Stealing data from Mac devices can unlock the door for both financially-motivated cybercrime and espionage. Learn how recent macOS malware does it.
Hard-to-spot Mac crypto-mining threat, XMRig, hits Pirate Bay
Jamf Threat Labs has spotted a family of Mac malware, XMRig, that spreads through pirated versions of Final Cut Pro, Photoshop and Logic Pro X.
Attacking Apple's Neural Engine
WeightBufs is a kernel r/w exploit for all Apple devices with Neural Engine support. Bugs and Exploit by @simo36, you can read my presentation slides at POC for more details about the vulnerabilities and the exploitation techniques.
Last Week on My Mac: Home truths about macOS
True or false? Apple supports macOS for three years. Apple’s security updates are sufficient. New versions of macOS are full of bugs. It’s safer to delay upgrading.
Apple's Poor Patching Policies Potentially Make Users' Security and Privacy Precarious
Apple's practices regarding security updates are frustrating and perplexing, and may endanger users.
Reverse Engineering the Apple MultiPeer Connectivity Framework
Some time ago I was using Logic Pro to record some of my music and I needed a way to start and stop the recording from an iPhone, so I found about Logic Remote and was quite happy with it.
Apple Kills Passwords in iOS 16 and macOS Ventura | WIRED
With iOS 16 and macOS Ventura, Apple is introducing passkeys—a more convenient and secure alternative to passwords.
Investigation report about the abuse of the Mac Appstore | by Privacy1St
This investigation report contains an applications analysis of 7 different Apple developer accounts (identified so far — maybe there are…
Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706 - Microsoft Security Blog
Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared these findings with Apple, and fix for this vulnerability, now identified as CVE-2022-26706, was included in the security updates on May 16, 2022.
Last Week on My Mac: Introducing XProtect Remediator, successor to MRT – The Eclectic Light Company
MRT’s days appear numbered. On 14 March this year, Apple released its successor – a new version of XProtect, which now does the lot.
Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!
A vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially exposes up to 750,000 companies around the world that use Zoom to conduct day-to-day business.
Apple has pushed a silent Mac update to remove hidden Zoom web server
Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission. The Cupertino, Calif.-based tech giant told TechCrunch that the update — now released — removes the hidden web server, which […]
Known macOS Vulnerabilities Led Researcher to Root Out New Flaws
Researcher shares how he unearthed newer bugs in Apple's operating system by closer scrutiny of previous research, including vulnerabilities that came out of the Pwn2Own competition.
Jamf Threat Labs identifies Safari vulnerability (CVE-2022-22616) allowing for Gatekeeper bypass
The identified vulnerability allows bypassing of Gatekeeper security and app notorization, has been patched by Apple.
Increased Enterprise Use of iOS, Mac Means More Malware
As use of Apple devices has grown in the enterprise, the company has increasingly become a target for malware threats and other attacks. ISMG spoke with experts and
esmat: New Free macOS Endpoint Security Message Analysis Tool • UX monitoring & endpoint security analytics for Windows, macOS, Citrix, VMware on Splunk
We’re happy to announce the public release of esmat, a new free & open-source tool. esmat is a command-line app for macOS that allows you to explore the behavior of Apple’s Endpoint Security framework.
About the security content of macOS Monterey 12.2.1
"This document describes the security content of macOS Monterey 12.2.1."
Apple fixes two zero-days exploited to hack iPhones and Macs
Apple has released emergency security updates to address two new zero-day vulnerabilities exploited in attacks to compromise iPhones, Macs, and iPads.
Session Cookies, Keychains, SSH Keys and More | 7 Kinds of Data Malware Steals from macOS Users
Stealing data from Mac devices can unlock the door for both financially-motivated cybercrime and espionage. Learn how recent macOS malware does it.
Hard-to-spot Mac crypto-mining threat, XMRig, hits Pirate Bay
Jamf Threat Labs has spotted a family of Mac malware, XMRig, that spreads through pirated versions of Final Cut Pro, Photoshop and Logic Pro X.
Attacking Apple's Neural Engine
WeightBufs is a kernel r/w exploit for all Apple devices with Neural Engine support. Bugs and Exploit by @simo36, you can read my presentation slides at POC for more details about the vulnerabilities and the exploitation techniques.
Last Week on My Mac: Home truths about macOS
True or false? Apple supports macOS for three years. Apple’s security updates are sufficient. New versions of macOS are full of bugs. It’s safer to delay upgrading.
Apple's Poor Patching Policies Potentially Make Users' Security and Privacy Precarious
Apple's practices regarding security updates are frustrating and perplexing, and may endanger users.
Reverse Engineering the Apple MultiPeer Connectivity Framework
Some time ago I was using Logic Pro to record some of my music and I needed a way to start and stop the recording from an iPhone, so I found about Logic Remote and was quite happy with it.
Apple Kills Passwords in iOS 16 and macOS Ventura | WIRED
With iOS 16 and macOS Ventura, Apple is introducing passkeys—a more convenient and secure alternative to passwords.
Investigation report about the abuse of the Mac Appstore | by Privacy1St
This investigation report contains an applications analysis of 7 different Apple developer accounts (identified so far — maybe there are…
Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706 - Microsoft Security Blog
Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared these findings with Apple, and fix for this vulnerability, now identified as CVE-2022-26706, was included in the security updates on May 16, 2022.
Last Week on My Mac: Introducing XProtect Remediator, successor to MRT – The Eclectic Light Company
MRT’s days appear numbered. On 14 March this year, Apple released its successor – a new version of XProtect, which now does the lot.