Researchers found malware developed by QuaDream, a little-known government spyware maker, which was used against journalists and politicians.

Apple has released emergency security updates to address two new zero-day vulnerabilities exploited in attacks to compromise iPhones, Macs, and iPads.

Stealing data from Mac devices can unlock the door for both financially-motivated cybercrime and espionage. Learn how recent macOS malware does it.

Jamf Threat Labs has spotted a family of Mac malware, XMRig, that spreads through pirated versions of Final Cut Pro, Photoshop and Logic Pro X.

What's allowed for Cupertino is verboten for everyone else Apple has again been sued for promising privacy and allegedly failing to provide it. The complaint [PDF], filed in Northern California District Court on behalf of plaintiff Julie Cima, claims Apple captures iPhone customer data despite device settings declaring a preference that information should not be shared.

Don’t delay, especially if you’re still running an iOS 12 device… please do it today!

Apple has launched its recent major security updates to the whole world.

On 29 December 2022, the CNIL's restricted committee imposed an administrative fine of 8 million euros on the company APPLE DISTRIBUTION INTERNATIONAL because it did not collect the consent of iPhone's French users (iOS 14.6 version) before depositing and/or writing identifiers used for advertising purposes on their terminals.

The iPhone security flaw was discovered by a Google unit that uncovers nation-state spyware, hacking and cyberattacks.

Apple has announced three new security features that will help protect logins, iMessage conversations, and data snyced by iCloud.

Open-source applications are a practical way to save money while keeping up with your productivity. However, this can be abused by threat actors to steal your data. Find out how one app was used to gather information of Apple users.

Apple introduced today Advanced Data Protection for iCloud, a new feature that uses end-to-end encryption to protect sensitive iCloud data, including backups, Photos, Notes, and more.

A 500-page document reviewed by WIRED shows Corellium engaged with several controversial companies, including spyware maker NSO Group.

Apple is facing a proposed federal class action alleging that it records users' mobile activity without their consent and despite privacy...

WeightBufs is a kernel r/w exploit for all Apple devices with Neural Engine support. Bugs and Exploit by @simo36, you can read my presentation slides at POC for more details about the vulnerabilities and the exploitation techniques.

True or false? Apple supports macOS for three years. Apple’s security updates are sufficient. New versions of macOS are full of bugs. It’s safer to delay upgrading.

Apple's practices regarding security updates are frustrating and perplexing, and may endanger users.

Apple confirms the active exploitation of CVE-2022-42827, warning in a barebones advisory that the flaw exposes iPhones and iPads to arbitrary code execution attacks.

Some time ago I was using Logic Pro to record some of my music and I needed a way to start and stop the recording from an iPhone, so I found about Logic Remote and was quite happy with it.

With iOS 16 and macOS Ventura, Apple is introducing passkeys—a more convenient and secure alternative to passwords.

Lockdown Mode is a new Apple feature you should hope you’ll never need to use. But for those who do, like journalists, politicians, lawyers and human rights defenders, it’s a last line of defense against nation-state spyware designed to punch through an iPhone’s protections. The new security feature was announced earlier this year as an […]

This investigation report contains an applications analysis of 7 different Apple developer accounts (identified so far — maybe there are…

Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared these findings with Apple, and fix for this vulnerability, now identified as CVE-2022-26706, was included in the security updates on May 16, 2022.

Whenever there’s a new in-the-wild 0-day disclosed, I’m very interested in understanding the root cause of the bug. This allows us to then understand if it was fully fixed, look for variants, and brainstorm new mitigations. This blog is the story of a “zombie” Safari 0-day and how it came back from the dead to be disclosed as exploited in-the-wild in 2022. CVE-2022-22620 was initially fixed in 2013, reintroduced in 2016, and then disclosed as exploited in-the-wild in 2022. If you’re interested in the full root cause analysis for CVE-2022-22620, we’ve published it here.

MRT’s days appear numbered. On 14 March this year, Apple released its successor – a new version of XProtect, which now does the lot.

MIT CSAIL boffins devise PACMAN attack to let existing exploits avoid pointer authentication

A vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially exposes up to 750,000 companies around the world that use Zoom to conduct day-to-day business.

Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission. The Cupertino, Calif.-based tech giant told TechCrunch that the update — now released — removes the hidden web server, which […]

Researcher shares how he unearthed newer bugs in Apple's operating system by closer scrutiny of previous research, including vulnerabilities that came out of the Pwn2Own competition.

Faster, easier, and more secure sign-ins will be available to consumers across leading devices and platforms.