Hard-to-spot Mac crypto-mining threat, XMRig, hits Pirate Bay
Jamf Threat Labs has spotted a family of Mac malware, XMRig, that spreads through pirated versions of Final Cut Pro, Photoshop and Logic Pro X.
Beware of macOS cryptojacking malware.
You may have heard about the cryptojacking malware on macOS. Read about a new one spotted by Jamf Threat Labs.
Can you rely on macOS Ventura for malware protection?
Samples of four malicious software downloaded and run on macOS 13.1. Could it detect and block them effectively? Or do you need 3rd party protection?
7 Ways Threat Actors Deliver macOS Malware in the Enterprise
Stay ahead of the game with our review on macOS malware threats. Learn about the top techniques used by threat actors to deliver malware and how to build more resilient defenses.
Zoom Patches High Risk Flaws on Windows, MacOS Platforms
Video messaging giant Zoom has released patches for multiple security vulnerabilities that expose both Windows and macOS users to malicious hacker attacks.
How do you know when macOS detects and remediates malware?
macOS may alert you when you’re trying to open or run a file, with an alert informing you that malware was detected. But what about in scans?
The Mac Malware of 2022 👾
A comprehensive analysis of the year's new malware
Shlayer Malware: Continued Use of Flash Updates
Although Flash Player reached end of life for macOS in 2020, this has not stopped Shlayer operators from continuing to abuse it for malvertising campaigns.
Shlayer malware abusing Gatekeeper bypass on macOS
Shlayer malware bypasses Gatekeeper security protections on macOS to execute unauthorized software without requiring approval.
L’art de l’évasion How Shlayer hides its configuration inside Apple proprietary DMG files
While conducting routine threat hunting for macOS malware on Ad networks, I stumbled upon an unusual Shlayer sample. Upon further analysis, it became clear that this variant was different from the known Shlayer variants such as OSX/Shlayer.D, OSX/Shlayer.E, or ZShlayer. We have dubbed it OSX/Shlayer.F.
Get root on macOS 13.0.1 with CVE-2022-46689, the macOS Dirty Cow bug
Get root on macOS 13.0.1 with CVE-2022-46689 (macOS equivalent of the Dirty Cow bug), using the testcase extracted from Apple’s XNU source.
Top 10 macOS Malware Discoveries in 2022
Learn about all the new malware targeting macOS users in 2022 and how to stay safe from the latest Mac-focused campaigns.
Cryptex: how a custom iPhone is changing macOS updates – The Eclectic Light Company
Expected in Ventura 13.1 is a new lightweight system for applying security patches. This article explains how it uses cryptexes, already being used in macOS 13.
Attacking Apple's Neural Engine
WeightBufs is a kernel r/w exploit for all Apple devices with Neural Engine support. Bugs and Exploit by @simo36, you can read my presentation slides at POC for more details about the vulnerabilities and the exploitation techniques.
Last Week on My Mac: Home truths about macOS
True or false? Apple supports macOS for three years. Apple’s security updates are sufficient. New versions of macOS are full of bugs. It’s safer to delay upgrading.
Apple's Poor Patching Policies Potentially Make Users' Security and Privacy Precarious
Apple's practices regarding security updates are frustrating and perplexing, and may endanger users.
Unmasking WindTape - Speaker Deck
The offensive macOS cyber capabilities of the WINDSHIFT APT group provide us with the opportunity to gain insight into the Apple-specific approaches employed by an advanced adversary. In this talk we’ll comprehensively dissect OSX.WindTape, a second-stage tool utilized by the WINDSHIFT APT group when targeting Apple systems. First we’ll discuss the malware’s anti-analysis mechanisms, and then once these have been thwarted, we’ll explore its capabilities. To conclude, we’ll present heuristic methods that can generically both detect and prevent WindTape, as well as other advanced macOS threats.
Reverse Engineering the Apple MultiPeer Connectivity Framework
Some time ago I was using Logic Pro to record some of my music and I needed a way to start and stop the recording from an iPhone, so I found about Logic Remote and was quite happy with it.
Jamf Threat Labs identifies macOS Archive Utility vulnerability allowing for Gatekeeper bypass (CVE-2022-32910)
Read how macOS vulnerability in Archive Utility could lead to the execution of an unsigned and unnotarized application without displaying security prompts.
Lazarus ‘Operation In(ter)ception’ Targets macOS Users Dreaming of Jobs in Crypto
First Coinbase, now Crypto.com. Lazarus campaign targets more crypto exchange platform job seekers with multi-stage malware.
The Apple security landscape: Moving into the world of enterprise risk
With the enterprise adoption of MacOS and iOS devices increasing, the Apple security landscape is becoming increasingly complex.
Apple Kills Passwords in iOS 16 and macOS Ventura | WIRED
With iOS 16 and macOS Ventura, Apple is introducing passkeys—a more convenient and secure alternative to passwords.
Turning Your Computer Into a GPS Tracker With Apple Maps
One of the things Apple cares about in terms of its bug bounty program is your location data. Apple rightly categorizes real-time or historical precise location data as "sensitive data" which in some cases qualifies for a significant monetary award.
Get root on macOS 12.3.1: proof-of-concepts for Linus Henze’s CoreTrust and DriverKit bugs (CVE-2022-26766, CVE-2022-26763)
Here are two proof-of-concepts for CVE-2022-26766 (CoreTrust allows any root certificate) and CVE-2022-26763 (IOPCIDevice::_MemoryAccess not checking bounds at all), two issues discovered by @LinusHenze and patched in macOS 12.4 / iOS 15.5.
XCSSET Malware Update | macOS Threat Actors Prepare for Life Without Python
New domains and new behavioral indicators, but malware authors stick to tried and tested architecture despite Apple’s updates.
New macOS malware 'CloudMensis' detected and prevented
Jamf Threat Labs updates Jamf Protect to completely prevent CloudMensis from threatening the security of your macOS fleet.
North Korean hackers use signed macOS malware to target IT job seekers
North Korean hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase and lure in employees in the financial technology sector.
%2Fcdn.vox-cdn.com%2Fuploads%2Fchorus_asset%2Ffile%2F19861742%2Facastro_200331_1777_zoom_0003.0.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
Zoom’s latest update on Mac includes a fix for a dangerous security flaw
Zoom has issued a patch for a bug on macOS that could allow a hacker to take control of a user’s operating system (via MacRumors). In an update on its security bulletin, Zoom acknowledges the issue (CVE-2022-28756) and says a fix is included in version 5.11.5 of the app on Mac, which you can (and should) download now.
Process injection: breaking all macOS security layers with a single vulnerability ·
In macOS 12.0.1 Monterey, Apple fixed CVE-2021-30873. This was a process injection vulnerability affecting (essentially) all macOS AppKit-based applications. We reported this vulnerability to Apple, along with methods to use this vulnerability to escape the sandbox, elevate privileges to root and bypass the filesystem restrictions of SIP.
You're M̶u̶t̶e̶d̶ Rooted
With a recent market cap of over $100 billion and the genericization of its name, the popularity of Zoom is undeniable. But what about its security? This imperative question is often quite personal, as who amongst us isn't jumping on weekly (daily?) Zoom calls? In this talk, we’ll explore Zoom’s macOS application to uncover several critical security flaws. Flaws, that provided a local unprivileged attacker a direct and reliable path to root. The first flaw, presents itself subtly in a core cryptographic validation routine, while the second is due to a nuanced trust issue between Zoom’s client and its privileged helper component. After detailing both root cause analysis and full exploitation of these flaws, we’ll end the talk by showing how such issues could be avoided …both by Zoom, but also in other macOS applications.