Apple has released emergency security updates to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones, iPads, or Macs. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, da

Zoom addressed two high-severity vulnerabilities in its macOS app that were disclosed at the DEF CON conference. Zoom last week released macOS updates to fix two high-severity flaws in its macOS app that were disclosed at the DEF CON conference. Technical details of the vulnerabilities were disclosed at the DEF CON conference by security researcher Patri

The North Korea-linked Lazarus Group has been observed targeting job seekers with macOS malware working also on Intel and M1 chipsets. ESET researchers continue to monitor a cyberespionage campaign, tracked as “Operation In(ter)ception,” that has been active at least since June 2020. The campaign targets employees working in the aerospace and

Researchers spotted previously undocumented spyware, dubbed CloudMensis, that targets the Apple macOS systems. Researchers from ESET discovered a previously undetected macOS backdoor, tracked as CloudMensis, that targets macOS systems and exclusively uses public cloud storage services as C2. The malware was designed to spy on the target systems, exfil

If you’re one of the 50% of small and medium-sized businesses (SMBs) that use Mac devices today, chances are your IT and security teams have a ton of Mac endpoints to monitor.  Securing that many endpoints can get really complex, really fast, especially when you consider that the common wisdom that Macs don’t get malware simply isn’t true: in fact, t

Microsoft published the exploit code for a vulnerability in macOS that can allow an attacker to escape the sandbox. Microsoft publicly disclosed technical details for an access issue vulnerability, tracked as CVE-2022-26706, that resides in the macOS App Sandbox. “Microsoft uncovered a vulnerability in macOS that could allow specially crafted co

Apple has previewed a new feature which aims to harden high-risk users from the serious threat of being spied upon by enemy states and intelligence agencies.“Lockdown Mode” is scheduled to arrive later this year with the release of Apple iOS 16 and macOS Ventura. It’s an optional feature for users who believe their computers and smartphones

The idea of “planned obsolescence” has been around for about 100 years. It is said to have begun in the automobile industry, when GM decided that, to increase flagging sales, the company would make new models every year. Of course, the general concept really began much earlier: look at fashion, where designers decide what people wear each year,

MacOS users that have a network-attached storage (NAS) device made by QNAP are being advised to disable the Apple Filing Protocol (AFP) on their devices until some severe vulnerabilities have been fixed. But QNAP is not the only vendor that needed to fix these vulnerabilities. Others have already done so, or have taken more drastic measures. Taiwanese cor

p> Universal Control is one of the most interesting features in macOS Monterey, but it’s taken months for it to roll out to users. Apple first presented the feature in June 2021, and, while it was slated to be included in macOS Monterey’s first release, it was delayed. It is finally available, but still officially described as "beta."

Gimmick is a newly discovered macOS implant developed by the China-linked APT Storm Cloud and used to target organizations across Asia. In late 2021, Volexity researchers investigated an intrusion in an environment they were monitoring and discovered a MacBook Pro running macOS 11.6 (Big Sur) that was compromised with a previously unknown macOS malware tr

byPaul DucklinHere on Naked Security, we’ve been lamenting the mysterious nature of Apple’s security updates for ages.For example, even when widely-known security problems appear in components that are part of Apple’s operating system, Apple routinely refuses to say when, or even if, it plans to address the issues itself.Back in February 20

Apple has released patches for iOS 15.3, iPadOS 15.3, and macOS Monterey 12.2 and is urging users to update. The most significant reasons are two actively exploited zero-day vulnerabilities, one of which has a publicly disclosed Proof-of-Concept (PoC). Using this vulnerability, designated CVE-2022-22587, a malicious app could execute random code with kern

A researcher has picked up a $100,500 bounty from Apple after discovering a rather nasty method of gaining control of other people’s Macs. The issue, discovered lurking in Safari by Ryan Pickren, could make use of rogue websites to perform a number of dubious actions. It begins, as so many attacks do, with a single click. “Check out my website

If you have been forgoing updating your Mac, this article might make you think twice. The Microsoft 365 Defender Research Team has discovered a vulnerability in macOS, which allows malicious apps to successfully bypass a user’s privacy preferences. This means attackers could access personal data that was once private, as well as install a malicious