Security News

A new wave of attacks involving a notorious macOS adware family has evolved to leverage around 150 unique samples in the wild in 2021 alone, some of which have slipped past Apple's on-device malware scanner and even signed by its own notarization service, highlighting the malicious software ongoing attempts to adapt and evade detection. The new iteration "Continues to impact Mac users who rely solely on Apple's built-in security control XProtect for malware detection," SentinelOne threat researcher Phil Stokes said in an analysis published last week.

A new wave of attacks involving a notorious macOS adware family has evolved to leverage around 150 unique samples in the wild in 2021 alone, some of which have slipped past Apple's on-device malware scanner and even signed by its own notarization service, highlighting the malicious software ongoing attempts to adapt and evade detection. The new iteration "Continues to impact Mac users who rely solely on Apple's built-in security control XProtect for malware detection," SentinelOne threat researcher Phil Stokes said in an analysis published last week.

Well, according to Apple, "Mail Privacy Protection stops senders from using invisible pixels to collect information about the user. senders from knowing when they open an email and masks their IP address so it can't be linked to other online activity or used to determine their location." Marketers' ability to deliver those experiences relies on these metrics and, due to Apple's Mail Privacy Protection, marketers will no longer be able to deliver those personalized and engaging email experiences for subscribers.

A swelling wave of AdLoad malware infections in macOS devices is cresting its way past Apple's on-device malware scanner, researchers said. AdLoad is a well-known Apple threat that's been circulating for years.

A new AdLoad malware variant is slipping through Apple's YARA signature-based XProtect built-in antivirus tech to infect Macs as part of multiple campaigns tracked by SentinelOne security researchers. While monitoring this campaign, the researchers observed more than 220 samples, 150 of them unique and undetected by Apple's built-in antivirus even though XProtect now comes with roughly a dozen AdLoad signatures.

Apple on Thursday said it's introducing new child safety features in iOS, iPadOS, watchOS, and macOS as part of its efforts to limit the spread of Child Sexual Abuse Material in the U.S. To that effect, the iPhone maker said it intends to begin client-side scanning of images shared via every Apple device for known child abuse content as they are being uploaded into iCloud Photos, in addition to leveraging on-device machine learning to vet all iMessage images sent or received by minor accounts to warn parents of sexually explicit photos in the messaging platform. What's more, Apple is expected to use another cryptographic principle called threshold secret sharing that allows it to "Interpret" the contents if an iCloud Photos account crosses a threshold of known child abuse imagery, following which the content is manually reviewed to confirm there is a match, and if so, disable the user's account, report the material to NCMEC, and pass it on to law enforcement.

There are two main features that the company is planning to install in every Apple device. One is a scanning feature that will scan all photos as they get uploaded into iCloud Photos to see if they match a photo in the database of known child sexual abuse material maintained by the National Center for Missing & Exploited Children.

On Monday, Eric Rescorla, CTO of Mozilla, published a technical analysis of Apple's system that suggests the security of the company's CSAM scanning effort depends on Apple behaving in a trustworthy manner. "It's important to realize that there's nothing in the system that prevents Apple from scanning photos that never leave the device; they've just chosen not to do so," he wrote.

Apple's announcement that it would scan encrypted messages for evidence of child sexual abuse has revived debate on online encryption and privacy, raising fears the same technology could be used for government surveillance. The move represents a major shift for Apple, which has until recently resisted efforts to weaken its encryption that prevents third parties from seeing private messages.

Apple is about to announce a new technology for scanning individual users' iPhones for banned content. The neural network-based tool will scan individual users' iDevices for child sexual abuse material, respected cryptography professor Matthew Green told The Register today.