Security News

A swelling wave of AdLoad malware infections in macOS devices is cresting its way past Apple's on-device malware scanner, researchers said. AdLoad is a well-known Apple threat that's been circulating for years.

A new AdLoad malware variant is slipping through Apple's YARA signature-based XProtect built-in antivirus tech to infect Macs as part of multiple campaigns tracked by SentinelOne security researchers. While monitoring this campaign, the researchers observed more than 220 samples, 150 of them unique and undetected by Apple's built-in antivirus even though XProtect now comes with roughly a dozen AdLoad signatures.

Apple on Thursday said it's introducing new child safety features in iOS, iPadOS, watchOS, and macOS as part of its efforts to limit the spread of Child Sexual Abuse Material in the U.S. To that effect, the iPhone maker said it intends to begin client-side scanning of images shared via every Apple device for known child abuse content as they are being uploaded into iCloud Photos, in addition to leveraging on-device machine learning to vet all iMessage images sent or received by minor accounts to warn parents of sexually explicit photos in the messaging platform. What's more, Apple is expected to use another cryptographic principle called threshold secret sharing that allows it to "Interpret" the contents if an iCloud Photos account crosses a threshold of known child abuse imagery, following which the content is manually reviewed to confirm there is a match, and if so, disable the user's account, report the material to NCMEC, and pass it on to law enforcement.

There are two main features that the company is planning to install in every Apple device. One is a scanning feature that will scan all photos as they get uploaded into iCloud Photos to see if they match a photo in the database of known child sexual abuse material maintained by the National Center for Missing & Exploited Children.

On Monday, Eric Rescorla, CTO of Mozilla, published a technical analysis of Apple's system that suggests the security of the company's CSAM scanning effort depends on Apple behaving in a trustworthy manner. "It's important to realize that there's nothing in the system that prevents Apple from scanning photos that never leave the device; they've just chosen not to do so," he wrote.

Apple's announcement that it would scan encrypted messages for evidence of child sexual abuse has revived debate on online encryption and privacy, raising fears the same technology could be used for government surveillance. The move represents a major shift for Apple, which has until recently resisted efforts to weaken its encryption that prevents third parties from seeing private messages.

Apple is about to announce a new technology for scanning individual users' iPhones for banned content. The neural network-based tool will scan individual users' iDevices for child sexual abuse material, respected cryptography professor Matthew Green told The Register today.

A new sort of Windows nightmare, this one not involving printers. Another new sort of Windows nightmare, also with no printers.

Like almost all Apple security fixes, the update arrived without any sort of warning, but unlike most Apple updates, only a single bug was listed on the "Fix list," and even by Apple's brisk and efficient bug-listing standards, the information published was thin. All we know is that Apple says that it "Is aware of a report that this issue may have been actively exploited".

Now it's Apple's turn to be in the patch-right-now spotlight, with a somewhat under-announced emergency zero-day fix, just a few days after the company's last, and much broader, security update. These include elevation of privilege, where an otherwise uninteresting app suddenly gets the same sort of power as the operating system itself, or even remote code execution, where an otherwise innocent operation, such as viewing a web page or opening up an image, could trick the kernel into running completely untrusted code that didn't come from Apple itself.