Security News
Apple on Monday rolled out an urgent security update for iOS, iPadOS, and macOS to address a zero-day flaw that it said may have been actively exploited, making it the thirteenth such vulnerability Apple has patched since the start of this year. CVE-2021-30661 - Processing maliciously crafted web content may lead to arbitrary code execution.
Apple has released security updates to address a zero-day vulnerability exploited in the wild and impacting iPhones, iPads, and Macs. Three iOS zero-days in February, exploited in the wild and reported by anonymous researchers.
Apple on Monday released a major security update with fixes for a security defect the company says "May have been actively exploited" to plant malware on macOS and iOS devices. Instead, a line in Apple advisory simply reads: "Apple is aware of a report that this issue may have been actively exploited."
A malicious campaign focused on the industrial sector in the Middle East has been expanded to also target Mac computers, security researchers at Kaspersky have discovered. Dubbed WildPressure, the campaign started in May 2019 and for more than a year it involved only a Windows version of a malware named Milum.
Mosyle announced new integrations with Okta and Ping Identity for Mosyle Fuse and Mosyle Business customers. With this release, enterprises are now able to use Mosyle Auth 2 - the company's single sign-on solution purpose built for macOS - with Okta and Ping Identity for all company managed Mac devices.
Apple's brand new Mac has a security hole, right inside the processor itself! The vulnerability is baked into Apple Silicon chips, and cannot be fixed without a new silicon revision.
Apple is using the growing threat of malware on its Mac platform as a defense in a lawsuit that could force the company to open up new channels of applications for its mobile iOS platform. In testimony in a California court Wednesday, Apple head of software engineering, Craig Federighi called the level of malware threat against the Mac platform one that the company finds "Unacceptable" and continue to defend against with restrictive application-distribution platforms, according to a published report on CNET. Federighi's comments were made as Apple executives begin testifying in a court case Epic Games-the maker of the hugely popular Fortnite-have brought against the tech giant for what Epic views as restrictive policies on the iOS App Store.
Apple's latest macOS updates patch three vulnerabilities that can be exploited to bypass security mechanisms, including one that has been exploited in the wild and one that impacts only Macs powered by the M1 chip. It was reported earlier this week that one of the security holes patched in macOS Big Sur and Catalina has been exploited by a piece of malware known as Shlayer to bypass security mechanisms designed by Apple to protect users against malicious files downloaded from the internet, specifically file quarantine, Gatekeeper and notarization.
A Mac malware campaign targeting Xcode developers has been retooled to add support for Apple's new M1 chips and expand its features to steal confidential information from cryptocurrency apps. XCSSET came into the spotlight in August 2020 after it was found to spread via modified Xcode IDE projects, which, upon the building, were configured to execute the payload. The malware repackages payload modules to imitate legitimate Mac apps, which are ultimately responsible for infecting local Xcode projects and injecting the main payload to execute when the compromised project builds.
New episode - watch now!