Security News

Mosyle announced new integrations with Okta and Ping Identity for Mosyle Fuse and Mosyle Business customers. With this release, enterprises are now able to use Mosyle Auth 2 - the company's single sign-on solution purpose built for macOS - with Okta and Ping Identity for all company managed Mac devices.

Apple's brand new Mac has a security hole, right inside the processor itself! The vulnerability is baked into Apple Silicon chips, and cannot be fixed without a new silicon revision.

Apple is using the growing threat of malware on its Mac platform as a defense in a lawsuit that could force the company to open up new channels of applications for its mobile iOS platform. In testimony in a California court Wednesday, Apple head of software engineering, Craig Federighi called the level of malware threat against the Mac platform one that the company finds "Unacceptable" and continue to defend against with restrictive application-distribution platforms, according to a published report on CNET. Federighi's comments were made as Apple executives begin testifying in a court case Epic Games-the maker of the hugely popular Fortnite-have brought against the tech giant for what Epic views as restrictive policies on the iOS App Store.

Apple's latest macOS updates patch three vulnerabilities that can be exploited to bypass security mechanisms, including one that has been exploited in the wild and one that impacts only Macs powered by the M1 chip. It was reported earlier this week that one of the security holes patched in macOS Big Sur and Catalina has been exploited by a piece of malware known as Shlayer to bypass security mechanisms designed by Apple to protect users against malicious files downloaded from the internet, specifically file quarantine, Gatekeeper and notarization.

A Mac malware campaign targeting Xcode developers has been retooled to add support for Apple's new M1 chips and expand its features to steal confidential information from cryptocurrency apps. XCSSET came into the spotlight in August 2020 after it was found to spread via modified Xcode IDE projects, which, upon the building, were configured to execute the payload. The malware repackages payload modules to imitate legitimate Mac apps, which are ultimately responsible for infecting local Xcode projects and injecting the main payload to execute when the compromised project builds.

New episode - watch now!

The hacked version of Xcode would add malware into iOS apps when they were compiled on an infected system, without infecting the source code of the app itself. As we said at the time, "Developers with sloppy security practices, such as using illegally-acquired software of unvetted origin for production builds, turned into iOS malware generation factories for the crooks behind XcodeGhost."

A recently discovered Mac malware has been used by unknown threat actors to target software developers who use Apple's Xcode integrated development environment. SentinelOne learned about the malware from an anonymous researcher, but the company also spotted XcodeSpy in the wild in late 2020 at an organization in the United States.

Avira has released an all-new Avira Security for Mac, including a free version as well as Prime for premium features. Avira Security for Mac has been redesigned from the ground up and is built using the latest Apple's Swift, SwiftUI, Combine frameworks alongside with the best in breed Avira protection technologies such as SAVAPI and APC. The app benefits from the latest technology stack to conserve system resources and not slow down the system, all while delivering best-in-class protection.

As the new kid on the block, the M1 chip-based Mac is already on the radar of malware writers, says Kaspersky. Discovered for the first time last year, the XCSSET malware mainly targets Mac developers by injecting a malicious payload into Xcode IDE projects on the victim's Mac.