Security News

The North Korean-backed BlueNorOff threat group targets Apple customers with new macOS malware tracked as ObjCShellz that can open remote shells on compromised devices. ObjCShellz is an Objective-C-based malware, quite different from other malicious payloads deployed in previous BlueNorOff attacks.

On Wednesday, Apple released security updates for all supported branches of iOS and iPadOS, macOS, tvOS, watchOS and Safari. Another vulnerability of note fixed this Wednesday with the release of iOS 17.1 and iPadOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, tvOS 17.1 and watchOS 10.1 is CVE-2023-42846, a bug that made a privacy-enhancing feature not work as intended.

A group of academics has devised a novel side-channel attack dubbed iLeakage that exploits a weakness in the A- and M-series CPUs running on Apple iOS, iPadOS, and macOS devices, enabling the...

A new, redesigned, and faster Microsoft Teams application is generally available for all Windows and macOS users starting today. As revealed when the new Teams was made available as a preview release in March, the new client will launch three times faster, enabling users to switch between chats and channels up to 1.7 times faster than the Classic Teams app.

Discover strategies for securing data on your personal Mac for work tasks. The temptation to use your personal Mac to check work email, confirm a professional appointment, access an employer's cloud-based app or draft a business document is difficult to resist.

Apple released emergency security updates to fix two new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 13 exploited zero-days patched since the start of the year. Since the start of the year, Apple has patched 13 zero-day bugs exploited in attacks against devices running iOS, macOS, iPadOS, and watchOS. While Apple has yet to disclose details regarding attacks exploiting the flaws patched today, it acknowledged that CVE-2023-41064 was found and reported by Citizen Labs, whose researchers have previously shared information on other Apple zero-days exploited to deploy commercial spyware on computers and iPhones in targeted attacks.

A new malvertising campaign has been observed distributing an updated version of a macOS stealer malware called Atomic Stealer, indicating that it's being actively maintained by its author. An off-the-shelf Golang malware available for $1,000 per month, Atomic Stealer first came to light in April 2023.

Microsoft has announced it is retiring Visual Studio for Mac and that support for the latest version, 17.6, will continue for another year, until August 31, 2024. NET Core, and the support for Android and iOS app writing through Xamarin made Visual Studio for Mac a versatile choice for developers.

AdLoad, well-known malware that has been targeting systems running macOS for over half a decade, has been observed delivering a new payload that - unbeknown to the owners - enlisted their systems into a residential proxy botnet. "Alien Labs has identified over 10,000 IPs reaching out to the proxy servers each week that have the potential to be proxy exit nodes. It is unclear if all these systems have been infected or are voluntarily offering their systems as proxies, but it could be indicative of a bigger infection globally."

Apple has rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address several security vulnerabilities, including one actively exploited zero-day bug in the wild. "Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1," the tech giant noted in its advisory.