Security News

Simply put, there were zero days during which even the most proactive and cybersecurity conscious users amongst us could have been patched in advance of the crooks. Just to be clear: the Apple Safari browser uses WebKit for "Processing web content" on all Apple devices, although third-party browsers such as Firefox, Edge and Chromium don't use WebKit on Mac.

The Cybersecurity and Infrastructure Security Agency ordered federal agencies to patch two security vulnerabilities actively exploited in the wild to hack iPhones, Macs, and iPads. According to a binding operational directive issued in November 2022, Federal Civilian Executive Branch Agencies agencies are required to patch their systems against all security bugs added to CISA's Known Exploited Vulnerabilities catalog.

Apple has released emergency security updates to address two new zero-day vulnerabilities exploited in attacks to compromise iPhones, Macs, and iPads. Last week, Google TAG and Amnesty International exposed two recent series of attacks using exploit chains of Android, iOS, and Chrome zero-day and n-day flaws to deploy mercenary spyware.

Microsoft says its Outlook for Mac email and calendar client is now available for free, and it will no longer require an Office license or a Microsoft 365 subscription to be used. Outlook for Mac comes with support for Microsoft 365, Outlook.com, Gmail, Yahoo Mail, iCloud, IMAP, and POP accounts, according to its Mac App Store page.

The latest version of Google Chrome for macOS includes new optimizations that increase battery life on MacBooks. The reason why Google is optimizing Chrome battery consumption on Macs is likely because users report that Safari has much better performance on the system, leading them to use Apple's browser instead. Chrome's latest improvements will also be felt by those using older Apple hardware like Intel-based Macbooks.

Security researchers discovered a cryptomining operation targeting macOS with a malicious version of Final Cut Pro that remains largely undetected by antivirus engines. From the first generation, the malware used an i2p network layer for command and control communications to anonymize traffic.

Apple has revised the security advisories it released last month to include three new vulnerabilities impacting iOS, iPadOS, and macOS. The first flaw is a race condition in the Crash Reporter component that could enable a malicious actor to read arbitrary files as root. "An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges," Apple said, adding it patched the issues with "Improved memory handling."

Apple has released emergency security updates to address a new zero-day vulnerability used in attacks to hack iPhones, iPads, and Macs. The zero-day patched today is tracked as CVE-2023-23529 [1, 2] and is a WebKit confusion issue that could be exploited to trigger OS crashes and gain code execution on compromised devices.

Anti-analysis techniques are deployed by malware to evade analysis or render the file analysis much more complex and difficult for researchers and malware sandboxes. File enumeration is a critical operation for ransomware operators.

BYOD policies have made enterprise networks more diverse, and devices that used to only be connected to corporate networks are now likely on the internet as well. "You have to think of everything that runs software or code in your network as you do threat modeling for your network, and then have a plan in place," Ganacharya said.