Security News

Apple has released security updates to address the eighth zero-day vulnerability used in attacks against iPhones and Macs since the start of the year. In security advisories issued on Monday, Apple revealed they're aware of reports saying this security flaw "May have been actively exploited."

How to unlock 1Password on a Mac We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. They're also impossible to remember, and that's the whole point: You only need to know how to unlock your 1Password vault and then you can access all your ultra-secure passwords and use the 1Password browser extensions to auto-fill them in your web browser.

Apple has released emergency security updates today to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones, iPads, or Macs. Today, Apple has released macOS Monterey 12.5.1 and iOS 15.6.1/iPadOS 15.6.1 to resolve two zero-day vulnerabilities that are reported to have been actively exploited.

Given the apparent speed and ease with which Zoom was able to emit a patch for the bug, dubbed CVE-2022-28756, you're probably wondering why Wardle didn't tell Zoom about the bug in advance, setting the day of his speech as the deadline for revealing the details. That would have given Zoom time to push out the update to its many Mac users, thus eliminating the gap between Wardle explaining to the world how to abuse the bug, and the patching of the bug.

ESET researchers discovered CloudMensis, a macOS backdoor that spies on users of compromised Macs and uses public cloud storage services to communicate back and forth with its operators. Outline of how CloudMensis uses cloud storage services.

ESET researchers first spotted the new malware in April 2022 and named it CloudMensis because it uses pCloud, Yandex Disk, and Dropbox public cloud storage services for command-and-control communication. CloudMensis' capabilities clearly show that its operators' main goal is to collect sensitive info from infected Macs through various means.

Apple on Wednesday announced it plans to introduce an enhanced security setting called Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura to safeguard high-risk users against "Highly targeted cyberattacks." Lockdown Mode, when enabled, "Hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware," Apple said in a statement.

A new hardware attack targeting Pointer Authentication in Apple M1 CPUs with speculative execution enables attackers to gain arbitrary code execution on Mac systems. Discovered by researchers at MIT's Computer Science & Artificial Intelligence Laboratory, this new class of attack would allow threat actors with physical access to Macs with Apple M1 CPUs to access the underlying filesystem.

Zoom has fixed a security flaw in its video-conferencing software that a miscreant could exploit with chat messages to potentially execute malicious code on a victim's device. The upshot is that someone who can send you chat messages could cause your vulnerable Zoom client app to install malicious code, such as malware and spyware, from an arbitrary server.

Another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems. PyPI is a repository of open-source packages that developers can use to share their work or benefit from the work of others, downloading the functional libraries required for their projects.