Security News

Use Zoom on a Mac? You might want to check your microphone usage
2022-02-10 14:07

Apple Mac users running the Zoom meetings app are reporting that it's keeping their computer's microphone on when they aren't using it. Users began complaining about the issue after Monterrey was released late last year, and on December 27, Zoom Inc put out an update that was meant to address the bug, stating that version 5.9.1 "Resolved an issue regarding the microphone light indicator being triggered when not in a meeting."

JumpCloud joins the patch management crowd, starting with Windows and Mac updates
2022-02-03 19:07

Cloud directory specialist JumpCloud is moving into the crowded patch management market with an extension to its platform to automate patch updates. Companies such as Apple or Microsoft already have varying levels of patch management tools in their armoury.

New Variant of UpdateAgent Malware Infects Mac Computers with Adware
2022-02-03 16:38

The company's Microsoft 365 Defender Threat Intelligence Team dubbed the new malware family "UpdateAgent," charting its evolution from a barebones information stealer to a second-stage payload distributor as part of multiple attack waves observed in 2021. "The latest campaign saw the malware installing the evasive and persistent Adload adware, but UpdateAgent's ability to gain access to a device can theoretically be further leveraged to fetch other, potentially more dangerous payloads," the researchers said.

Apple Pays $100.5K Bug Bounty for Mac Webcam Hack
2022-01-31 18:18

A researcher who showed Apple how its webcams can be hijacked via a universal cross-site scripting bug Safari bug has been awarded what is reportedly a record $100,500 bug bounty. The bug could be used by an adversary as part of an attack to gain full access to every website ever visited by the victim.

Apple needs to un-Mac-ify security and privacy in Safari
2021-11-24 14:00

For the past couple of years, Apple has made plenty of claims that its browser is all about security. The problem is, like with so much of what they do, Apple forces the users into working with their apps the way they believe is best.

Mac Zero Day Targets Apple Devices in Hong Kong
2021-11-12 18:05

Since at least late August, attackers have been using flaws in macOS and iOS - including in-the-wild use of what was then a zero-day flaw - to install a backdoor on the Apple devices of users who visited Hong Kong-based media and pro-democracy sites. In other words, the threat actors threaded malware into the legitimate websites of "a media outlet and a prominent pro-democracy labor and political group" in Hong Kong, according to TAG. The victims' devices were inflicted with what was then a zero day, plus another exploit that used a previously patched vulnerability for macOS that was used to install a backdoor on their computers, according to TAG's report.

Microsoft patches Excel zero-day used in attacks, asks Mac users to wait
2021-11-10 15:36

During this month's Patch Tuesday, Microsoft has patched an Excel zero-day vulnerability exploited in the wild by threat actors. Microsoft also patched a second Excel security flaw used during the Tianfu Cup hacking contest last month, a remote code execution bug tracked as CVE-2021-40442 and exploitable by unauthenticated attackers.

macOS Monterey update causes some Macs to become unbootable
2021-11-02 14:50

A growing number of Mac and Macbook owners report that their devices become unbootable after attempting to update to the latest version of macOS, codenamed 'Monterey. Since macOS Monterey has been released, social media is filling up with a growing number of complaints about their devices becoming "Bricked" or unbootable after upgrading.

Microsoft: WizardUpdate Mac malware adds new evasion tactics
2021-10-22 15:14

Microsoft says it found new variants of macOS malware known as WizardUpdate, updated to use new evasion and persistence tactics. The trojan will deploy second-stage malware payloads, including a malware variant tracked as Adload, active since late 2017 and known for being able to slip through Apple's YARA signature-based XProtect built-in antivirus to infect Macs.

A new zero-day is being exploited to compromise Macs (CVE-2021-30869)
2021-09-24 10:31

Another zero-day in Apple's software is being actively exploited by attackers, forcing the company to push out security updates for macOS Catalina and iOS 12. Flagged by researchers Erye Hernandez and Clément Lecigne of Google's Threat Analysis Group and Ian Beer of Google Project Zero, the vulnerability is a type confusion issue found in XNU, the kernel of Apple's macOS and iOS operating systems.