Security News

Mozilla Firefox 111.0.1 fixes Windows 11 and macOS crashes
2023-03-21 20:07

Mozilla has addressed issues causing Firefox to crash on macOS and to freeze with a non-responding blank window when starting on Windows 11 systems. According to the user who first reported the Windows freeze issue, the bug likely impacts Firefox users running Windows 11 who have also installed this month's KB5023706 cumulative update.

Hackers Using Trojanized macOS Apps to Deploy Evasive Cryptocurrency Mining Malware
2023-02-23 16:49

Trojanized versions of legitimate applications are being used to deploy evasive cryptocurrency mining malware on macOS systems. "This malware makes use of the Invisible Internet Project to download malicious components and send mined currency to the attacker's wallet," Jamf researchers Matt Benyo, Ferdous Saljooki, and Jaron Bradley said in a report shared with The Hacker News.

Apple splats zero-day bug, other gremlins in macOS, iOS
2023-02-15 05:27

Apple this week released bug-splatting updates to its operating systems and Safari browser, to fix a zero-day vulnerability in its WebKit browser engine that's reported to have been actively exploited. Apple's advisory says the company "Is aware of a report that this issue may have been actively exploited." It credits an anonymous researcher for reporting the bug and its iOS advisory also acknowledges "The Citizen Lab at The University of Toronto's Munk School for their assistance."

Apple fixes actively exploited WebKit zero-day in iOS, macOS (CVE-2023-23529)
2023-02-14 10:01

Apple has released security updates that fix a WebKit zero-day vulnerability that "May have been actively exploited."The bug has been fixed in iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3.1, and possibly also in tvOS 16.3.2 and watchOS 9.3.1 - though release notes for the updates for those Internet of Things operating systems have been temporarily witheld.

Patch Now: Apple's iOS, iPadOS, macOS, and Safari Under Attack with New Zero-Day Flaw
2023-02-14 04:44

Apple on Monday rolled out security updates for iOS, iPadOS, macOS, and Safari to address a zero-day flaw that it said has been actively exploited in the wild. It's not immediately clear as to how the vulnerability is being exploited in real-world attacks, but it's the second actively abused type confusion flaw in WebKit to be patched by Apple after CVE-2022-42856 in as many months, which was closed in December 2022.

Dridex malware pops back up and turns its attention to macOS
2023-01-06 15:30

A variant of the bad penny that is Dridex, the general-purpose malware that has been around for years, now has macOS platforms in its sights and a new way of delivering malicious macros via documents. While the Dridex variant has macOS systems in its sights, the malicious payload it delivers is a Microsoft exe file, which won't run in a MacOS environment.

Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
2023-01-06 14:15

Microsoft has shed light on four different ransomware families - KeRanger, FileCoder, MacRansom, and EvilQuest - that are known to impact Apple macOS systems. The initial vector for these ransomware families involves what the Windows maker calls "User-assisted methods," wherein the victim downloads and installs trojanized applications.

Dridex Malware Now Attacking macOS Systems with Novel Infection Method
2023-01-06 13:46

A variant of the infamous Dridex banking malware has set its sights on Apple's macOS operating system using a previously undocumented infection method, according to latest research. Previous Dridex campaigns targeting Windows have leveraged macro-enabled Microsoft Excel documents sent via phishing emails to deploy the payload. A law enforcement operation orchestrated by Europe and the U.S. disrupted the botnet in October 2015 and a Moldovan national named Andrey Ghinkul was arrested for his role as an administrator of the operation.

Microsoft reports macOS Gatekeeper has an 'Achilles' heel
2022-12-20 19:30

Security researchers at Microsoft have discovered a bug in macOS that lets malicious apps bypass Apple's Gatekeeper security software "For initial access by malware and other threats." Gatekeeper has been a part of macOS for a decade and is used to validate that apps are signed and notarized before allowing them to be launched.

Microsoft Details Gatekeeper Bypass Vulnerability in Apple macOS Systems
2022-12-20 05:52

Microsoft has disclosed details of a now-patched security flaw in Apple macOS that could be exploited by an attacker to get around security protections imposed to prevent the execution of malicious applications. The shortcoming, dubbed Achilles, was addressed by the iPhone maker in macOS Ventura 13, Monterey 12.6.2, and Big Sur 11.7.2, describing it as a logic issue that could be weaponized by an app to circumvent Gatekeeper checks.