Security News
Apple announced additional security and privacy updates for its newest operating system. In this Help Net Security video, you’ll learn how to activate Lockdown Mode on your Mac in macOS Ventura....
Apple has fixed a slew of vulnerabilities in macOS, iOS, and iPadOS, including a zero-day kernel vulnerability exploited by attackers in the wild. "Apple is aware of a report that this issue may have been actively exploited," the company said, and noted that the vulnerability has been remediated with improved bounds checks.
Apple has released another round of security updates to address multiple vulnerabilities in iOS and macOS, including a new zero-day flaw that has been used in attacks in the wild.It's worth noting that CVE-2022-32917 is also the second Kernel related zero-day flaw that Apple has remediated in less than a month.
Apple has pushed out five security fixes including including two vulnerabilities in its iPhones, iPads and Mac operating systems that are already being exploited. The vendor said it fixed the flaw with improved bounds checks and has released patches for iPhone 6 and later, iPad Pro, iPad Air 2 and later, and iPad 5, iPad mini 4, and iPod touch models and all newer kit.
The operators of the XCSSET macOS malware have upped the stakes by making iterative improvements that add support for macOS Monterey by upgrading its source code components to Python 3. "The malware authors have changed from hiding the primary executable in a fake Xcode.app in the initial versions in 2020 to a fake Mail.app in 2021 and now to a fake Notes.app in 2022," SentinelOne researchers Phil Stokes and Dinesh Devadoss said in a report.
The North Korea-backed Lazarus Group has been observed targeting job seekers with malware capable of executing on Apple Macs with Intel and M1 chipsets. Slovak cybersecurity firm ESET linked it to a campaign dubbed "Operation In(ter)ception" that was first disclosed in June 2020 and involved using social engineering tactics to trick employees working in the aerospace and military sectors into opening decoy job offer documents.
North Korean hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase and lure in employees in the financial technology sector. Lazarus hackers have used fake job offers in the past and in a recent operation they used malware disguised as a PDF file with details about a position at Coinbase.
North Korean APT Lazarus is up to its old tricks with a cyberespionage campaign targeting engineers with a fake job posting that attempt to spread macOS malware. The malware is similar to a sample discovered by ESET in May, which also included a signed executable disguised as a job description, was compiled for both Apple and Intel, and dropped a PDF decoy, researchers said.
The exploit works by targeting the installer for the Zoom application, which needs to run with special user permissions in order to install or remove the main Zoom application from a computer. Though the installer requires a user to enter their password on first adding the application to the system, Wardle found that an auto-update function then continually ran in the background with superuser privileges.
The tamper protection feature in Microsoft Defender for Endpoint for macOS is getting rolled out to all customers, the company has announced on Monday. "While in Audit mode, TP signals can be viewed via Advanced Hunting and in local on-device logs. No tampering alerts are raised in the Security Center while in Audit mode. Alerts are raised in the portal only in block mode," explained Camilla Sophie Djamalov, a Program Manager Intern at Microsoft.