Security News

Apple emits macOS, iOS, iPadOS patches for 'exploited' security bugs
2022-03-31 21:35

Apple has released updates for its mobile and desktop operating systems to patch security holes that may well have been exploited in the wild. On Thursday, the iPhone giant issued macOS Monterey 12.3.1; iOS 15.4.1 and iPadOS 15.4.1; tvOS 15.4.1; and watchOS 8.5.1 to address vulnerabilities in its software.

New Variant of Chinese Gimmick Malware Targeting macOS Users
2022-03-23 19:44

Researchers have disclosed details of a newly discovered macOS variant of a malware implant developed by a Chinese espionage threat actor known to strike attack organizations across Asia. Attributing the attacks to a group tracked as Storm Cloud, cybersecurity firm Volexity characterized the new malware, dubbed Gimmick, a "Feature-rich, multi-platform malware family that uses public cloud hosting services for command-and-control channels."

Custom macOS malware of Chinese hackers ‘Storm Cloud’ exposed
2022-03-22 20:49

Researchers have discovered a previously unknown macOS malware variant called GIMMICK, which is believed to be a custom tool used by a Chinese espionage threat actor known as 'Storm Cloud. The malware was discovered by researchers at Volexity, who retrieved it from the RAM of a MacBook Pro running macOS 11.6, which was compromised in a late 2021 cyberespionage campaign.

Western Digital app bug gives elevated privileges in Windows, macOS
2022-03-20 14:11

Western Digital's EdgeRover desktop app for both Windows and Mac are vulnerable to local privilege escalation and sandboxing escape bugs that could allow the disclosure of sensitive information or denial of service attacks. EdgeRover is a centralized content management solution for Western Digital and SanDisk products, unifying multiple digital storage devices under a single management interface.

How to add notes to iCloud passwords in macOS 12.3 and iOS 15.4
2022-02-18 15:34

How to add notes to iCloud passwords in macOS 12.3 and iOS 15.4. Now, with iOS 15.4 and macOS 12.3, Apple has added another feature to iCloud Keychain: Notes.

Google Drive flags macOS '.DS_Store' files for copyright violation
2022-02-18 09:10

DS Store' files generated by macOS file systems as a violation of its copyright infringement policy. DS Store" file on their Google Drive being flagged for violating Google's 'Copyright Infringement' policy.

Apple fixes actively exploited iOS, macOS zero-day (CVE-2022-22620)
2022-02-11 11:28

Another month, another zero-day exploited in the wild that has been fixed by Apple. Apple fixed it in iOS 15.3.1 and iPadOS 15.3.1, macOS Monterey 12.2.1, and Safari 15.3.

Apple Releases iOS, iPadOS, macOS Updates to Patch Actively Exploited Zero-Day Flaw
2022-02-10 19:30

Apple on Thursday released security updates for iOS, iPadOS, macOS, and Safari to address a new WebKit flaw that it said may have been actively exploited in the wild, making it the company's third zero-day patch since the start of the year. Tracked as CVE-2022-22620, the issue concerns a use-after-free vulnerability in the WebKit component that powers the Safari web browser and could be exploited by a piece of specially crafted web content to gain arbitrary code execution.

Remote code execution vulnerability in Samba due to macOS interop module
2022-02-02 17:57

Six months after LibreOffice 7.2, version 7.3 is out with faster and more accurate file importing and rendering for improved compatibility with Microsoft Office. The new release is the latest "Fresh" version.

Shlayer and Bundlore MacOS Malware Strains – How Uptycs EDR Detection Can Help
2022-01-28 14:00

Adware strains Shlayer and Bundlore are the most common malware in macOS - although they have slight variations, they have long invaded and bypassed Xprotect, Notarization, Gatekeeper, and File Quarantine, all security features pre-built into macOS. The Uptycs threat research team has tracked these threats, along with 90% of macOS malware in routine analysis and customer telemetry alerts using shell scripts. In this post, we break down the variations of malicious shell scripts in Shlayer and Bundlore, review the macOS utilities used by these malware strains, and show how Uptycs EDR detection can help.