Security News

Threat actors known as WildPressure have added a macOS malware variant to their latest campaign targeting energy sector businesses, while enlisting compromised WordPress websites to carry out attacks. Novel malware, initially identified in March 2020 and dubbed Milum, has now been retooled with a PyInstaller bundle containing a trojan dropper compatible with Windows and macOS systems, according to researchers.

Apple previewed new privacy protections in iOS 15, iPadOS 15, macOS Monterey, and watchOS 8, which help users better control and manage access to their data. With App Privacy Report, users can see how often each app has used the permission they've previously granted to access their location, photos, camera, microphone, and contacts during the past seven days.

Trend Micro on Thursday disclosed the details of a recently patched privilege escalation vulnerability that has been found to impact macOS, iOS and iPadOS. The flaw, tracked as CVE-2021-30724, was discovered by Trend Micro researcher Mickey Jin, and it was patched by Apple on May 24 with the release of macOS 11.4, iOS 14.6 and iPadOS 14.6. The vulnerability, caused by an out-of-bounds memory access issue, can allow a local attacker to elevate privileges by sending specially crafted requests.

Cisco's Talos threat intelligence and research unit on Wednesday disclosed the details of several SMB-related vulnerabilities patched recently by Apple in its macOS operating system. Apple's own SMB stack is called SMBX. Talos disclosed seven vulnerabilities found in SMBX server components and also detailed the process it used to identify them.

Apple has patched a critical bug in macOS that could be exploited to take screenshots of someone's computer and capture images of their activity within applications or on video conferences without that person knowing. Apple addressed the vulnerability-discovered by researchers at enterprise cybersecurity firm Jamf- in the latest version of macOS, Big Sur 11.4, released on Monday, the company told Forbes, according to a published report.

A zero-day vulnerability that allowed XCSSET malware to surreptitiously take screenshots of the victim's desktop has been fixed by Apple on macOS 11.4 on Monday. The XCSSET malware and its CVE-2021-30713 exploitation.

Apple on Monday announced that software updates for its desktop and mobile operating systems address tens of vulnerabilities, including a zero-day flaw in macOS Big Sur that has been exploited in attacks. Security researchers with Jamf, a firm that specializes in enterprise management software for Apple devices, say that the vulnerability has been actively exploited by the XCSSET malware, which infects Xcode projects to target Mac developers.

Apple on Monday rolled out security updates for iOS, macOS, tvOS, watchOS, and Safari web browser to fix multiple vulnerabilities, including an actively exploited zero-day flaw in macOS Big Sur and expand patches for two previously disclosed zero-day flaws. Tracked as CVE-2021-30713, the zero-day concerns a permissions issue in Apple's Transparency, Consent, and Control framework in macOS that maintains a database of each user's consents.

Apple has patched a hole in macOS that has been exploited by malware to secretly take screenshots on victims' Macs. Three flaws, including one spotted by Google's Project Zero, fixed in iOS 14.6 and iPadOS 14.6 can be exploited by a malicious app to run code with kernel-level privileges, allowing malicious software to completely take over the device.

Apple has released security updates to patch three macOS and tvOS zero-day vulnerabilities attackers exploited in the wild, with the former being abused by the XCSSET malware to bypass macOS privacy protections. In all three cases, Apple said that it is aware of reports that the security issues "May have been actively exploited," but it didn't provide details on the attacks or threat actors who may have exploited the zero-days.