Security

During an analysis of various splinter samples of a noteworthy macOS stealer, security researchers at Moonlock discovered one with an alarming level of sophistication. Under the disguise of the unreleased video game GTA 6, once installed, the malware executes rather clever techniques to extract sensitive information, such as passwords from a user’s local Keychain.

In typical Security Bite fashion, here’s the breakdown: how it works and how to stay safe.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

One of the latest attacks on iPhone sees malicious parties abuse the Apple ID password reset system to inundate users with iOS prompts to take over their accounts. Here’s how you can protect against iPhone password reset attacks (often called “MFA bombing”).

There are many known phishing attacks that target users of Apple devices to gain access to their Apple ID. However, a new “elaborate” attack uses a bug in the Apple ID password reset feature with “push bombing” or “MFA fatigue” techniques to flood Apple devices with password reset requests.

iOS includes an iMessage security feature called Contact Key Verification (CKV) that gives users more certainty they’re messaging with the people they think they are. Follow along for what this feature is, how it works, and how to turn on Contact Key Verification on for iMessage.

iOS 17.4.1 and macOS 14.4.1 have arrived for all users after the major iOS 17.4/macOS 14.4 updates. Now Apple has revealed what important security patches come with the latest updates for iPhone, Mac, and more.

Two senators who have received classified TikTok national security briefings say that the information revealed to them has left them “deeply troubled.”

They are calling for the information to be declassified, as they say it is “critically important” that the American people can consider the issues for themselves – especially if they currently use the Chinese-owned app …

Update: Apple released details on the security patches for iOS 17.4.1, iPadOS 17.4.1, visionOS 1.1.1, as well as macOS 14.4.1. They all patch an integer overflow vulnerability in two separate frameworks. Apple didn’t say whether it was being actively exploited. More details can be found here.

Last week, Apple released iOS 17.4.1 with rather vague release notes claiming to include important bug fixes and security patches. Two days later, the company has yet to add any specifics. This is unusual for Apple, which typically lists critical security patches hours after a release and suggests that the ones in iOS 17.4.1 could be significant or something else entirely…

University researchers have found an unpatchable security flaw in Apple Silicon Macs, which would allow an attacker to break encryption and get access to cryptographic keys.

The flaw is present in M1, M2, and M3 chips, and because the failing is part of the architecture of the chips, there’s no way for Apple to fix it in current devices …

Ever wonder what malware can your Mac detect and remove without any third-party software? Recently, security researchers have correlated some bizarre macOS YARA rules used by the built-in XProtect suite with their public names. Here’s what malware it looks for…

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

ExpressVPN has been making impressive moves in the hardware space since the introduction of the Aircove router in 2022. Today, the popular virtual private network provider is expanding its lineup by launching its first portable Wi-Fi 6 router with built-in VPN protection. Meet Aircove Go.

Apple on Tuesday released an update for GarageBand, its digital audio workstation software. However, although the update doesn’t add any new features, it does bring an important security patch for for GarageBand users on macOS. Read on as we detail which exploit today’s update fixes.

An Android trojan called GoldDigger surfaced last year that can steal biometric data and more from victims to compromise their bank accounts. Now the threat has evolved into the GoldPickaxe trojan that can infect iOS and Android. Fortunately, there are several simple ways to protect against the first iPhone trojan, here’s what you should know.

CISA says two systems were hacked in February through vulnerabilities in Ivanti products. In response, the agency had to shut down both systems, which reportedly had critical ties to U.S. infrastructure.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

We learned with the public launch of iOS 17.4 that Apple included fixes for two exploited vulnerabilities and two other security issues. Now with the arrival of macOS 14.4, there are over 50 security patches and the list of security fixes for iOS 17.4 has been updated to over 40.

Yesterday’s global meta outage seemingly took out the company’s entire network, with users unable to access Facebook, Messenger, Instagram, Threads, and Quest headsets.

The outage lasted between one and two hours for most users, and while everything now appears back to normal, questions are naturally being asked about what went wrong …

Regain clarity with CleanMyPhone by MacPaw — the new AI-powered cleaning app that quickly identifies and removes blurred images, screenshots, and other clutter from your device. Download it now with a free trial.

iOS 17.4 is here for all users and comes with lots of changes including new emoji, a CarPlay update, EU App Store changes, quantum security for iMessage, and more. However, there are also important security fixes with the release. Here are all the details.

Apple is set to release iOS 17.4 to the public next week with a major update for EU users that allows third-party app stores and more. Now ahead of the Digital Markets Act going into effect, Apple has shared the most up-to-date and comprehensive resource about all the changes and its approach and “efforts to protect user security and privacy in the European Union.”

The Android and iPhone spyware company NSO has suffered a major defeat in a US court, after a judge ruled that the company must hand over its Pegasus code to Meta.

It’s the latest setback for the company, which has been blacklisted in the US, sued by Apple, seen victims alerted by the iPhone maker, and faced severe financial problems …

Hey, Arin here. Last week was the busiest for security so far this year. We saw an unprecedented offensive on the LockBit ransomware gang; Apple moved to make iMessage future-proof with quantum computer protection, and the topic of this week, Jamf’s new report highlighting some alarming statistics around Apple-using businesses. So, grab your drink of choice. Let’s get into it…

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

It’s never been more important to protect yourself and your family online. Fortunately, Surfshark makes that effortless with an all-in-one app that delivers a secure and fast VPN as well as protection for your devices and identity. Read along for how to change your location on iPhone and get Surfshark VPN free for two months.