apple
Microsoft spots XCSSET macOS malware variant used for crypto theft
A new variant of the XCSSET macOS modular malware has emerged in attacks that target users’ sensitive information, including digital wallets and data from the legitimate Notes app. The malware is typically distributed through infected Xcode projects. It has been around for at least five years and each update represents a milestone in XCSSET’s development. The current […]
Apple fixes zero-day exploited in ‘extremely sophisticated’ attacks
Apple has released emergency security updates to patch a zero-day vulnerability that the company says was exploited in targeted and “extremely sophisticated” attacks. “A physical attack may disable USB Restricted Mode on a locked device,” the company revealed in an advisory targeting iPhone and iPad users. “Apple is aware of a report that this issue may have […]
First Apple-notarized porn app available to iPhone users in Europe
The first Apple-notarized porn app, “Hot Tub,” is now available to iPhone users in Europe through the alternative app marketplace, AltStore PAL. Apple does not allow pornographic or adult content apps on the official Apple App Store. However, to comply with the EU’s Digital Markets Act (DMA), Apple is now required as a “gatekeeper” to allow […]
New Apple CPU side-channel attacks steal data from browsers
A team of security researchers has disclosed new side-channel vulnerabilities in modern Apple processors that could steal sensitive information from web browsers. The Georgia Institute of Technology and Ruhr University Bochum researchers, who presented another attack dubbed ‘iLeakage’ in October 2023, presented their new findings in two separate papers, namely FLOP and SLAP, which show distinct flaws […]
Apple fixes this year’s first actively exploited zero-day bug
Apple has released security updates to fix this year’s first zero-day vulnerability, tagged as actively exploited in attacks targeting iPhone users. The zero-day fixed today is tracked as CVE-2025-24085 [iOS/iPadOS, macOS, tvOS, watchOS, visionOS] and is a privilege escalation security flaw in Apple’s Core Media framework. “A malicious application may be able to elevate privileges. Apple is aware of a report […]
Microsoft: macOS bug lets hackers install malicious kernel drivers
Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. System Integrity Protection (SIP), or ‘rootless,’ is a macOS security feature that prevents malicious software from altering specific folders and files by limiting the root user account’s powers in protected […]
Phishing texts trick Apple iMessage users into disabling protection
Cybercriminals are exploiting a trick to turn off Apple iMessage’s built-in phishing protection for a text and trick users into re-enabling disabled phishing links. With so much of our daily activities done from our mobile devices, whether paying bills, shopping, or communicating with friends and colleagues, threat actors increasingly conduct smishing (SMS phishing) attacks against mobile […]
Banshee stealer evades detection using Apple XProtect encryption algo
A new version of the Banshee info-stealing malware for macOS has been evading detection over the past two months by adopting string encryption from Apple’s XProtect. Banshee is an information stealer focused on macOS systems. It emerged in mid-2024 as a stealer-as-a-service available to cybercriminals for $3,000. Its source code was leaked on the XSS forums […]
Apple offers $95 million in Siri privacy violation settlement
Apple has agreed to pay $95 million to settle a class action lawsuit in the U.S. alleging that its Siri assistant recorded private conversations and shared them with third parties. The proposed lawsuit alleges that the audio data was disclosed without users’ consent to a network of third-party marketers and advertisers. Users complained of being targeted on their […]
Apple fixes two zero-days used in attacks on Intel-based Macs
Apple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems. “Apple is aware of a report that this issue may have been exploited,” the company said in an advisory issued on Tuesday. The two bugs were found in the macOS Sequoia JavaScriptCore (CVE-2024-44308) and WebKit (CVE-2024-44309) components of […]