macOS

tripwire.com

A Zoom zero-day exploit is up for sale for $500,000

There are reportedly two zero-day vulnerabilities present in the latest versions of Zoom for Windows and macOS – and exploits for the unpatched flaws are being actively hawked to anyone who might be prepared to pay.

Read more in my article on the Tripwire State of Security blog.

bitdefender.com

Hacking the iOS/macOS webcam – Apple pays out $75,000 to bug hunter

A vulnerability researcher has received a bug bounty after discovering security holes in Apple’s software that could allow malicious parties to hijack an iPhone or Mac user’s camera and spy upon them.

Read more in my article on the Hot for Security blog.

WhatsApp flaw gave hackers access to files from Windows and Macs

If you run WhatsApp’s desktop client on your Mac or PC then you would be wise to make sure it’s up-to-date, following the revelation that a security researcher uncovered a critical security flaw.

1 in 10 Macs hit by crude malware that poses as Flash Player update, reports Kaspersky

If the criminals are continuing to make money by infecting Apple Mac computers in this fashion, whatever makes you think that they’ll come up with a more original social engineering trick?

bitdefender.com

Mac users warned that disabling all Office macros doesn’t actually disable all Office macros

It’s been almost 25 years since macro malware first reared its head, and it would be nice to think that the defences Microsoft has built into its Office suite in the years since would do a half-decent job of stemming the threat.

Unfortunately, it seems that’s not the case – at least not for users of the Mac version of Microsoft Office.

Read more in my article on the Hot for Security blog.

bitdefender.com

Untitled Goose Game security hole could have allowed hackers to wreak havoc

The highly popular “Untitled Goose Game” has been found to be vulnerable to an attack that could allow hackers to run malicious code on your computer.

Read more in my article on the Hot for Security blog.

tripwire.com

CookieMiner malware targets Macs, steals passwords and SMS messages, mines for cryptocurrency

Security researchers have discovered a new Mac malware threat that appears to be a sophisticated attempt to raid cryptocurrency wallets.

Read more in my article on the Tripwire State of Security blog.

Apple pushes out another silent update to address flaws in RingCentral and other video conferencing apps

RingCentral and other video conferencing apps share the same flaws as those revealed in Zoom earlier this month, including the ability to hijack users’ webcams without their permission.

Apple pushes out further silent updates to protect users from sketchy app behaviour.

Apple pushes out silent update to remove sketchy Zoom code from Macs

Zoom, the makers of a video conferencing app used by millions of people around the world, did not handle the discovery of a privacy vulnerability its software at all well.

It’s a good thing, then, that Apple has nixed the software’s dodgy behaviour.

Smashing Security podcast #136: Oops, we created Iran’s hacking exploit

Mac users of the Zoom video conferencing app are warned their webcams could be hijacked, security firms warn of how scammers are deepfaking audio to steal from businesses, and our guest owns up to the role he played in an Iranian cyberattack against US organisations.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Charl van der Walt.

Zoom Mac flaw allows webcams to be hijacked – because they wanted to save you a click

If you have installed Zoom, any website can turn on your Mac’s webcam without asking your permission.

Oh, and if you’ve since uninstalled Zoom – that doesn’t fix the problem.

Ever app users uploaded billions of photos, unaware they were being used to build a facial recognition system

Users have shared the private photos stored in their email and social networks with Ever – not realising that they were being used to feed a facial recognition system.

Apple sued because two-factor authentication… oh, I give up

An American man is bringing a class action against Apple, complaining that two-factor authentication (2FA) on an iPhone or Mac takes too much time.

Smashing Security podcast #115: Love, Nests, and is 2FA destroying the world?

Is two factor authentication such a pain in the rear end that it’s costing the economy millions? Do you feel safe having a Google Nest in your home? And don’t get caught by a catfisher this Valentine’s Day.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by B J Mendelson.

Smashing Security podcast #095: British Airways hack, Mac apps steal browser history, and one person has 285,000 texts leaked

Malicious script is being blamed for the British Airways hack, Trend Micro’s apps are booted out of the Mac App Store for snaffling private data, and Paul Manafort’s daughter wants Twitter to remove a link.

All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast.

Trend Micro apologises after Mac apps found scooping up users’ browser history

Trend Micro has confirmed reports that some of its Mac consumer products were silently sending users’ browser history to its servers, and apologised to customers for any “concern they might have felt.”

But apparently it’s the users’ fault anyway for not reading the EULA.