macOS

tripwire.com

CookieMiner malware targets Macs, steals passwords and SMS messages, mines for cryptocurrency

Security researchers have discovered a new Mac malware threat that appears to be a sophisticated attempt to raid cryptocurrency wallets.

Read more in my article on the Tripwire State of Security blog.


0 sec read

Apple pushes out silent update to remove sketchy Zoom code from Macs

Zoom, the makers of a video conferencing app used by millions of people around the world, did not handle the discovery of a privacy vulnerability its software at all well.

It’s a good thing, then, that Apple has nixed the software’s dodgy behaviour.


1 min read

Apple sued because two-factor authentication… oh, I give up

An American man is bringing a class action against Apple, complaining that two-factor authentication (2FA) on an iPhone or Mac takes too much time.


34 sec read

Smashing Security #095: British Airways hack, Mac apps steal browser history, and one person has 285,000 texts leaked

Malicious script is being blamed for the British Airways hack, Trend Micro’s apps are booted out of the Mac App Store for snaffling private data, and Paul Manafort’s daughter wants Twitter to remove a link.

All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by David Emm of Kaspersky Lab.


1 min read

Trend Micro apologises after Mac apps found scooping up users’ browser history

Trend Micro has confirmed reports that some of its Mac consumer products were silently sending users’ browser history to its servers, and apologised to customers for any “concern they might have felt.”

But apparently it’s the users’ fault anyway for not reading the EULA.


2 min read

tripwire.com

Apps that steal users’ browser histories kicked out of the Mac App store

Apple has removed “Adware Doctor” from the macOS App Store amid claims that the program was uploading browser histories to China. And it turns out that wasn’t the only popular app stealing users’ private information.

Read more in my article on the Tripwire State of Security blog.


0 sec read

Smashing Security #069: Cryptomining, China, and Bob Ross

How come Apple’s Mac App Store authorised a buggy app that mined for cryptocurrency in the background? How can a Mosquito attack steal data from an air-gapped computer? And is China keeping score on its social media-loving citizens?

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest John Hawes.


59 sec read

Calendar 2 app pulled from Mac App Store after cryptomining controversy

Calendar 2 offered of its features for free if you allowed it to “unobtrusively” generate Monero cryptocurrency in the background.

Shame then that it wasn’t unobtrusive, and bugs meant it mined regardless of whether you wanted it to or not.


2 min read

Apple fixes ‘killer text bomb’ vulnerability with new update for iOS, macOS, watchOS, and tvOS

Apple released updates on Monday that will protect owners of iPhones, iPads, iMacs, MacBooks, iMac Pros, Apple Watches, and (phew!) Apple TVs from having toerags crash their devices.


28 sec read

bitdefender.com

‘Killer text bomb’ crashes iPhones, iPads, Macs, and Apple Watches

Apple has confirmed that it is working on a bug fix that will stop apps like Messages from crashing when they attempt to display a Unicode symbol representing a letter from the south Indian language of Telugu.

Read more in my article on the Hot for Security blog.


0 sec read

Beware! A new bug can crash iOS and macOS with a single text message

Resist the temptation to send this text bomb to anyone.


57 sec read

welivesecurity.com

Fruitfly malware spied on Mac users for 13 years – man charged

US authorities have charged a 28-year-old Ohio man who is alleged to have created and installed creepy spyware on thousands of computers for 13 years.

Read more in my article on the We Live Security blog.


0 sec read

Apple fixes the Meltdown and Spectre flaws in Macs, iPhones, and iPads

Apple takes further steps to protect its customers against the Meltdown and Spectre processor flaws. Remember to apply the updates!


1 min read

Spectre? Meltdown? F*CKWIT? Calm down and make yourself some tea

There is not much that consumers can do other than wait for security patches and mitigations to be released, and then apply them as a matter of priority.


2 min read

The F*CKWIT Intel chip flaw. Ready yourself for patches

A newly-discovered design flaw has been found on Intel CPU hardware that could allow malicious code to access information supposedly held in “protected” areas of your computer’s memory.


1 min read

Apple fixes root password bug: ‘Install this update as soon as possible’

To their credit, it didn’t take Apple long to fix their horrendous bug that allowed *anyone* to log into computers running macOS High Sierra with admin rights, without needing to know a password.

But it should really never have got past quality control in the first place.


49 sec read