15 matches found
GitHub revokes several certificates after unauthorized access
In a call to action, GitHub warned users of GitHub Desktop for Mac and Atom that it will revoke certificates which were exposed during unauthorized access to a set of repositories used in the planning and development of GitHub Desktop and Atom. Revoking these certificates will invalidate some...
GitHub Breach: Hackers Stole Code-Signing Certificates for GitHub Desktop and Atom
GitHub on Monday disclosed that unknown threat actors managed to exfiltrate encrypted code signing certificates pertaining to some versions of GitHub Desktop for Mac and Atom apps. As a result, the company is taking the step of revoking the exposed certificates out of abundance of caution. The...
New 'Silver Sparrow' Malware Infected Nearly 30,000 Apple Macs
Days after the first malware targeting Apple M1 chips was discovered in the wild, researchers have disclosed yet another previously undetected piece of malicious software that was found in about 30,000 Macs running Intel x8664 and the iPhone maker's M1 processors. However, the ultimate goal of th...
Apple Security Research Device Program Draws Mixed Reactions
Apple’s long anticipated Security Research Device program has launched, giving select security researchers access to testable iPhones that will make it easier for them to find iOS vulnerabilities. The program offers security researchers specially configured iPhones with shell access, and special...
New Mac Malware Exploits GateKeeper Bypass Bug that Apple Left Unpatched
Cybersecurity researchers from Intego are warning about possible active exploitation of an unpatched security vulnerability in Apple's macOS Gatekeeper security feature details and PoC for which were publicly disclosed late last month. Intego team last week discovered four samples of new macOS...
macOS High Sierra - Root Privilege Escalation (CVE-2017-13872)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mac OS X Root Privilege Escalation', 'Description' = %q This module exploits a serious flaw in MacOSX High Sierra. Any user can login with user...
Signed Mughthesec Adware Hijacking Macs for Profit
A variant of an older piece of adware built for Macs called OperatorMac has been seen in the wild, and while like most adware it tries to turn a profit, it also illustrates some defensive shortcomings native to Apple’s ecosystem and the industry. Components of the new strain, which is called...
forums.developer.apple.com XSS vulnerability
Vulnerable URL: https://forums.developer.apple.com/community/beta/os-x-10114-beta/tags?tags=%22%3E%3C/option%3E%3C%20/select%3E%3Cbody/onpageshow=prompt%28%29%3E%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 28.07.2016 Latest check for patch:|...
SideStepper iOS MDM Security Attack
Apple’s Developer Enterprise Program has been abused in the recent past to push malicious apps onto iOS devices, most notably with the WireLurker, XcodeGhost and YiSpecter attacks. In all three cases, attackers legitimately obtained certificates under the program, which is available to enterprise...
Rogue Chinese iOS App Removed from App Store
Apple removed an iOS application from its Chinese iTunes App Store that allowed users of non-jailbroken iOS devices to install pirated and jailbroken apps. Researchers at Palo Alto Networks, who discovered the rogue application, said the app was not malicious, but presented a serious security ris...
Scareware Signed with Apple Cert Targets Mac OS X Machines
A unique scareware campaign targeting Mac OS X machines has been discovered, and it’s likely the developer behind the malware has been at it a while since the installer that drops the scareware is signed with a legitimate Apple developer certificate. “Sadly, this particular developer certificate...
Mac OS X Backdoor Found in Wild
It was inevitable another sample of the Mac OS X spyware discovered last week would surface. Researchers said today that a German investigator informed its researchers of another instance in the wild. Spread via a spear phishing campaign that’s apparently been circulating since December, the...
Apple certified Mac Malware Captures and Uploads Screenshots without Permission
Earlier this week, new Mac spyware was discovered on a computer at the Oslo Freedom Forum, which is an annual human rights conference. Dubbed as OSX/KitM.A, discovered by computer security researcher Jacob Appelbaum. This Mac malware that has been used to spy on activists, targeted via spear...
Researcher Discovers Mac Malware at Anti-Malware Workshop
In an Oslo Freedom Forum workshop offering advice to free speech advocates on how to better secure their devices against government surveillance, security researcher Jacob Appelbaum uncovered a new strain of malware with backdoor capabilities on the Mac machine of an Angolan activist attending th...
Apple certified Mac Malware Captures and Uploads Screenshots without Permission
Earlier this week, new Mac spyware was discovered on a computer at the Oslo Freedom Forum, which is an annual human rights conference. Dubbed as OSX/KitM.A, discovered by computer security researcher Jacob Appelbaum. This Mac malware that has been used to spy on activists, targeted via spear...