macOS Ventura Background Task Flaws Can Be Exploited for Malware

By Habiba Rashid Renowned Mac security researcher Patrick Wardle recently unveiled potential weaknesses within Apples macOS Ventura, shedding light on vulnerabilities… This is a post from HackRead.com Read the original post: macOS Ventura Background Task Flaws Can Be Exploited for Malware...

LockBit ransomware on Mac: Should we worry?

One of the big headlines over the weekend is LockBit, the high-profile Russian ransomware gang, decided to expand its portfolio of potential victims by creating and releasing its first macOS payload, potentially triggering members of the Apple community to panic. But have no fear: Apple security...

Expert Details macOS Bug That Could Let Malware Bypass Gatekeeper Security

Apple recently fixed a security vulnerability in the macOS operating system that could be potentially exploited by a threat actor to "trivially and reliably" bypass a "myriad of foundational macOS security mechanisms" and run arbitrary code. Security researcher Patrick Wardle detailed the discove...

Apple Patches Zero-Day MacOS Bypass Bug

Apple patched a zero-day vulnerability in its MacOS that can bypass critical anti-malware capabilities and which a variant of the notorious Mac threat Shlayer adware dropper already has been exploiting for several months. Security researcher Cedric Owens first discovered the vulnerability, tracke...

Apple Lets Some of its Big Sur macOS Apps Bypass Firewall and VPNs

Apple is facing the heat for a new feature in macOS Big Sur that allows many of its own apps to bypass firewalls and VPNs, thereby potentially allowing malware to exploit the same shortcoming to access sensitive data stored on users' systems and transmit them to remote servers. The issue was firs...

macOS 0-Day Flaw Lets Hackers Bypass Security Features With Synthetic Clicks

A security researcher who last year bypassed Apple's then-newly introduced macOS privacy feature has once again found a new way to bypass security warnings by performing 'Synthetic Clicks' on behalf of users without requiring their interaction. Last June, Apple introduced a core security feature ...

ex-NSA Hacker Discloses macOS Mojave 10.14 Zero-Day Vulnerability

The same day Apple released its latest macOS Mojave operating system, a security researcher demonstrated a potential way to bypass new privacy implementations in macOS using just a few lines of code and access sensitive user data. On Monday, Apple started rolling out its new macOS Mojave 10.14...

No.1 Adware Removal Tool On Apple App Store Caught Spying On Mac Users

A highly popular top-tier app in Apple's Mac App Store that's designed to protect its users from adware and malware threats has been, ironically, found surreptitiously stealing their browsing history without their consent, and sending it to a server in China. What's more concerning? Even after...

Top MacOS App Exfiltrates Browser Histories Behind Users’ Backs

A top-grossing Apple App Store program called Adware Doctor is capable of sidestepping macOS security controls and surreptitiously copying a user’s entire browser history. It then sends it to a China-based domain. According to Patrick Wardle, chief research officer at Digita Security and founder ...

ex-NSA Hacker Discloses macOS High Sierra Zero-Day Vulnerability

Your Mac computer running the Apple's latest High Sierra operating system can be hacked by tweaking just two lines of code, a researcher demonstrated at the Def Con security conference on Sunday. Patrick Wardle, an ex-NSA hacker and now Chief Research Officer of Digita Security, uncovered a...

Black Hat 2018: Patrick Wardle on Breaking and Bypassing MacOS Firewalls

LAS VEGAS – Taking aim at the status-quo of macOS firewalls, researcher Patrick Wardle has made his case for Apple and third-party security firms to beef up their protections. At a session here at Black Hat 2018, Wardle, chief research officer at Digita Security and founder of Mac security compan...

Newsmaker Interview: Patrick Wardle Talks Apple Malware Flubs and Successes

Patrick Wardle is the chief research officer at Digita Security and founder of Mac security company Objective-See. For years, the self-described “surfer from Hawaii” has been one of the most prolific and respected Mac malware-hunters, uncovering vulnerabilities affecting the macOS platform as wel...

Keychain vulnerability in macOS

On Monday, Patrick Wardle, a respected security researcher at Synack and owner of Objective-See, sent a tweet about a keychain vulnerability he had found in macOS High Sierra. As his tweet showed, it is possible for a malicious app to extract, and then exfiltrate, keychain data from High Sierra,...

macOS High Sierra Available—And Vulnerable to Keychain Attack

Apple made its latest OS update available Monday, but the release of High Sierra was tainted somewhat by the fact it comes replete with a critical vulnerability that allows an attacker to dump plaintext passwords from the macOS Keychain. Researcher Patrick Wardle, chief security researcher at...

Deprecated, Insecure Apple Authorization API Can Be Abused to Run Code at Root

A deprecated Apple authorization API, invoked by third-party installers, is still developers’ preferred choice for updating apps and services on macOS. And that’s a problem because of a massive security issue that could be abused by a local attacker to elevate privileges to root with a little...

Patrick Wardle on MacRansom Ransomware-as-a-Service

Patrick Wardle of Synack and the Objective-See blog talks to Mike Mimoso about the emergence of a ransomware service targeting MacOS machines. Wardle explains why he characterizes MacRansom as “lame” and whether this could kick off a wave of copycats vying for the Apple platform. Download:...

Mac Malware Can Secretly Spy On Your Webcam and Mic – Here's How to Stay Safe

Apple Mac Computers are considered to be much safer than Windows at keeping viruses and malware out of its environment, but that’s simply not true anymore. It's not because Mac OS X is getting worse every day, but because hackers are getting smart and sophisticated these days. The bad news for Ma...

Putting Apple Bug Bounty Rewards in Perspective

Admittedly, the payouts for Apple’s bug bounty announced last week at Black Hat drew mixed reactions ranging from reasonable to raucously funny. Apple made a big splash at the annual hacker conference, first via a last-minute announcement that well-regarded Ivan Krstic would be giving a talk on...

Little Snitch Bug Leaves Some Mac Systems Open to Attack

Trusted Mac OS X firewall Little Snitch is vulnerable to local privilege escalation attacks that could give criminals the ability plant rootkits and keyloggers on some El Capitan systems. The Little Snitch firewall vulnerability was found by Synack Director of Research and well-known OS X hacker...

Patrick Wardle on macOS Gatekeeper, Crypto Enhancements

At last week’s Apple Worldwide Developer Conference, Apple announced some security upgrades around Gatekeeper and a new filesystem that includes native support for encryption. Mac hacker Patrick Wardle, director of research at Synack, explains whether this a big deal and how the upgrades address...