Apple's MacOS Gap Lets Users Disable Security Tools
Attackers can exploit the issue to disable security and integrated browser tools without needing administrator privileges or kernel exploits.
macOS is Apple’s desktop operating system, whose vulnerabilities, security updates, and software ecosystem affect device protection and data security.
Search across headline titles and summaries.
Background for this topic.
macOS is the desktop operating system for Mac computers. Its security model combines signed-code checks and notarization through Gatekeeper, built-in malware detection, application sandboxing, System Integrity Protection, and privacy controls that restrict access to files, cameras, microphones, and other sensitive resources. FileVault can encrypt the startup volume, reducing exposure if a device is lost, although it does not protect data from an attacker using an unlocked account.
For security teams, macOS is an endpoint whose risk depends on timely operating-system and application updates, configuration, and user permissions. Vulnerabilities in macOS components, browsers, or widely deployed software can enable code execution or privilege escalation, while malicious or over-permissioned applications may bypass intended isolation through user-approved access. Organizations should track supported versions, enforce updates and disk encryption through device management, limit administrative access, and preserve relevant logs for investigation; security controls and available telemetry can vary by macOS release and Mac hardware.
Weekly headline count for the current query.
Attackers can exploit the issue to disable security and integrated browser tools without needing administrator privileges or kernel exploits.
The SHub Reaper stealer, which hides behind fake WeChat and Miro installers, marks a shift from ClickFix social engineering to Apple script-based execution.
Lazarus continues leveraging ClickFix for initial access and data theft: in this case, against Mac-centric organizations and their high-value leaders.
Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials and sensitive data from Macs.
The actor behind the "Contagious Interview" campaign is continuing to refine its tactics and social engineering scams to wrest credentials from macOS users.
A public dataset and platform-agnostic analysis tool aim to help organizations in the fight against Apple-targeted malware, which researchers say has lacked proper attention.
With multiple persistence mechanisms, the modular malware can brute-force passwords, drop payloads, and communicate over different protocols.
Not only are attacks against macOS users ramping up, but threat actors have proven to be advanced with deepfake technology. Security awareness training may be the best defense.
Researchers observed North Korean threat actors targeting cryptocurrency and Web3 platforms on Telegram using malicious Zoom meeting requests.
Microsoft is warning the modular and potentially wormable Apple-focused infostealer boasts new capabilities for obfuscation, persistence, and infection, and could lead to a supply chain attack.
Though Windows, iOS, and macOS users won't need to make any changes, Android users are advised to remove their Defender VPN profiles.
Emergent macOS vulnerability lets adversaries circumvent Apple's System Integrity Protection (SIP) by loading third-party kernels.
Microsoft researchers toyed with app permissions to uncover CVE-2024-44133, using it to access sensitive user data. Adware merchants may have as well.
A researcher bypassed the Calendar sandbox, Gatekeeper, and TCC in a chain attack that allowed for wanton theft of iCloud photos.
Ironically, Macs' lower risk profile may make them more susceptible to any given threat than the average Windows or Linux system.
Outlook, Teams, PowerPoint, OneNote, Excel, and Word undermine macOS's strict user permission-based privacy and security protections.
The campaign is laser-targeted, bucking the trend of "spray-and-pray" malicious open source packages turning up in code repositories seemingly every other day.
North Korean espionage campaign delivers updated BeaverTail info stealer by spoofing legitimate video calling service, researcher finds.
The "Markopolo" threat actors built a convincing brand and Web presence for fake software to deliver the dangerous Atomic macOS stealer, among other malware, to carry out cryptocurrency heists.
North Korean hackers break ground with new exploitation techniques for Windows and macOS.