C'mon, just copy this text string and paste it into your macOS Terminal – it'll fix your computer, honest
Newly documented stealer ClickLock comes for the more trusting Mac user with spot of social engineering
macOS is Apple’s desktop operating system, whose vulnerabilities, security updates, and software ecosystem affect device protection and data security.
Search across headline titles and summaries.
Background for this topic.
macOS is the desktop operating system for Mac computers. Its security model combines signed-code checks and notarization through Gatekeeper, built-in malware detection, application sandboxing, System Integrity Protection, and privacy controls that restrict access to files, cameras, microphones, and other sensitive resources. FileVault can encrypt the startup volume, reducing exposure if a device is lost, although it does not protect data from an attacker using an unlocked account.
For security teams, macOS is an endpoint whose risk depends on timely operating-system and application updates, configuration, and user permissions. Vulnerabilities in macOS components, browsers, or widely deployed software can enable code execution or privilege escalation, while malicious or over-permissioned applications may bypass intended isolation through user-approved access. Organizations should track supported versions, enforce updates and disk encryption through device management, limit administrative access, and preserve relevant logs for investigation; security controls and available telemetry can vary by macOS release and Mac hardware.
Weekly headline count for the current query.
Newly documented stealer ClickLock comes for the more trusting Mac user with spot of social engineering
While also spoofing all the trusted domains - Apple, Microsoft, and Google - in the same attack
Data from browsers, cryptocurrency wallets, 200+ extensions hoovered up A ClickFix campaign targeting macOS users delivers an AppleScript-based infostealer that collects credentials and live session cookies from 14 browsers, 16 cryptocurrency wallets, and more than 200 extensions.…
Installation and pre-approval without consent looks dubious under EU law One app should not modify another app without asking for and receiving your explicit consent. Yet Anthropic's Claude Desktop for macOS installs files that affect other vendors' applications without disclosure, even before those applications have been installed, and authorizes browser extensions without consent.…
Social engineering: 'low-cost, hard to patch, and scales well' North Korean criminals set on stealing Apple users' credentials and cryptocurrency are using a combination of social engineering and a fake Zoom software update to trick people into manually running malware on their own computers, according to Microsoft.…
Company says it dropped the ball, apologizes for wasting people's time Logitech says an expired developer certificate is to blame after swaths of customers were left infuriated when their mice malfunctioned.…
Upgraded nasty slips into Xcode builds, steals crypto, and disables macOS defenses The long-running XCSSET malware strain has evolved again, with Microsoft warning of a new macOS variant that expands its bag of tricks while continuing to target developers.…
'We do believe that this was likely the creation of a cybercrime group,' threat hunter tells The Reg ChillyHell, a modular macOS backdoor believed to be long dormant, has likely been infecting computers for years while flying under the radar, according to security researchers who spotted a malware sample uploaded to VirusTotal in May.…
Another 'extremely sophisticated' exploit chewing at Cupertino's walled garden Apple has shipped emergency updates to fix an actively exploited zero-day in its ImageIO framework, warning that the flaw has already been abused in targeted attacks.…
Look over there! Amidst its own failure to fix a couple of bugs now under mass exploitation and being abused for espionage, data theft, and ransomware infections, Microsoft said Monday that it spotted a macOS vulnerability some months ago that could allow attackers to steal private data. Redmond reported the bug to Cupertino, which issued a fix back in March.…
Swift-based containerization framework aims to improve performance and security Apple on Monday unveiled an open source containerization framework for creating and running Linux container images on the Mac.…
iPhone giant compartmentalizes OS for the sake of security Apple has been working to harden the XNU kernel that powers its various operating systems, including iOS and macOS, with a feature called "exclaves."…
Known for popping zero-days of yesteryear, Microsoft puts Apple devs on high alert Microsoft says there's a new variant of XCSSET on the prowl for Mac users – the first new iteration of the malware since 2022.…
Cupertino kicks off the year with a zero-day Apple has plugged a security hole in the software at the heart of its iPhones, iPads, Vision Pro goggles, Apple TVs and macOS Sequoia Macs, warning some miscreants have already exploited the bug.…
Like keeping your camera and microphone private? Patch up In revealing details about a vulnerability that threatens the privacy of Apple fans, Microsoft urges all macOS users to update their systems.…
PLUS: Payer of $75M ransom reportedly identified; Craigslist founder becomes security philanthropist, and more Infosec In Brief Something's wrong with macOS Sequoia, and it's breaking security software installed on some updated Apple systems.…
Windows giant tells Cisco Talos it isn't fixing them Cisco Talos says eight vulnerabilities in Microsoft's macOS apps could be abused by nefarious types to record video and sound from a user's device, access sensitive data, log user input, and escalate privileges.…
Windows users now get macOS-grade secret security Google says it's enhancing the security of sensitive data managed by Chrome for Windows users to fight the scourge of infostealer malware targeting cookies.…
PLUS: Connected automakers put on notice; Cisco Talos develops macOS fuzzing technique; Last week's critical vulns Infosec in brief Nissan has admitted to another data loss – this time involving the theft of personal information belonging to more than 50,000 Nissan employees.…
ALSO: SEC admits to X account negligence; New macOS malware family appears; and some critical vulns Infosec in brief Trend Micro's Zero Day Initiative (ZDI) held its first-ever automotive-focused Pwn2Own event in Tokyo last week, and awarded over $1.3 million to the discoverers of 49 vehicle-related zero day vulnerabilities.…