SHub macOS infostealer variant spoofs Apple security updates
A new variant of the 'SHub' macOS infostealer uses AppleScript to show a fake security update message and installs a backdoor. [...]
Security updates fix software weaknesses, reduce exploitable risk, and may address vulnerabilities affecting systems, applications, and devices.
Search across headline titles and summaries.
Background for this topic.
Security updates are vendor-released patches, fixes, or configuration changes that address vulnerabilities and other weaknesses in operating systems, applications, libraries, firmware, cloud services, and network equipment. They may correct exploitable code, tighten security controls, or provide mitigations when a complete fix is not yet available.
For security practitioners, update news informs vulnerability management: assess whether affected assets are deployed, determine exposure and exploitability, prioritize urgent fixes, and verify installation. Applying updates can reduce attack paths such as remote code execution or privilege escalation, but rushed changes can disrupt services, so testing, staged deployment, rollback plans, and compensating controls may be needed. Advisories can also reveal required configuration changes, affected dependencies, or unsupported versions that need replacement.
A new variant of the 'SHub' macOS infostealer uses AppleScript to show a fake security update message and installs a backdoor. [...]
Microsoft has confirmed that the May 2026 Windows 11 security update (KB5089549) fails to install on some systems and triggers 0x800f0922 errors. [...]