Microsoft published the exploit code for a vulnerability in macOS that can allow an attacker to escape the sandbox. Microsoft publicly disclosed technical details for an access issue vulnerability, tracked as CVE-2022-26706, that resides in the macOS App Sandbox. “Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted […]
Gimmick is a newly discovered macOS implant developed by the China-linked APT Storm Cloud and used to target organizations across Asia. In late 2021, Volexity researchers investigated an intrusion in an environment they were monitoring and discovered a MacBook Pro running macOS 11.6 (Big Sur) that was compromised with a previously unknown macOS malware tracked […]
Apple recently addressed fixed a flaw in the macOS that could be potentially exploited by an attacker to bypass Gatekeeper security feature. Apple recently addressed a vulnerability in the macOS operating system, tracked as CVE-2021-30853, that could be potentially exploited by an attacker to bypass the Gatekeeper security feature and run arbitrary code. The vulnerability […]
Google revealed that threat actors recently exploited a zero-day vulnerability in macOS to deliver malware to users in Hong Kong. Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong. The attackers exploited a XNU privilege escalation vulnerability […]
Microsoft finds a flaw in macOS, dubbed Shrootless (CVE-2021-30892), that can allow attackers to bypass System Integrity Protection (SIP). Microsoft discovered a vulnerability in macOS, dubbed Shrootless (CVE-2021-30892), that can allow attackers to bypass System Integrity Protection (SIP) and perform malicious activities, such as gaining root privileges and installing rootkits on vulnerable devices. System Integrity Protection (also referred to […]
Security researchers disclosed a new zero-day flaw in Apple’s macOS Finder that can allow attackers to run arbitrary commands on Macs. Independent security researcher Park Minchan disclosed a zero-day vulnerability in Apple’s macOS Finder that can be exploited by attackers to run arbitrary commands on Mac systems running any macOS version. The flaw is due […]
Uptycs threat research team analyzed macOS malware threat landscape and discovered that Shlayer and Bundlore are the most predominant malware. The Uptycs threat research team has been observing over 90% of macOS malware in our daily analysis and customer telemetry alerts using shell scripts. Though these scripts have slight variations, they mostly belong to a […]
WildPressure APT is targeting industrial organizations in the Middle East since 2019 and was spotted using now a new malware that targets both Windows and macOS. Researchers from Kaspersky have spotted a new malware used by the WildPressure APT group to targets both Windows and macOS systems. The WildPressure was spotted for the first time […]
Trend Micro disclosed technical details of a patched privilege escalation issue, tracked as CVE-2021-30724, that impacts macOS, iOS and iPadOS. Trend Micro researchers disclosed technical details of a patched privilege escalation vulnerability, tracked as CVE-2021-30724, that impacts macOS, iOS, and iPadOS. The flaw was reported to Apple by Trend Micro researcher Mickey Jin, and the […]
Apple has addressed three zero-day vulnerabilities in macOS and tvOS actively exploited in the wild by threat actors. Apple has released security updates to address three zero-day vulnerabilities affecting macOS and tvOS which have been exploited in the wild. The macOS flaw has been exploited by the XCSSET malware to bypass security protections. “Apple is […]