No matter how prosaic it sounds, secure web surfing is a prerequisite for a hassle-free user experience overall. Why? Because the only way cyber threats are propagating is via the Internet. Thankfully, web browsers, Internet Service Providers, and security applications are doing a commendable job of blocking malware installation attempts and online frauds. However, as is the case with safebrowse.io alerts, sometimes this benign activity goes buggy and is at odds with normal Mac usage.

The authors of notorious Mac adware found a workaround to fool Apple’s app notarization mechanism into allowing their code to run on Macs. The strain known as Shlayer can easily slip below the radar by making the system think it’s safe, while it’s not. In early 2020, Apple brought extra protection to the Mac by extensively checking third-party applications for dodgy characteristics such as code-signing inconsistencies.

A security enthusiast has published details on a Safari vulnerability Apple was planning to fix only a year after acknowledging the reported bug. The vulnerability was originally discovered by Pawel Wylecial who works for Poland-based cybersecurity services firm REDTEAM.PL. Technically, it is a bug in Web Share API, an interface allowing users to share browser content, such as text, links, and files, via third-party apps.

It may be problematic to tell a regular macOS process from a copycat deposited by malware. This caveat goes for imklaunchagent, an entity originally intended to facilitate multilingual input on Apple computers. In some scenarios, it may cause the CPU usage to skyrocket. The root cause for this drag can be either a system bug or malicious interference invoked by dubious code. This hands-on tutorial covers the differences and explains how to fix the problem.

As Apple releases new iterations of its operating system annually, a handful of new features are usually added and the user interface undergoes tweaks, too. What sticks around throughout these updates is the built-in Safari browser. Unsurprisingly, Mac adware authors tailor their campaigns to fit this context and coin threats that focus on taking over Safari preferences. Most of these hijackers redirect the browser to unwanted sites without users’ consent.

A sneaky strain of malware dubbed XCSSET is doing the rounds via poisoned Xcode projects, mostly affecting Safari and other browsers running on a victim’s Mac. The unorthodox infection chain has been recently discovered by a team of researchers at Trend Micro. According to their findings, malicious actors are exploiting Xcode projects to host and spread harmful payloads. For those uninitiated, Xcode is an integrated development environment (IDE) for macOS.