Researchers found an unfixable bug in Apple’s T2 Security Chip
Macs equipped with the T2 co-processor are susceptible to hacks that piggyback on a newsmaking vulnerability dubbed Checkm8. This security loophole has been around for quite some time, enabling gray hats to get around the protections in a series of iPhone models. However, the recent discovery of a method to exploit the Apple T2 Security Chip significantly inflates the adverse security implications...
Apple is slow to patch a Safari flaw that leads to data theft
A security enthusiast has published details on a Safari vulnerability Apple was planning to fix only a year after acknowledging the reported bug. The vulnerability was originally discovered by Pawel Wylecial who works for Poland-based cybersecurity services firm REDTEAM.PL. Technically, it is a bug in Web Share API, an interface allowing users to share browser content, such as text, links, and files, via third-party apps.
Xcode projects weaponized to distribute Mac malware
A sneaky strain of malware dubbed XCSSET is doing the rounds via poisoned Xcode projects, mostly affecting Safari and other browsers running on a victim’s Mac. The unorthodox infection chain has been recently discovered by a team of researchers at Trend Micro. According to their findings, malicious actors are exploiting Xcode projects to host and spread harmful payloads. For those uninitiated, Xcode is an integrated development environment (IDE) for macOS.
Macros vs macOS: advanced exploit chain targeting Macs
Well-known researcher unveils a new powerful exploit that allows executing malicious Office macros on a Mac computer with zero user interaction. Macros in Office documents are intended to facilitate the execution of iterative tasks. These are shortcuts to performing routine actions and therefore they are, ideally, both helpful and benign. However, in pursuit of workarounds to plague systems with malicious code, cybercriminals have been mishandling macros for years.
Researcher unveils a new macOS security flaw
A developer has found a vulnerability that allows an attacker to bypass privacy protections in macOS Mojave and later versions of the operating system. The exploit was discovered by a macOS developer named Jeff Johnson in September 2019 but hadn’t been disclosed to the public until late June 2020. The reason for this gap is that the enthusiast reported his findings to the Apple Security Bounty Program the day it was launched in an attempt to get a reward.
Safari 14 will introduce Face ID and Touch ID for the web
Apple is bridging the gap between its proprietary biometric authentication features and websites for a seamless sign-in experience not relying on passwords. Those using an iPhone, an iPad, or a MacBook with the Touch Bar onboard should be familiar with the Face ID and Touch ID features. They enable biometric authentication to log into applications so instead of the traditional username and password combo. Apple is planning to extend the use cases of these mechanisms far beyond apps and services.