Unknown threat actors are using previously undetected malware to backdoor macOS devices and exfiltrate information in a highly targeted series of attacks. [...]

Apple has introduced lockdown mode for high-risk users who are concerned about nation-state attacks. It trades reduced functionality for increased security in a very interesting way. [...]

Apple announced that a new security feature known as Lockdown Mode will roll out with iOS 16, iPadOS 16, and macOS Ventura to protect high-risk individuals like human rights defenders, journalists, and dissidents against targeted spyware attacks. [...]

Firm says function is intended for users who face ‘grave, targeted threats to their digital security’ Apple is launching a “lockdown mode” for its devices to protect people – including journalists and human rights activists – targeted by hacking attacks like those launched by government clients of NSO Group using its …

This is a new vulnerability against Apple’s M1 chip. Researchers say that it is unpatchable. Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory, however, have created a novel hardware attack, which combines memory corruption and speculative execution attacks to sidestep the security feature. The attack shows …

A new hardware attack targeting Pointer Authentication in Apple M1 CPUs with speculative execution enables attackers to gain arbitrary code execution on Mac systems. [...]

Apple said this week that it blocked more than 343,000 iOS apps were blocked by the App Store App Review team for privacy violations last year, while another 157,000 were rejected for attempting to mislead or spamming iOS users. [...]

Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems. [...]

Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices. [...]

Apple Mail now blocks email trackers by default. Most email newsletters you get include an invisible “image,” typically a single white pixel, with a unique file name. The server keeps track of every time this “image” is opened and by which IP address. This quirk of internet history means …

Apple, Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. Experts say the changes should help defeat many types of phishing attacks and …

When KrebsOnSecurity recently explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media firms and technology providers, many security experts called it a fundamentally unfixable problem. But don’t tell that to Matt Donahue, a former FBI …

KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month. The logs show LAPSUS$ breached T-Mobile multiple times in March, stealing source code for a range of …

Enlarge (credit: Getty Images) Last year, Apple enacted App Tracking Transparency, a mandatory policy that forbids app makers from tracking user activity across other apps without first receiving those users’ explicit permission. Privacy advocates praised the initiative, and Facebook warned it would spell certain doom for companies that rely …

Ever since Apple introduced AirTags, security people have warned that they could be used for stalking. But while there have been a bunch of anecdotal stories, this is the first vaguely scientific survey: Motherboard requested records mentioning AirTags in a recent eight month period from dozens of the country …

On Tuesday, KrebsOnSecurity warned that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. Today, one of the U.S. Senate’s most tech-savvy lawmakers said he was troubled by the report and is …

The malicious uses of these technologies are scary : Police reportedly arrived on the scene last week and found the man crouched beside the woman’s passenger side door. According to the police, the man had, at some point, wrapped his Apple Watch across the spokes of the woman’s …

Enlarge (credit: Kirill Kudryavtsev | Getty Images) Russia’s biggest Internet company has embedded code into apps found on mobile devices that allows information about millions of users to be sent to servers located in its home country. The revelation relates to software created by Yandex that permits developers to …

Researchers have discovered a previously unknown macOS malware variant called GIMMICK, which is believed to be a custom tool used by a Chinese espionage threat actor known as 'Storm Cloud.' [...]

Enlarge (credit: Getty Images ) Scammers pushing iOS malware are stepping up their game by abusing two legitimate Apple features to bypass App Store vetting requirements and trick people into installing malicious apps. Apple has long required that apps pass a security review and be admitted to the App Store …

A Berlin-based company has developed an AirTag clone that bypasses Apple’s anti-stalker security systems. Source code for these AirTag clones is available online. So now we have several problems with the system. Apple’s anti-stalker security only works with iPhones. (Apple wrote an Android app that can detect …

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a new flaw to its catalog of vulnerabilities exploited in the wild, an Apple WebKit remote code execution bug used to target iPhones, iPads, and Macs. [...]

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a new flaw to its catalog of vulnerabilities exploited in the wild, an Apple WebKit remote code execution bug used to target iPhones, iPads, and Macs. [...]

There are two bills working their way through Congress that would force companies like Apple to allow competitive app stores. Apple hates this, since it would break its monopoly, and it’s making a variety of security arguments to bolster its argument. I have written a rebuttal: I would …

A German activist is trying to track down a secret government intelligence agency. One of her research techniques is to mail Apple AirTags to see where they actually end up: Wittmann says that everyone she spoke to denied being part of this intelligence agency. But what she describes as …