New Mac malware spreads disguised as Flash Player installer via Google search results

Apple Mac users are warned of a new in-the-wild malware threat which masquerades as an installer for Adobe Flash Player.

Hacking the iOS/macOS webcam – Apple pays out $75,000 to bug hunter

A vulnerability researcher has received a bug bounty after discovering security holes in Apple’s software that could allow malicious parties to hijack an iPhone or Mac user’s camera and spy upon them.

Read more in my article on the Hot for Security blog.

1 in 10 Macs hit by crude malware that poses as Flash Player update, reports Kaspersky

If the criminals are continuing to make money by infecting Apple Mac computers in this fashion, whatever makes you think that they’ll come up with a more original social engineering trick?

CookieMiner malware targets Macs, steals passwords and SMS messages, mines for cryptocurrency

Security researchers have discovered a new Mac malware threat that appears to be a sophisticated attempt to raid cryptocurrency wallets.

Read more in my article on the Tripwire State of Security blog.

Apple pushes out silent update to remove sketchy Zoom code from Macs

Zoom, the makers of a video conferencing app used by millions of people around the world, did not handle the discovery of a privacy vulnerability its software at all well.

It’s a good thing, then, that Apple has nixed the software’s dodgy behaviour.

Apple sued because two-factor authentication… oh, I give up

An American man is bringing a class action against Apple, complaining that two-factor authentication (2FA) on an iPhone or Mac takes too much time.

Smashing Security podcast #095: British Airways hack, Mac apps steal browser history, and one person has 285,000 texts leaked

Malicious script is being blamed for the British Airways hack, Trend Micro’s apps are booted out of the Mac App Store for snaffling private data, and Paul Manafort’s daughter wants Twitter to remove a link.

All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast.

Trend Micro apologises after Mac apps found scooping up users’ browser history

Trend Micro has confirmed reports that some of its Mac consumer products were silently sending users’ browser history to its servers, and apologised to customers for any “concern they might have felt.”

But apparently it’s the users’ fault anyway for not reading the EULA.

Apps that steal users’ browser histories kicked out of the Mac App store

Apple has removed “Adware Doctor” from the macOS App Store amid claims that the program was uploading browser histories to China. And it turns out that wasn’t the only popular app stealing users’ private information.

Read more in my article on the Tripwire State of Security blog.

Smashing Security podcast #069: Cryptomining, China, and Bob Ross

How come Apple’s Mac App Store authorised a buggy app that mined for cryptocurrency in the background? How can a Mosquito attack steal data from an air-gapped computer? And is China keeping score on its social media-loving citizens?

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest John Hawes.

Calendar 2 app pulled from Mac App Store after cryptomining controversy

Calendar 2 offered of its features for free if you allowed it to “unobtrusively” generate Monero cryptocurrency in the background.

Shame then that it wasn’t unobtrusive, and bugs meant it mined regardless of whether you wanted it to or not.

Apple fixes ‘killer text bomb’ vulnerability with new update for iOS, macOS, watchOS, and tvOS

Apple released updates on Monday that will protect owners of iPhones, iPads, iMacs, MacBooks, iMac Pros, Apple Watches, and (phew!) Apple TVs from having toerags crash their devices.

‘Killer text bomb’ crashes iPhones, iPads, Macs, and Apple Watches

Apple has confirmed that it is working on a bug fix that will stop apps like Messages from crashing when they attempt to display a Unicode symbol representing a letter from the south Indian language of Telugu.

Read more in my article on the Hot for Security blog.

Beware! A new bug can crash iOS and macOS with a single text message

Resist the temptation to send this text bomb to anyone.

Fruitfly malware spied on Mac users for 13 years – man charged

US authorities have charged a 28-year-old Ohio man who is alleged to have created and installed creepy spyware on thousands of computers for 13 years.

Read more in my article on the We Live Security blog.

Apple fixes the Meltdown and Spectre flaws in Macs, iPhones, and iPads

Apple takes further steps to protect its customers against the Meltdown and Spectre processor flaws. Remember to apply the updates!