Cisco Discloses Details of macOS SMB Vulnerabilities
SMB, which stands for Server Message Block, is a protocol for sharing files, printers, and serial ports. Apple’s own SMB stack is called SMBX. Talos disclosed seven vulnerabilities found in SMBX server components and also detailed the process it used to identify them. One of the security holes was fixed silently by Apple, one was…
Vulnerability in CocoaPods Dependency Manager Exposed Millions of Apps
A dependency manager for Swift and Objective-C Cocoa projects, CocoaPods has more than 82,000 libraries and is being used in over 3 million applications. The tool is built using Ruby and can be used with the default Ruby on macOS. The identified vulnerability, Justicz explains, resides in a function designed to check that, when a…
Attackers Already Targeting Apple’s M1 Chip with Custom Malware
The latest processor for Apple’s Macs — the M1 chip — has already become a target for malware authors, who have created Mac-specific binaries targeting the ARM64 architecture used by the processors, researchers said this week. For example, one MacOS malware downloader, dubbed Silver Sparrow, has a number of interesting properties, including the use of…
macOS Big Sur 11.0.1 Patches 60 Vulnerabilities
macOS Big Sur 11.0 was officially launched on November 12 and on the same day Apple released its first update, version 11.0.1. The company has advised customers to update to this version — macOS Big Sur 11.0 comes preinstalled on certain Mac models — but there have been reports that the Big Sur update is…
Elusive hacker-for-hire group Bahamut linked to historical attack campaigns
Attack attribution is one of the most difficult aspects of malware research and it’s not uncommon for different security companies to attribute attack campaigns to different threat actors only to later discover that they were the work of the same group. However, a new paper by researchers at Blackberry stands out by exposing an elusive…
VMware Fixes Fusion Vulnerability Introduced by Previous Patch
VMware informed customers in mid-March that it had patched a high-severity privilege escalation vulnerability in Fusion, Remote Console (VMRC) and Horizon Client for Mac. The flaw, tracked as CVE-2020-3950, can be exploited by an attacker with regular user privileges to escalate privileges to root. The researchers who independently reported the issue to VMware, Rich Mirch…
Adobe Patches 22 Vulnerabilities in Bridge, Illustrator
A total of 17 vulnerabilities have been fixed with the release of Adobe Bridge 10.0.4 for Windows and macOS. The critical flaws have been described as stack-based buffer overflow, heap overflow, out-of-bounds write, use-after-free, and other memory corruption issues that can lead to arbitrary code execution. Three of the patched security holes, described as important…
Apple Patches Code Execution Vulnerabilities Across Product Portfolio
A total of 27 bugs were squashed with the release of macOS Catalina 10.15.4, affecting components such as Bluetooth, Call History, CoreFoundation, FaceTime, Kernel, libxml2, Mail, sudo, and Time Machine, among others. The patched flaws could result in the execution of arbitrary code with system or kernel privileges, leak of kernel memory, privilege escalation, leak…
Apple releases security updates, adds new privacy protection for iOS users
Apple has released new versions of its many operating systems and software products, with fixes for a wide variety of vulnerabilities. The iOS update also comes with USB Restricted Mode, a new security feature that will protect users’ iPhones and iPads from being accessed by law enforcement with software cracking tools like GrayKey. iOS USB…
Why Choose Dr. Cleaner? Is It the Best Mac Cleanup App?
“Why choose Dr. Cleaner?” This is a common question that many people want to ask as there were too many cleanup apps for the Mac and many don’t know which one is the best one or safe to use. However, do not simply believe that there are no viruses or adware found on the macOS….