Security Bite

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Amid the heap of regulatory crackdowns and digital media bans in recent years, it’s hard not to get further fatigued by the level of censorship underway in Russia. If the day ends in “y,” there’s seemingly something happening on this front. But last week, Russian authorities moved to complete the blocking of all major U.S.-based social media networks, in addition to restricting access to Telegram, to push the country’s own state-backed alternative.

There’s a dangerous, not-so-hot-take reason for that…

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Amid the heap of an EU fine levied on X earlier this month, Elon Musk announced that the platform’s entire recommendation algorithm would go open source. Seemingly to help cool the regulatory waters by providing greater transparency into how the social media giant organizes users’ timelines.

Usually, IT professionals would see news around something going open source, smile, and move on with their lives. But last week, I came across an interesting thread on none other than X that explains how this move can actually expose anonymous alt accounts through “behavioral fingerprints”…for better or worse.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Talk of the largest grocer in the world not supporting Apple Pay or any Tap to Pay solution for that matter is making the rounds on social media again, as 9to5Mac noted yesterday. It is worth mentioning that there are real security benefits behind this technology. While the vast majority of users choose tapping for payment because it is quick and easy, there is a lot happening behind the scenes to keep your information private.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Let’s say you have screenshots of sensitive information sitting on your desktop that you’d like to password protect. You know that images of tax, banking, wire transfer forms, etc. in the clear can easily be viewed by anyone with physical or remote access to your machine, but you’re unsure how to secure them. Unfortunately, macOS Preview doesn’t support file-level password protection, but there are quick workarounds that don’t require third-party software or downloading anything not already on your Mac.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

When Apple dropped App Tracking Transparency (ATT) prompts in iOS 14.5 back in 2021, it was a watershed moment for user privacy within third-party applications. Nothing like it had existed prior. The initiative gave iPhone users control over whether their in-app data could be aggregated and shared with third parties for advertising or other purposes.

Still, today, I often find comments online from people who don’t really know what it does and find the wording very taboo. Like, why “Ask” the app? And is it still effective? Let’s briefly look at App Tracking Transparency in 2025…

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Last week, Jamf Threat Labs published research on yet another variant of the increasingly popular MacSync Stealer family calling attention to a growing problem in macOS security: malware that’s sneaking around Apple’s most significant third party app protections. This new variant was distributed inside a malicious app that was both code-signed with a valid Developer ID and notarized by Apple, meaning Gatekeeper had no reason to block it from launching.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

The Mac’s built-in green LED privacy indicator—paired with those displayed on-screen in macOS—do a solid job of alerting users in real time when the webcam or microphone is active. When you’re actively working on your Mac, they’re hard to miss. But that protection assumes you’re actually there to see the privacy indicators light up.

What happens when you’re away from your Mac and malware triggers the camera or microphone to quietly record or eavesdrop—without you being there to notice the green light? How would you ever know?

Well, there’s an app for that.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

You can stop holding your breath. Down the rabbit hole of neat, lesser-known Terminal commands is back! ICYMI, I’ve recently found myself fascinated by all the helpful tricks Terminal can do to improve my productivity and overall make me more proficient behind a Mac as a security practitioner. In previous editions, I covered everything from enabling Touch ID for sudo authentication to cleaning up public Wi-Fi connections. This week, I share even more commands I’ve since discovered.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Plastic webcam covers—especially of the sliding kind—boomed in popularity sometime in the 2010s as a low-tech way to keep hackers from eavesdropping on compromised machines. The concern felt justified at the time. But by 2020, Apple was beginning to issue warnings that those covers aren’t actually needed and can even damage a MacBook’s display.

For this Security Bite, let’s set the tin-foil hats aside and talk about why webcam covers don’t meaningfully improve privacy, can cause features like True Tone to not work properly, and are far more likely to damage your screen than stop someone from spying on you.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

PSA! Starting today (Nov. 3), Microsoft-owned LinkedIn will expand its use of user profile details, posts, and feed activity — excluding private messages — in the UK, EU, Switzerland, Canada, and Hong Kong to train its artificial intelligence models, as well as support personalized ads across Microsoft products.

The good news here: You can opt out of having your, presumably very humble posts and professional achievements, scraped into LLM-training pens.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Update, November 1, 10:59 a.m. ET: Apple has removed the sketchy ChatGPT clone app mentioned below. I’ve also received unverified claims that many other copycats have been taken down too.

Around this time two years ago, OpenAI’s incredibly popular GPT-4 API was spreading like wildfire all over the App Store. It wasn’t long before AI-powered productivity apps, chatbot companions, nutritional trackers, and basically anything else you could think of dominated the charts, garnering millions of downloads. Fast forward to today, many of those vibe-coded, opportunistic apps have disappeared, partly due to cooling hype but also Apple’s tougher stance against knockoffs and misleading apps.

However, this week, security researcher Alex Kleber noticed that one misleading AI chatbot, impersonating OpenAI’s branding, managed to achieve top marks in the Business category. Albeit on the less popular Mac App Store, this is still significant and warrants a brief PSA to be cautious when sharing personal information with these apps.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

In this week’s Security Bite, I’m taking it back over 20 years to the launch of Gmail in 2004–because that’s how long its little-known plus addressing (aliasing) feature has quietly existed. It was originally created to help with filtering and keeping inboxes tidy long before spam became what it is today. Google never really promoted it, so most people still don’t realize it’s a thing. But over the years, it’s become popular among privacy-minded folks to track which online services, subscriptions, etc., are selling email addresses to other companies or leaking them.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Earlier this year, Apple announced that it was leading the charge on a cross-industry effort to bring end-to-end encryption (E2EE) to the RCS Universal Profile, which is published by the GSMA. Apple told 9to5Mac in March it would come to the iPhone in a future software update. Google soon after jumped in, stating it too was ‘committed to providing a secure messaging experience.’

I didn’t think it was completely unreasonable to assume we’d see this showcased at WWDC 2025…that didn’t happen. Then I thought maybe in one of the iOS 26 betas? Also nothing. So, what happened to cross-platform E2EE for RCS messaging? Is it still coming?

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Earlier this month, Moonlock, the cybersecurity division of MacPaw, released its Mac Security Survey 2025. It surveyed nearly 2,000 macOS users about their habits, concerns, and overall perceptions of cybersecurity on Mac. Most notably, the findings reveal an interesting shift in how Mac users perceive malware and the overall strength of Apple’s defenses.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

If you upgraded to iOS 26, you know the design changes and visual overhaul of Liquid Glass are undeniably impressive. But from a security perspective, one feature in particular has piqued my interest and seemingly gone under the radar: a new permission setting for wired accessories. This overlooked feature could be one of the most practical defenses Apple has shipped in years.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

If you’re reading this week’s Security Bite on your desktop, look closely at your browser’s address bar. Notice how the main (root) domain is bolder, while the rest of the URL is a lighter grey? This is not an accident, it’s a purposly implemented psychological trick called salience bias. This little design choice has protected users from phishing attacks for over a decade.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

In an earlier edition of Security Bite, I predicted that Apple would finally announce end-to-end encryption (E2EE) to the RCS Universal Profile at WWDC 2025. That didn’t happen, but Apple did introduce two nice spam-protection tools along with a series of smaller updates designed to make the iPhone safer for everyone. Now that iOS 26 is basically in its final form ahead of wide release in tandem with the launch of iPhone 17, here’s a rundown of my favorite privacy features.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Malware has been a persistent threat since the first virus appeared in 1982 as a prank on Apple II computers. And malware is here to stay, but not because cybercriminals and nation-states are clever (they are), but because it’s mathematically impossible to stop it.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

TikTok has been found selling GPS trackers through its Shop feature that are being marketed by viral videos explicitly encouraging secretly tracking a romantic partner. What’s most alarming is that these videos have millions of views, and metrics show that over a hundred thousand have been sold.

I usually reserve Security Bite for digital security topics, but this discovery was too riveting to ignore. As first reported by 404 Media, the trackers are being compared to Apple AirTags—but for the wrong reasons…

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Since rising to prominence in 2023, AMOS (Atomic macOS Stealer) has become the most notorious infostealer targeting the Apple ecosystem. The malware, designed to quietly pull all sorts of sensitive information from macOS systems, is a household name among security researchers, journalists, and maybe even victims.

But now, Moonlock, the cybersecurity division of MacPaw, says it’s been tracking a new threat actor with an infostealer gaining popularity in the veiled corners of darknet forums. In this week’s Security Bite, I discuss this interesting new emerging threat and how it’s shaking up the broader macOS landscape.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

The US-based security software firm Malwarebytes recently published a new study that attempts to settle the long-running iPhone vs. Android debate. This time, the focus isn’t on speed or camera quality, but on which users are safer online, including who takes more risks, who is less cautious, and who is more likely to fall for scams. The results are pretty surprising, but I think the real reason behind them has less to do with tech and more to do with behavior.