Security

Apple has published a new support document that encourages customers to update to the latest iOS versions in order to “protect your iPhone from web attacks.”

Apple has released the first public Background Security Improvement for iPhone, iPad, and Mac. There are four versions of the release.

TikTok is setting itself apart from most other online platforms that offer messaging by stating that it won’t be introducing end-to-end encryption to ensure the privacy of direct messages.

This means that the company will be able to read messages sent between users, which is likely to cause concerns even after its US operations were separated from its Chinese owner …

Update: Added comment from TikTok below

You may recall that way back in 2017, the WPA2 encryption standard used by most Wi-Fi routers at the time was cracked and had to be replaced with a new version, WPA3. Now a new attack method dubbed AirSnitch means that Wi-Fi encryption on most networks can be bypassed in order to access all of the traffic passing through the router.

Almost all routers are vulnerable, so there are three steps you should take in order to protect yourself, with the greatest risk occurring through use of public Wi-Fi hotspots …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Much like the infamously useless “close door” button in an elevator, reporting spam on an iPhone or Mac often feels like a placebo. This skepticism isn’t exclusive to Apple either. There is widespread distrust of reporting features in general. The issue largely stems from a lack of transparency. Because users rarely see a noticeable decline in junk mail after hitting “report,” many assume the button does nothing and eventually stop using it altogether.

While Apple does provide a great support document for how to make reports, it doesn’t explain exactly what it does with these reports to improve its security prowess. Allow me to shed some light here…

An unsecured database that likely contains tens of millions of unique Social Security numbers, alongside email addresses and passwords, has been discovered by security researchers.

While the database appears to have been collated from a number of separate data breaches over approximately a decade, the researchers explain why even very old personal data remains a live threat …

Badged versions of TP-Link routers are supplied to US customers by more than 300 ISPs, making them the most widely used Wi-Fi routers in the country, found in millions of US homes.

It therefore caused grave concern when security researchers at Microsoft found that a hacking group based in China was using vulnerabilities in the devices to carry out cyber attacks in the US. It had been widely expected that the routers would be banned from sale in the US, but politics seemingly intervened. However, the battle is not yet over …

Both the founders of WhatsApp and current owner Meta state that the app uses end-to-end encryption, meaning that nobody outside the chat can access the content. A lawsuit claims that this isn’t true and that anyone inside Meta can get full access to all of the messages sent or received by any WhatsApp user.

Johns Hopkins University professor and cryptographer Matthew Green has weighed in with a blog post analyzing the claims and likely reality …

The Electronic Frontier Foundation (EFF) is out with a new campaign that presses tech companies to move faster to protect user data through end-to-end encryption, and stronger defaults and privacy settings. Here are the details.

A database containing 149 million account logins has been found sitting unsecured on a cloud service. The records include 900,000 usernames and passwords for Apple accounts.

It was discovered by the same security researcher who found a similar database of 184 million records last year …

An effort led by security research lab CovertLabs is actively uncovering troves of (mostly) AI-related App Store apps that leak and expose user data, including names, emails, and chat history. Here are the details.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Talk of the largest grocer in the world not supporting Apple Pay or any Tap to Pay solution for that matter is making the rounds on social media again, as 9to5Mac noted yesterday. It is worth mentioning that there are real security benefits behind this technology. While the vast majority of users choose tapping for payment because it is quick and easy, there is a lot happening behind the scenes to keep your information private.

If you’ve received an Instagram password reset email, claiming that you requested it, you should ignore it.

Malwarebytes reports that cybercriminals stole Instagram account details for 17.5 million users, but the social network claims that there was no security breach …

Apple is fighting many elements of a list of 83 security requirements proposed by the Indian government. This reportedly includes a requirement to hand over iOS source code.

Reuters reports the government saying that it must be able to review the source code of all smartphones in order to allow vulnerabilities to identified …

Mosyle, a popular Apple device management and security firm, has exclusively shared details with 9to5Mac on a previously unknown macOS malware campaign. While crypto miners on macOS aren’t anything new, the discovery appears to be the first Mac malware sample uncovered in the wild that contains code from generative AI models—officially confirming what was inevitable.

At the time of discovery, Mosyle’s security research team says the threat was undetected by all major antivirus engines. This comes nearly a year after Moonlock Lab warned about chatter on dark web forums indicating how large language models were being used to write malware targeting macOS.

If you’re running the iOS 26.3 beta, Apple has just released a new security update you can install. But there’s a catch: rather than including fixes, the update is simply testing out a new system. Here are the details. [Updated 1/8 with second release details]

We’ve recently seen how ChatGPT was used to trick Mac users into installing MacStealer, and now a different tactic has been found to persuade users to install a version of MacSync Stealer.

The Mac remains a relatively difficult target for attackers thanks to Apple’s protections against the installation of malware. However, Mac malware is on the increase, and two recently-discovered tactics discovered by security researchers highlight the creative approaches some attackers are using …

Earlier today, Apple rolled out updates for iOS, iPadOS, macOS, tvOS, watchOS, and visionOS. Now, the company has released the security content for each system update. Here are the details.

Security researchers have found that attackers are using ChatGPT to trick Mac users into pasting a command line into Terminal which installs malware. Specifically, it installs MacStealer, which allows the attacker to obtain iCloud passwords, files, and credit card details.

The attack targeted people who were searching Google for instructions on how to free up some disk space on a Mac …

The saga of a mandatory government security app which Apple and Google had to preinstall on their phones didn’t last long after Apple refused to play ball.

The Indian government had already backed down on preventing iPhone owners from deleting the “security” app, and has now made a complete U-turn in the space of just 48 hours …