Security

Researchers have discovered major Tile security flaws that could let both the company itself and a tech-savvy stalker track your location. These arise from two crucial differences between the security used for AirTags and Tile tags.

The flaw could even be exploited to allow a malicious actor to falsely frame a Tile owner for stalking, by making it appear as if one of your Tile tags is constantly in the vicinity of somebody else’s tag …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Earlier this month, Moonlock, the cybersecurity division of MacPaw, released its Mac Security Survey 2025. It surveyed nearly 2,000 macOS users about their habits, concerns, and overall perceptions of cybersecurity on Mac. Most notably, the findings reveal an interesting shift in how Mac users perceive malware and the overall strength of Apple’s defenses.

For many years, it was accepted wisdom that Mac malware wasn’t really an issue. One of the reasons for that was that the market share was simply too low to make it a worthwhile target for attackers.

Today, of course, is a very different world. Macs are the fourth most popular brand of personal computers, and as owners of a premium brand, Mac owners make a juicy target. Does that mean you need third-party antivirus software on a Mac, or are the built-in security protections good enough? A very thorough test sought to find out …

A combination of new code spotted by Macworld and 9to5Mac suggests that Apple may be set to make two iOS 26 security changes which will make iPhones safer.

Historically, Apple has issued security patches as part of a new iOS build. This has two significant disadvantages which can leave many iPhones unprotected against the latest threats for longer than necessary …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

If you upgraded to iOS 26, you know the design changes and visual overhaul of Liquid Glass are undeniably impressive. But from a security perspective, one feature in particular has piqued my interest and seemingly gone under the radar: a new permission setting for wired accessories. This overlooked feature could be one of the most practical defenses Apple has shipped in years.

Mobile carriers are very slowly getting better at detecting and blocking scam texts, but it seems the fraudsters may still be staying ahead of the game.

Scammers are now using a technology known as SMS blasters, backpack-sized devices that can trick smartphones into thinking they are cell towers …

For the past few years, Apple has been inviting experienced researchers to apply to its security program, which issues iPhones that are especially modified to make it easier to investigate vulnerabilities. Now, applications are open to next year’s program. Here’s how you can apply.

In a threat and incidents report released today, France’s Information Security Agency confirmed that Apple issued a new wave of threat notifications earlier this month. Here are the details.

After warning 9to5Mac last month about undetectable Mac malware hidden in a fake PDF converter site, Mosyle, a leader in Apple device management and security, has now uncovered a new infostealer. Dubbed ModStealer, the malware has remained invisible to all major antivirus engines since first appearing on VirusTotal nearly a month ago.

In details shared exclusively with 9to5Mac, Mosyle says ModStealer doesn’t just target macOS systems, but is cross-platform and purpose-built for one thing: stealing data.

A Plex data breach in 2022 exposed usernames, email addresses, and encrypted passwords. The company required all users to change their passwords as a precaution, and now history seems to be repeating itself.

The company is again emailing users, using virtually identical wording to describe to report a new data breach with the same data obtained …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

If you’re reading this week’s Security Bite on your desktop, look closely at your browser’s address bar. Notice how the main (root) domain is bolder, while the rest of the URL is a lighter grey? This is not an accident, it’s a purposly implemented psychological trick called salience bias. This little design choice has protected users from phishing attacks for over a decade.

A TransUnion data breach has exposed sensitive personal information for millions of US consumers, including dates of birth and social security numbers.

However, reports of a major Gmail security problem affecting all 2.5 billion users are false, though loosely based on a far more contained incident back in June …

A few days ago, Apple fixed a vulnerability on iOS and macOS that “may have been exploited in an extremely sophisticated attack against specific targeted individuals.” Now, new details have emerged, and it appears that the hacking campaign also leveraged a now-fixed WhatsApp flaw to target its victims. Here are the details.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Malware has been a persistent threat since the first virus appeared in 1982 as a prank on Apple II computers. And malware is here to stay, but not because cybercriminals and nation-states are clever (they are), but because it’s mathematically impossible to stop it.

Mosyle, a leader in Apple device management and security, has exclusively revealed to 9to5Mac details on a new Mac malware strain, dubbed “JSCoreRunner”. The zero-day threat evaded all detections on VirusTotal at the time of discovery, spreading through a malicious PDF conversion site called fileripple[.]com to trick users into downloading what appears to be a harmless utility.

The US Customs and Border Protection (CBP) carried out a record number of phone searches of travelers arriving at, or returning to, the US in the last quarter.

The legal position on these searches is unclear when it comes to US citizens, but there are steps you can take to protect your privacy …

9to5Mac is brought to you by Incogni: Protect your personal info from prying eyes. With Incogni, you can scrub your deeply sensitive information from data brokers across the web, including people search sites. Incogni limits your phone number, address, email, SSN, and more from circulating. Fight back against unwanted data brokers with a 30-day money back guarantee.

Apple uses two different forms of encryption for your iCloud data – a strong form for particularly sensitive data like the Health and Journal apps, but a weaker one for a lot of other data you still wouldn’t want falling into the wrong hands.

Fortunately the company gives you the option of switching to strong encryption for all your iCloud data, and while there are a few steps involved, it’s a worthwhile security and privacy safeguard …

Apple has frequently argued that it is reasonable for it to have monopolistic control over the sale of iPhone apps because it vets them for safety and security. This has been called into question over scam apps accepted into the App Store, and the same questions are being asked regarding the Tea app.

The so-called dating advice app has been revealed to have major security vulnerabilities, which have exposed private chats and personal data of tens of thousands of women …

Apple encourages security researchers to seek out and report vulnerabilities in its devices and apps, in return for which it pays bug bounties of up to $2M.

However, one security researcher who reported a Safari vulnerability Apple graded as Critical, and gave a severity score of 9.8 out of 10, says they were paid only $1,000 …

Two major security vulnerabilities in the Tea app – which claims to make dating safer for women – have exposed the private chats and personal data of at least tens of thousands of users.

The app, designed to allow women to share “red flags” for men they had dated, claimed four million active users after it hit the top slot in the App Store last week …

9to5Mac is brought to you by Incogni: Protect your personal info from prying eyes. With Incogni, you can scrub your deeply sensitive information from data brokers across the web, including people search sites. Incogni limits your phone number, address, email, SSN, and more from circulating. Fight back against unwanted data brokers with a 30-day money back guarantee.

Apple has a reputation for prioritizing the privacy of its customers, and that commitment begins right at the chip design level.

Here’s a look at the eight layers of Apple security protecting the personal data stored on both your Apple devices and in iCloud …