Security

Apple encourages security researchers to seek out and report vulnerabilities in its devices and apps, in return for which it pays bug bounties of up to $2M.

However, one security researcher who reported a Safari vulnerability Apple graded as Critical, and gave a severity score of 9.8 out of 10, says they were paid only $1,000 …

Two major security vulnerabilities in the Tea app – which claims to make dating safer for women – have exposed the private chats and personal data of at least tens of thousands of users.

The app, designed to allow women to share “red flags” for men they had dated, claimed four million active users after it hit the top slot in the App Store last week …

9to5Mac is brought to you by Incogni: Protect your personal info from prying eyes. With Incogni, you can scrub your deeply sensitive information from data brokers across the web, including people search sites. Incogni limits your phone number, address, email, SSN, and more from circulating. Fight back against unwanted data brokers with a 30-day money back guarantee.

Apple has a reputation for prioritizing the privacy of its customers, and that commitment begins right at the chip design level.

Here’s a look at the eight layers of Apple security protecting the personal data stored on both your Apple devices and in iCloud …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

I’ve recently fallen into the rabbit hole of lesser-known Terminal features. These past months, I covered everything from enabling Touch ID for sudo authentication to cleaning up public Wi-Fi connections stored on your Mac. I want to share even more neat features you probably didn’t know Terminal could do. These can be helpful if you’re an everyday Mac user or managing an enterprise fleet. Now, allow me to elevate your command-line prowess further.

More than 10,000 organizations around the world are at risk from hackers after a serious security flaw was discovered in Microsoft’s popular Sharepoint platform, used to store and share confidential documents. The majority of companies at risk are said to be in the US.

Update: Bloomberg reports that the National Nuclear Security Administration was among the organizations breached – see the end of the piece …

We learned earlier this year that the British government had secretly ordered Apple to create a backdoor into encrypted data for all iCloud users worldwide. Specifically, it wanted a way to see personal data protected by Apple’s introduction of Advanced Data Protection (ADP), which extended end-to-end encryption to almost all iCloud data, meaning not even the iPhone maker could access it.

Apple has been fighting the secret order in secret court hearings, but it now appears that the US government is using technology agreement negotiations to force Britain to back down …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

In a Bluetooth Impersonation Attack (or BIAS), hackers can exploit weaknesses in the Bluetooth protocol to impersonate a trusted device. “BOSE QC Headphones” in the Bluetooth menu could be a low-orbiting ion cannon waiting for an end-user to connect to it before unleashing all sorts of damage.

This week, I want to again share how hackers can use Flipper Zero to send sneaky keystrokes to a Mac if a victim connects to a potentially malicious Bluetooth device. This isn’t going to be a complete tutorial since there are tons of guides out there already. Instead, I want to point out how easy it is to pull this off, to make you a bit more paranoid.

The privacy-focused web browser DuckDuckGo has boosted its anti-scam features. It can now detect and block fake ecommerce stores, crypto sites, virus alerts, and more.

The new security feature is completely free for all users on both Mac and iOS browsers, with no Privacy Pro subscription needed …

Security researchers have discovered what they describe as “one of the largest data breaches in history,” comprising a staggering 16 billion logins, which include Apple accounts (formerly known as Apple IDs).

The researchers said that the stolen data gives cybercriminals “unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing” …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Each year, Jamf—the popular Apple device management platform—releases its Security 360: Annual Trends Report, which gives a broad outlook of the macOS threat landscape currently facing businesses and users. The analysis uses anonymized real-world data collected from 1.4 million Macs across 90 countries with Jamf software installed.

Today, Jamf is out with its 2025 edition, which spans the previous 12 months. The report offers many shocking insights, most notably a 28% spike in infostealer malware, making it the leading Mac malware family type.

Scammers are using AI tools to create increasingly convincing ways to trick victims into sending money, and to access the personal information needed to commit identity theft. Deepfakes mean they can impersonate the voice of a friend or family member, and even fake a video call with them!

The result can be criminals taking out thousands of dollars worth of loans or credit card debt in your name. Fortunately there are steps you can take to protect yourself against even the most sophisticated scams. Here are the security and privacy checks to run to ensure you are safe …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Earlier this week, during its annual WWDC keynote, Apple unveiled a slew of headline features like Liquid Glass, a new Games app, and Visual Intelligence, as well as two major spam protection tools coming to iOS 26 this fall. While I was a little disappointed in the lack of new security or even privacy features, these new tools will change the game for users who receive annoying spam calls and messages on the daily. Here’s how they work.

Today, Apple confirmed (via TechCrunch) that a zero-day flaw used to deploy mercenary spyware onto journalists’ iPhones was quietly patched earlier this year, with the iOS 18.3.1 update.

A massive international law enforcement operation coordinated by Interpol has seen one of the biggest ever takedowns of a malware network.

The simultaneous strike across 26 countries resulted in more than 20,000 domains being taken offline, and the arrest of 32 suspects …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

It’s no secret that AI is improving the way scammers operate. Phishing texts are more convincing than ever, and malicious emails can look legitimate for longer than just a glance. Attackers are getting smarter about how they trick people into handing over money or personal info. But the good guys are getting better, too.

Earlier this week, Malwarebytes, best known for its real-time anti-malware protection software, launched a new AI-powered feature aimed specifically at mobile scams. I’ve been testing it out for the past few days. Here’s how it works and my quick thoughts on it.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

We’re officially just over a week away from WWDC 2025. While we expect big design enhancements and much-needed Apple Intelligence improvements to iOS, Apple has the opportunity to do something it’s quite good at: flexing its privacy prowess.

Apple login credentials were among a massive database of 184 million records found sitting unprotected on a web server. Other logins included Facebook, Google, Instagram, Microsoft, and PayPal.

The owner of the database is unclear, but the security researcher who discovered it says that it amounts to “a cybercriminal’s dream working list” …