Security

Today Apple released new bug fix and security updates for iPhone, iPad, Mac, and more. Though we still don’t know which specific bugs were addressed by the new software, Apple has now shared that a single security fix was implemented in iOS 18.3.2, macOS 15.3.2, and visionOS 2.3.2.

The long wait for a smarter Siri is to get even longer, with some indications that the new features we were originally expecting in iOS 18.4 may now be pushed back to iOS 19.

Apple hasn’t provided any real explanation, but two theories have so far been put forward, and now a developer and data analyst has suggested that security concerns may be a third reason – and by far the biggest problem …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

One of the greatest benefits of Touch ID on Mac is rarely having to type your password when making purchases, signing into apps, and, of course, unlocking the device. It might be ancient technology to the iPhone at this point, but it continues to be a default luxury on Mac. If you frequent Terminal, you’ll be glad to know you can also authenticate as administrator with Touch ID for all the sudo goodness with one tap.

There are two new reports of Mac malware in the wild, with the first of them set to be blocked by an update expected this week.

There’s no word yet on a fix for the second, but you’d have to be a pretty naive Mac user to fall for it …

Apple’s Find My network lets users easily track their devices and accessories such as AirTag. However, despite having anti-stalking features, researchers at George Mason University recently discovered an exploit that lets hackers silently track any Bluetooth device through Apple’s network. The vulnerability isn’t in Apple products, but rather Linux, Android, and Windows systems…

NSO’s Pegasus spyware is one of the most frightening privacy threats an iPhone owner can face. Without you taking any action at all, it’s able to completely take over your phone, accessing almost all of the personal data stored on it, and some versions have been able to activate cameras and microphones.

Pegasus exploits zero-day vulnerabilities – security holes Apple doesn’t yet know about – but the iPhone maker has another way to fight back …

Imagine you’re on your way to dinner, walking down a decently busy street during the day. You’re using your new iPhone 16 Pro for directions before, out of nowhere, a masked individual on an e-bike whips around to your side and snatches your Desert Titanium baby and zooms off. All in seconds. This sounds like a one-off insane situation, but this is precisely what happened to Dimitar Stanimiroff last week in London, England. And he’s not alone…

The most recent statistics say a phone is stolen on average every 6 minutes in London, or about 64,000 annually. It’s so common that the City of London Police deployed special task forces to snuff out these gangs and even had to publish a blog post explaining how to protect your mobile device in public.

Over the years, Apple has made impressive strides in implementing anti-theft measures like Activation Lock and inadvertent “parts pairing” rules. These features and others are meant to deter thieves and minimize situations like Stanimiroff’s. Is it enough?

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

It was discovered last year that location data for US military and intelligence personnel serving overseas was being sold by a Florida-based data broker, but the source of that sensitive data was unclear at the time.

It’s now been claimed that the data was captured by a variety of mobile apps with revenue-sharing agreements with a Lithuanian ad-tech company, and then resold by an American company …

Apple on Monday released iOS 18.3.1 to the public, two weeks after the release of iOS 18.3. The company says iOS 18.3.1 and iPadOS 18.3.1 include “important bug fixes and security updates” – and now we know exactly which vulnerability today’s updates fix.

Neither Apple nor Google have returned TikTok to their respective app stores, and with very good reason: the supposed get-out-of-jail-free card offered by Trump is nothing of the sort. Both companies would be left exposed to hundreds of billions of dollars of liability.

As of the weekend, Android users who want to download TikTok do have another option – but it’s not one I’d advise them to take. Instead, they’d be better off using the workaround available to iPhone users …

Multiple security flaws have been found in the DeepSeek iOS app, which is still one of the most popular downloads in the App Store after topping the charts when it first launched.

The latest findings are far worse than the previous security failure which exposed chat history and other sensitive information in a database requiring no authentication …

It’s being reported that the British government secretly ordered Apple to create a security backdoor into all content uploaded by iCloud users anywhere in the world.

Apple is certain to refuse the demand, leading to the possibility of a similar privacy stand-off to the one seen between the iPhone maker and the FBI back in the San Bernardino shooter case …

One of the promises of the App Store is that anything you download has gone through a vetting process by Apple. Occasionally though, iPhone apps with malicious code slip through the cracks, and today, researchers at Kaspersky have reported on new malware they discovered in App Store apps—which they say is ‘the first known case.’

So-called macOS Stealers – malware that seeks to extract personal data like passwords and credit card numbers from your machine – is expected to be significantly more prevalent this year.

A new annual report on the state of malware says that Mac owners could be at almost as much risk as Windows PC users this year …

A Grubhub security breach has exposed personal data for both customers and drivers, says the company, after an “incident” involving a third-party contractor.

The company has not revealed the exact scale of the security fail, but has admitted that the personal data includes names, email addresses, phone numbers, and partial credit card numbers …

A Meta policy document describes the company’s fears that it could accidentally develop an AI model which would lead to “catastrophic outcomes.” It describes its plans to prevent the release of such models, but admits that it may not be able to do so.

Among the capabilities the company most fears are an AI system that could break through the security of even the best-protected corporate or government computer network without human assistance …

A zero-click WhatsApp spyware attack was made against 90 journalists and other “civil society members,” said Meta, which managed to detect the incident.

A zero-click attack means that victims don’t need to tap on a link or take any action in order for their devices to be compromised – simply receiving the message is enough …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Tired of hearing about DeepSeek yet? The China-based LLM chatbot beached itself onto the scene this week, dominating the tech news cycle and even taking #1 on the App Store, where it still sits as of writing. However, its rapid popularity has led to a wave of new phishing campaigns, investment scams, and macOS malware disguised as real DeepSeek applications. Here’s the latest.

You’re reading 9to5Mac Security Bite, where each week, I share insights on data privacy, discuss the latest vulnerabilities, and shed light on emerging threats within Apple’s vast ecosystem of over 2 billion active devices.

Security researchers have discovered two flaws present in all current iPhones, iPads, and Macs – as well as many earlier ones. The vulnerabilities, known as SLAP and FLOP, could potentially allow an attacker to see the current contents of your open web tabs.

The flaws were introduced in the A15 and M2 chips, and are also found in subsequent ones, up to and including the latest version of each device …

A judge has limited FBI powers to trawl through data obtained from tech giants like Apple, Google, and ISPs under FISA (the Foreign Intelligence Surveillance Act).

Separately, a Cloudflare privacy flaw has been identified in one of Apple’s IT service providers, which could have exposed the rough location of millions of web and app users before it was fixed …