Federal funding has been restored for a crucial cybersecurity program used by Apple and other tech giants, in a last-minute U-turn. Security experts had described the original decision to remove funding as stupid, dangerous, and chaotic.
However, the future of the Common Vulnerabilities and Exposures (CVE) program remains uncertain, despite its role in helping tech giants identify and fix security holes found in their products …
Apple released iOS 18.4.1, and in addition to CarPlay bug fixes, the update also patches two security vulnerabilities that Apple says were actively exploited in the wild. The security fixes are also included in macOS Sequoia 15.4.1, tvOS 18.4.1, and visionOS 2.4.1.
The CVE security program used to track vulnerabilities in both hardware and software has had its federal funding removed with immediate effect. Apple is one of a number of tech giants who rely on the Common Vulnerabilities and Exposures (CVE) program to identify security flaws in their products.
Update: CVE board members have responded by announcing a new non-profit known as the CVE Foundation, intended to continue the work – more at the end …
Car rental company Hertz says that the personal data of an unspecified number of customers was stolen, and that this includes name, contact information, date of birth, credit card information, and driver’s license information.
While the company has not revealed the scale of the security breach, it appears to be a very substantial one, affecting customers in the US, Canada, UK, EU, and Australia …
iPhone farms – banks of phones equipped with rotating temporary Apple IDs – are being used to send more 100,000 scam iMessages per day, found security researchers.
By using iMessages rather than texts, scammers can bypass spam and scam filters implemented by mobile carriers. Fraudsters don’t even need any technical skills to carry out their attacks, as there are companies offering phishing-as-a-service (PhAAS) …
At least five VPN apps in the App Store were found to have links to the Chinese military, according to a new report today. Three of them have racked up more than a million downloads.
A subsidiary of one of the Chinese companies behind the apps is currently hiring for a role in “monitoring and analysing platform data,” with a familiarity with American culture listed as a job requirement …
Today Apple released its latest array of major software updates. Now, the company has outlined all the security fixes introduced by iOS 18.4, macOS 15.4, and more.
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
For years, macOS security developers and researchers have urged Apple to add TCC events to the Endpoint Security (ES) framework. Doing so would allow them to directly trace a TCC request to the specific application (or malware) that triggered it. This could allow third-party security tools to offer real-time protection around permission requests.
The good news? Apple is finally making this happen in macOS 15.4.
The bad news? It’s rough around the edges right now.
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
For years, Apple offered its built-in Keychain password management tool tucked away in the Settings app, allowing users to automatically generate and save passwords—but quickly managing specific logins could often feel tedious. With iOS 18, iPadOS 18, and macOS Sequoia, Apple introduced the standalone Passwords app in an effort to make credential management more convenient. Still, many are skeptical about whether the new app has enough features to compete with paid password managers—or if that’s even Apple’s goal.
The criminals behind a phishing attack aimed at Windows users are now targeting Mac users instead. The goal is to steal your Apple Account credentials (aka Apple ID).
The security researchers who uncovered the scam say that it’s one of the most sophisticated attacks ever mounted against Mac users …
Today Apple released new bug fix and security updates for iPhone, iPad, Mac, and more. Though we still don’t know which specific bugs were addressed by the new software, Apple has now shared that a single security fix was implemented in iOS 18.3.2, macOS 15.3.2, and visionOS 2.3.2.
The long wait for a smarter Siri is to get even longer, with some indications that the new features we were originally expecting in iOS 18.4 may now be pushed back to iOS 19.
Apple hasn’t provided any real explanation, but two theories have so far been put forward, and now a developer and data analyst has suggested that security concerns may be a third reason – and by far the biggest problem …
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
One of the greatest benefits of Touch ID on Mac is rarely having to type your password when making purchases, signing into apps, and, of course, unlocking the device. It might be ancient technology to the iPhone at this point, but it continues to be a default luxury on Mac. If you frequent Terminal, you’ll be glad to know you can also authenticate as administrator with Touch ID for all the sudo goodness with one tap.
Apple’s Find My network lets users easily track their devices and accessories such as AirTag. However, despite having anti-stalking features, researchers at George Mason University recently discovered an exploit that lets hackers silently track any Bluetooth device through Apple’s network. The vulnerability isn’t in Apple products, but rather Linux, Android, and Windows systems…
NSO’s Pegasus spyware is one of the most frightening privacy threats an iPhone owner can face. Without you taking any action at all, it’s able to completely take over your phone, accessing almost all of the personal data stored on it, and some versions have been able to activate cameras and microphones.
Pegasus exploits zero-day vulnerabilities – security holes Apple doesn’t yet know about – but the iPhone maker has another way to fight back …
Imagine you’re on your way to dinner, walking down a decently busy street during the day. You’re using your new iPhone 16 Pro for directions before, out of nowhere, a masked individual on an e-bike whips around to your side and snatches your Desert Titanium baby and zooms off. All in seconds. This sounds like a one-off insane situation, but this is precisely what happened to Dimitar Stanimiroff last week in London, England. And he’s not alone…
The most recent statistics say a phone is stolen on average every 6 minutes in London, or about 64,000 annually. It’s so common that the City of London Police deployed special task forces to snuff out these gangs and even had to publish a blog post explaining how to protect your mobile device in public.
Over the years, Apple has made impressive strides in implementing anti-theft measures like Activation Lock and inadvertent “parts pairing” rules. These features and others are meant to deter thieves and minimize situations like Stanimiroff’s. Is it enough?
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
It was discovered last year that location data for US military and intelligence personnel serving overseas was being sold by a Florida-based data broker, but the source of that sensitive data was unclear at the time.
It’s now been claimed that the data was captured by a variety of mobile apps with revenue-sharing agreements with a Lithuanian ad-tech company, and then resold by an American company …
Apple on Monday released iOS 18.3.1 to the public, two weeks after the release of iOS 18.3. The company says iOS 18.3.1 and iPadOS 18.3.1 include “important bug fixes and security updates” – and now we know exactly which vulnerability today’s updates fix.
As of the weekend, Android users who want to download TikTok do have another option – but it’s not one I’d advise them to take. Instead, they’d be better off using the workaround available to iPhone users …
Multiple security flaws have been found in the DeepSeek iOS app, which is still one of the most popular downloads in the App Store after topping the charts when it first launched.
It’s being reported that the British government secretly ordered Apple to create a security backdoor into all content uploaded by iCloud users anywhere in the world.
Apple is certain to refuse the demand, leading to the possibility of a similar privacy stand-off to the one seen between the iPhone maker and the FBI back in the San Bernardino shooter case …
One of the promises of the App Store is that anything you download has gone through a vetting process by Apple. Occasionally though, iPhone apps with malicious code slip through the cracks, and today, researchers at Kaspersky have reported on new malware they discovered in App Store apps—which they say is ‘the first known case.’
So-called macOS Stealers – malware that seeks to extract personal data like passwords and credit card numbers from your machine – is expected to be significantly more prevalent this year.
A new annual report on the state of malware says that Mac owners could be at almost as much risk as Windows PC users this year …
