At least five VPN apps in the App Store were found to have links to the Chinese military, according to a new report today. Three of them have racked up more than a million downloads.
A subsidiary of one of the Chinese companies behind the apps is currently hiring for a role in “monitoring and analysing platform data,” with a familiarity with American culture listed as a job requirement …
Today Apple released its latest array of major software updates. Now, the company has outlined all the security fixes introduced by iOS 18.4, macOS 15.4, and more.
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
For years, macOS security developers and researchers have urged Apple to add TCC events to the Endpoint Security (ES) framework. Doing so would allow them to directly trace a TCC request to the specific application (or malware) that triggered it. This could allow third-party security tools to offer real-time protection around permission requests.
The good news? Apple is finally making this happen in macOS 15.4.
The bad news? It’s rough around the edges right now.
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
For years, Apple offered its built-in Keychain password management tool tucked away in the Settings app, allowing users to automatically generate and save passwords—but quickly managing specific logins could often feel tedious. With iOS 18, iPadOS 18, and macOS Sequoia, Apple introduced the standalone Passwords app in an effort to make credential management more convenient. Still, many are skeptical about whether the new app has enough features to compete with paid password managers—or if that’s even Apple’s goal.
The criminals behind a phishing attack aimed at Windows users are now targeting Mac users instead. The goal is to steal your Apple Account credentials (aka Apple ID).
The security researchers who uncovered the scam say that it’s one of the most sophisticated attacks ever mounted against Mac users …
Today Apple released new bug fix and security updates for iPhone, iPad, Mac, and more. Though we still don’t know which specific bugs were addressed by the new software, Apple has now shared that a single security fix was implemented in iOS 18.3.2, macOS 15.3.2, and visionOS 2.3.2.
The long wait for a smarter Siri is to get even longer, with some indications that the new features we were originally expecting in iOS 18.4 may now be pushed back to iOS 19.
Apple hasn’t provided any real explanation, but two theories have so far been put forward, and now a developer and data analyst has suggested that security concerns may be a third reason – and by far the biggest problem …
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
One of the greatest benefits of Touch ID on Mac is rarely having to type your password when making purchases, signing into apps, and, of course, unlocking the device. It might be ancient technology to the iPhone at this point, but it continues to be a default luxury on Mac. If you frequent Terminal, you’ll be glad to know you can also authenticate as administrator with Touch ID for all the sudo goodness with one tap.
Apple’s Find My network lets users easily track their devices and accessories such as AirTag. However, despite having anti-stalking features, researchers at George Mason University recently discovered an exploit that lets hackers silently track any Bluetooth device through Apple’s network. The vulnerability isn’t in Apple products, but rather Linux, Android, and Windows systems…
NSO’s Pegasus spyware is one of the most frightening privacy threats an iPhone owner can face. Without you taking any action at all, it’s able to completely take over your phone, accessing almost all of the personal data stored on it, and some versions have been able to activate cameras and microphones.
Pegasus exploits zero-day vulnerabilities – security holes Apple doesn’t yet know about – but the iPhone maker has another way to fight back …
Imagine you’re on your way to dinner, walking down a decently busy street during the day. You’re using your new iPhone 16 Pro for directions before, out of nowhere, a masked individual on an e-bike whips around to your side and snatches your Desert Titanium baby and zooms off. All in seconds. This sounds like a one-off insane situation, but this is precisely what happened to Dimitar Stanimiroff last week in London, England. And he’s not alone…
The most recent statistics say a phone is stolen on average every 6 minutes in London, or about 64,000 annually. It’s so common that the City of London Police deployed special task forces to snuff out these gangs and even had to publish a blog post explaining how to protect your mobile device in public.
Over the years, Apple has made impressive strides in implementing anti-theft measures like Activation Lock and inadvertent “parts pairing” rules. These features and others are meant to deter thieves and minimize situations like Stanimiroff’s. Is it enough?
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
It was discovered last year that location data for US military and intelligence personnel serving overseas was being sold by a Florida-based data broker, but the source of that sensitive data was unclear at the time.
It’s now been claimed that the data was captured by a variety of mobile apps with revenue-sharing agreements with a Lithuanian ad-tech company, and then resold by an American company …
Apple on Monday released iOS 18.3.1 to the public, two weeks after the release of iOS 18.3. The company says iOS 18.3.1 and iPadOS 18.3.1 include “important bug fixes and security updates” – and now we know exactly which vulnerability today’s updates fix.
As of the weekend, Android users who want to download TikTok do have another option – but it’s not one I’d advise them to take. Instead, they’d be better off using the workaround available to iPhone users …
Multiple security flaws have been found in the DeepSeek iOS app, which is still one of the most popular downloads in the App Store after topping the charts when it first launched.
It’s being reported that the British government secretly ordered Apple to create a security backdoor into all content uploaded by iCloud users anywhere in the world.
Apple is certain to refuse the demand, leading to the possibility of a similar privacy stand-off to the one seen between the iPhone maker and the FBI back in the San Bernardino shooter case …
One of the promises of the App Store is that anything you download has gone through a vetting process by Apple. Occasionally though, iPhone apps with malicious code slip through the cracks, and today, researchers at Kaspersky have reported on new malware they discovered in App Store apps—which they say is ‘the first known case.’
So-called macOS Stealers – malware that seeks to extract personal data like passwords and credit card numbers from your machine – is expected to be significantly more prevalent this year.
A new annual report on the state of malware says that Mac owners could be at almost as much risk as Windows PC users this year …
A Grubhub security breach has exposed personal data for both customers and drivers, says the company, after an “incident” involving a third-party contractor.
The company has not revealed the exact scale of the security fail, but has admitted that the personal data includes names, email addresses, phone numbers, and partial credit card numbers …
A Meta policy document describes the company’s fears that it could accidentally develop an AI model which would lead to “catastrophic outcomes.” It describes its plans to prevent the release of such models, but admits that it may not be able to do so.
Among the capabilities the company most fears are an AI system that could break through the security of even the best-protected corporate or government computer network without human assistance …
A zero-click WhatsApp spyware attack was made against 90 journalists and other “civil society members,” said Meta, which managed to detect the incident.
A zero-click attack means that victims don’t need to tap on a link or take any action in order for their devices to be compromised – simply receiving the message is enough …
If you’re using the Microsoft Defender VPN on Mac or iPhone as part of your Microsoft 365 subscription, there’s bad news. The company has revealed in a support document that the privacy feature will cease to work at the end of this month …
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
Tired of hearing about DeepSeek yet? The China-based LLM chatbot beached itself onto the scene this week, dominating the tech news cycle and even taking #1 on the App Store, where it still sits as of writing. However, its rapid popularity has led to a wave of new phishing campaigns, investment scams, and macOS malware disguised as real DeepSeek applications. Here’s the latest.
You’re reading 9to5MacSecurity Bite, where each week, I share insights on data privacy, discuss the latest vulnerabilities, and shed light on emerging threats within Apple’s vast ecosystem of over 2 billion active devices.
