Security researchers have discovered two flaws present in all current iPhones, iPads, and Macs – as well as many earlier ones. The vulnerabilities, known as SLAP and FLOP, could potentially allow an attacker to see the current contents of your open web tabs.
The flaws were introduced in the A15 and M2 chips, and are also found in subsequent ones, up to and including the latest version of each device …
A judge has limited FBI powers to trawl through data obtained from tech giants like Apple, Google, and ISPs under FISA (the Foreign Intelligence Surveillance Act).
Separately, a Cloudflare privacy flaw has been identified in one of Apple’s IT service providers, which could have exposed the rough location of millions of web and app users before it was fixed …
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
Last weekend, Google was found again serving a malicious website at the top of Search as a sponsored result. This isn’t the first time Google Ads has approved websites with embedded malware; in fact, the first instance of this goes back to 2007 when the platform (then called Google AdWords) was promoting fake antivirus software widely referred to as “scareware” at the time. But how, in 2025, can Google, with its DeepMind and deeper pockets, still allow this to happen? How are hackers outsmarting it?
This week, I want to briefly discuss this new campaign and how they were likely able to pull it off.
Security Bite is a weekly security-focused column on 9to5Mac. Each week, I share insights on data privacy, discuss the latest vulnerabilities, and shed light on emerging threats within Apple’s vast ecosystem of over 2 billion active devices.
A Subaru security vulnerability allowed millions of cars to be remotely tracked, unlocked, and started. A full year’s worth of location history was available, and was accurate to within five meters …
A security vulnerability has been discovered in the USB-C port controller fitted to the iPhone 15 and 16. However, exploiting it would be so complex that both Apple and the security researcher who discovered it concluded that it is not a real-world threat.
However, a security concern that does pose a threat to iPhone users is a tactic scammers are using to bypass one of Apple’s built-in protections. Update: A flurry in E-ZPass scam messages appears to have been driven by a Chinese phishing kit – see new section below …
A huge data breach involving Gravy Analytics has appeared to expose precise location data for millions of users of popular smartphone apps like Candy Crush, Tinder, MyFitnessPal, and more. Here’s what you should know about the unfolding breach.
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
A new report from Check Point Research details how a new variant of the infamous Banshee stealer malware from Russian-speaking cybercriminals takes a page from Apple’s own security practices to evade detection. The malware remained undetected for over two months by cleverly incorporating the same encryption methods as Mac’s XProtect antivirus detection suite.
If you’re an avid reader of Security Bite, you’ve heard me say (more than once) that malware stealers, usually through malware-as-a-service (MaaS) business models, are currently the largest threat to Mac users. They’re destructive, targeting your iCloud Keychain passwords, cryptocurrency wallets, sensitive information from files, and even system passwords like a stealthy low-orbiting ion canon. Cybercriminals will often embed this malicious code in seemingly legitimate applications as a ploy to infect machines.
Washington State is suing T-Mobile over a 2021 security breach which exposed the personal data of some 79 million people, including 2M Washington residents. Data exposed included social security numbers, phone numbers, physical addresses, unique IMEI numbers, and driver’s license information.
The carrier is accused of failing to follow industry-standard cybersecurity processes, which allowed the breach to go unnoticed for four months …
Phishing attacks are about to get a whole lot more convincing. A new report warns that scammers are now using AI to scrape information about you from your online profiles in order to send hyper-personalized emails which target your login credentials.
By finding out everything from your employer to your interests, scammers can send emails which have a far greater chance of appearing to be genuine …
I’ve been arguing that passwords are horrible for the best part of a decade now, and was an enthusiastic early adopter of the far better approach of passkeys.
Passkeys were supposed to achieve the holy grail of an approach which is both more secure than passwords and so easy to use that everyone would adopt them. But a new piece outlines four problems with the technology …
A US Army soldier has been arrested on suspicion of extorting money from AT&T and Verizon, following data breaches which saw a massive amount of customer data obtained.
The 20-year-old was arrested near the Army base in Fort Hood, Texas, on suspicion of being the cybercriminal known as Kiberphant0m – and statements by his mother aren’t likely to help …
The Federal Trade Commission (FTC) has responded to a series of massive Marriott and Starwood data breaches, ordering the companies to make no fewer than 13 changes to ensure it can’t happen again.
More than 344 million customers were impacted by three separate security breaches, which revealed personal data that included credit card details and passport information …
While it could be argued that both are commodity products, and that Apple’s most important contribution is the HomeKit platform rather than the hardware, there seems little doubt about the opportunity here …
Did you know that Apple, for years, has had a system and process for sending ‘threat notifications’ to users of suspected spyware attacks? Here’s what that means, and new details on the guidance Apple gives users with a compromised device.
The most popular home internet router brand in the US may be banned from sale in the country over fears that it represents a threat to national security.
Three separate US agencies have opened investigations into TP-Link routers, which account for 65% of the US market, in part because badged versions are supplied to customers by more than 300 ISPs …
Amnesty International says a security vulnerability in HomeKit was used to target iPhones belonging to Serbian journalists and activists.
The civil rights organization conducted an investigation after Apple notified two of the victims that their devices had been compromised by Pegasus spyware …
If you’ve ever wondered whether security cameras and alarms are effective at deterring burglars, the answer is yes – and that comes from a very reliable source: burglars.
KGW-TV asked 86 inmates convicted of burglary what would make them more likely to rob a home, and which things would deter them …
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
Last week, I received an interesting report from the security research arm of the popular Apple device management software firm Jamf that detailed a serious but now-patched iOS and macOS vulnerability. The finding was under embargo, but today, I can finally talk about it.
Jamf Threat Labs uncovered a significant vulnerability in Apple’s iOS Transparency, Consent, and Control (TCC) subsystem on iOS and macOS that could allow malicious apps to access sensitive user data completely unnoticed without triggering any notifications or user consent prompts.
A newly-released app lets you regularly scan your iPhone for Pegasus spyware – which can access almost all the data on a phone – for a one-off cost of just one dollar.
A mobile security firm created the app, which allows you to scan your iPhone or Android phone and send the results to them for analysis – and they’ve so far detected seven phones infected by the spyware …
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
Each year, Moonlock Lab, the cybersecurity research wing of MacPaw, releases an annual report detailing the current state of the macOS threat landscape. On Tuesday, Moonlock Lab released its 2024 Threat Report, detailing how AI tools like ChatGPT are helping to write malware scripts, the shift to Malware-as-a-Service (MaaS), and other interesting statistics it’s seeing through internal data.
Popular video conferencing platform Zoom agreed to pay $85M in compensation back in 2021 after it was revealed that the company lied to users about the type of encryption it offered. It has now offered to pay an $18M fine to the Securities & Exchange Commission (SEC) in order to settle an investigation into the same security and privacy issue.
Some 11,000 Starbucks stores in North America have been hit by a ransomware attack on one of its largest IT providers. Two UK supermarket chains have also been affected by the security breach, and car-maker Ford says it is trying to determine whether its own operations have been affected …
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
Corvus, one of the leading cyber insurance providers, has published its quarterly Cyber Threat Report for Q3 2024, focused on the shifting ransomware landscape. While the rising number of ransomware attacks should be no surprise to anyone, the report outlines how cybercriminals are becoming more competitive and adopting more aggressive strategies rather than waiting for the next mass-exploit event.
If your iPhone or iPad is too old to run iOS 18, or if you’ve simply held off updating by choice, Apple is still providing key security fixes for you. The latest arrive in today’s iOS 17.7.2 and iPadOS 17.7.2, which are available now.
