Tag: apple

macOS Flaw Allows TCC Bypass, Exposing Sensitive User Information

Jan 6, 2026 3:52 PM

Tags: apple, control, cve, cyber, data, flaw, framework, macOS, service, unauthorized, vulnerability

Apple’s accessibility framework has been found vulnerable to a critical Transparency, Consent, and Control (TCC) bypass that exposes sensitive user data and enables arbitrary AppleScript execution. Researchers have disclosed CVE-2025-43530, a vulnerability in the ScreenReader.The framework’s MIG service permits attackers to execute unauthorized AppleScript commands and send AppleEvents to protected processes without user consent. The…
6 strategies for building a high-performance cybersecurity team

Jan 6, 2026 8:52 AM

Tags: advisory, ai, apple, attack, business, ciso, communications, compliance, cyber, cybersecurity, data, defense, intelligence, resilience, risk, service, skills, strategy, technology, threat, tool, training, update, vulnerability

2. Be clear on the mission: Sharon Chand, US cyber defense and resilience leader at professional services firm Deloitte, says a characteristic of a high-performing team is alignment on the team’s mission.To do that, though, team members need to know what the mission is and buy into it.”It has to be a very clear mission…
6 strategies for building a high-performance cybersecurity team

Jan 6, 2026 8:52 AM

Tags: advisory, ai, apple, attack, business, ciso, communications, compliance, cyber, cybersecurity, data, defense, intelligence, resilience, risk, service, skills, strategy, technology, threat, tool, training, update, vulnerability

2. Be clear on the mission: Sharon Chand, US cyber defense and resilience leader at professional services firm Deloitte, says a characteristic of a high-performing team is alignment on the team’s mission.To do that, though, team members need to know what the mission is and buy into it.”It has to be a very clear mission…
Top 10 surveillance, journalism and encryption stories of 2025

Dec 31, 2025 11:52 AM

Tags: apple, encryption, privacy

A transatlantic row between the UK and the Trump administration erupted after the UK attempted to force Apple to break its advanced encryption. That was just one of a series of stories reporting on the tension between state surveillance and privacy this year First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366636284/Top-10-surveillance-journalism-and-encryption-stories-of-2025
Apple’s App Store Source Map Leak: A Preventable Vulnerability We Found in 70% of Organizations

Dec 30, 2025 9:52 PM

Tags: apple, leak, risk, vulnerability

Apple’s App Store source map leak shows a preventable risk we found in 70% of organizations shipping production web apps. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/apples-app-store-source-map-leak-a-preventable-vulnerability-we-found-in-70-of-organizations/
Apple’s App Store Source Map Leak: A Preventable Vulnerability We Found in 70% of Organizations

Dec 30, 2025 9:52 PM

Tags: apple, leak, risk, vulnerability

Apple’s App Store source map leak shows a preventable risk we found in 70% of organizations shipping production web apps. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/apples-app-store-source-map-leak-a-preventable-vulnerability-we-found-in-70-of-organizations/
Dünner als iPhone Air? Youtuber leakt Bilder des faltbaren iPhones trotz Apple-Klage

Dec 27, 2025 5:55 PM

Tags: apple, iphone

First seen on t3n.de Jump to article: t3n.de/news/bilder-iphone-fold-apple-klage-1723204/
TDL 012 – The Architect of the Internet on the Future of Trust

Dec 27, 2025 5:55 AM

Tags: ai, apple, breach, browser, business, cctv, computing, control, credit-card, data, dns, email, google, infrastructure, intelligence, Internet, jobs, law, mail, metric, microsoft, network, privacy, radius, russia, service, spam, threat, ukraine, vulnerability

Summary In this episode of The Defenders Log, Paul Mockapetris, the architect of DNS, discusses the evolving role of the Domain Name System from a simple directory to a sophisticated security tool. He posits that modern networking requires “making sure DNS doesn’t work when you don’t want it to,” comparing DNS filtering to essential services…
New MacSync macOS Stealer Uses Signed App to Bypass Apple Gatekeeper

Dec 24, 2025 7:19 PM

Tags: apple, cybersecurity, macOS

Cybersecurity researchers have discovered a new variant of a macOS information stealer called MacSync that’s delivered by means of a digitally signed, notarized Swift application masquerading as a messaging app installer to bypass Apple’s Gatekeeper checks.”Unlike earlier MacSync Stealer variants that primarily rely on drag-to-terminal or ClickFix-style techniques, this sample adopts a more First seen…
Italian regulator rules Apple’s ATT feature limits competition

Dec 24, 2025 3:19 PM

Tags: apple, framework

Italy fined Apple Euro98.6 million, ruling its App Tracking Transparency feature limited competition in the App Store. Italy’s antitrust authority fined Apple Euro98.6 million ($116 million) for ruling that its App Tracking Transparency framework restricted competition in the App Store. >>The Italian Competition Authority has imposed a 98,635,416.67 euro fine on Apple Inc., Apple Distribution…
Italy Fines Apple Euro98.6 Million Over ATT Rules Limiting App Store Competition

Dec 24, 2025 9:19 AM

Tags: apple, framework, privacy

Apple has been fined Euro98.6 million ($116 million) by Italy’s antitrust authority after finding that the company’s App Tracking Transparency (ATT) privacy framework restricted App Store competition.The Italian Competition Authority (AutoritÃ Garante della Concorrenza e del Mercato, or AGCM) said the company’s “absolute dominant position” in app distribution allowed it to “unilaterally impose” First seen…
Reworked MacSync Stealer Adopts Quieter Installation Process

Dec 23, 2025 6:19 PM

Tags: apple, macOS, malware

A newly discovered macOS malware mimics legitimate apps code-signed and notarized by Apple First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/signed-variant-macsync-stealer/
MacSync Stealer Malware Targets macOS Users Through Digitally Signed Apps

Dec 23, 2025 2:19 PM

Tags: apple, cyber, macOS, malware, software, threat

Jamf Threat Labs has uncovered a new MacSync Stealer campaign that significantly raises the bar for macOS malware delivery by abusing Apple’s own trust mechanisms. The latest variant is delivered as a fully code”‘signed and notarized Swift application, allowing it to masquerade as legitimate software while executing a stealthy, multi”‘stage infostealing routine in the background.…
Italy fines Apple $116 million over App Store privacy policy issues

Dec 23, 2025 12:19 PM

Tags: apple, framework, mobile, privacy

Italy’s competition authority (AGCM) has fined Apple Euro98.6 million ($116 million) for using the App Tracking Transparency (ATT) privacy framework to abuse its dominant market position in mobile app advertising. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/italy-fines-apple-116-million-over-app-store-tracking-privacy-practices/
Italy fines Apple $116 million over App Store privacy policy issues

Dec 23, 2025 12:19 PM

Tags: apple, framework, mobile, privacy

Italy’s competition authority (AGCM) has fined Apple Euro98.6 million ($116 million) for using the App Tracking Transparency (ATT) privacy framework to abuse its dominant market position in mobile app advertising. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/italy-fines-apple-116-million-over-app-store-tracking-privacy-practices/
Italy fines Apple $116 million over App Store privacy policy issues

Dec 23, 2025 12:19 PM

Tags: apple, framework, mobile, privacy

Italy’s competition authority (AGCM) has fined Apple Euro98.6 million ($116 million) for using the App Tracking Transparency (ATT) privacy framework to abuse its dominant market position in mobile app advertising. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/italy-fines-apple-116-million-over-app-store-tracking-privacy-practices/
Insider Threat: Hackers Paying Company Insiders to Bypass Security

Dec 22, 2025 1:19 PM

Tags: access, apple, cyber, dark-web, finance, hacker, threat

A new report from Check Point Research reveals a growing trend of cyber criminals recruiting employees at banks, telecoms, and tech giants. Learn how hackers use the darknet and Telegram to offer payouts up to $15,000 for internal access to companies like Apple, Coinbase, and the Federal Reserve. First seen on hackread.com Jump to article:…
pearOS is a Linux that falls rather close to the Apple tree

Dec 20, 2025 10:19 PM

Tags: apple, linux, macOS

Revived distro returns on Arch with KDE Plasma, global menus, and a familiar macOS-style sheen First seen on theregister.com Jump to article: www.theregister.com/2025/12/19/pearos/
U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

Dec 18, 2025 12:19 PM

Tags: apple, cisa, cisco, cybersecurity, exploit, flaw, infrastructure, kev, vulnerability

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: Cisco reported a December 10 campaign…
U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

Dec 18, 2025 12:19 PM

Tags: apple, cisa, cisco, cybersecurity, exploit, flaw, infrastructure, kev, vulnerability

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: Cisco reported a December 10 campaign…
When Zero-Days Go Active: What Ongoing Windows, Chrome, and Apple Exploits Reveal About Modern Intrusion Risk

Dec 17, 2025 9:19 PM

Tags: apple, attack, browser, chrome, exploit, google, hacker, risk, vulnerability, windows, zero-day

A series of actively exploited zero-day vulnerabilities affecting Windows, Google Chrome, and Apple platforms was disclosed in mid-December, according to The Hacker News, reinforcing a persistent reality for defenders: attackers no longer wait for exposure windows to close. They exploit them immediately. Unlike large-scale volumetric attacks that announce themselves through disruption, zero-day exploitation operates quietly.…
Devs say Apple still flouting EU’s Digital Markets Act six months on

Dec 17, 2025 7:19 PM

Tags: apple, compliance

Coalition for App Fairness warns App Store fees remain unlawful despite non-compliance ruling First seen on theregister.com Jump to article: www.theregister.com/2025/12/16/apple_dma_complaint/
CISA Alerts on Apple WebKit Zero-Day Actively Used in Cyberattacks

Dec 16, 2025 9:19 PM

Tags: apple, cisa, cve, cyber, cyberattack, cybersecurity, exploit, infrastructure, kev, macOS, risk, vulnerability, zero-day

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical zero-day vulnerability affecting multiple Apple products to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. CVE-2025-43529 represents a severe use-after-free vulnerability in WebKit, Apple’s rendering engine, that poses a significant risk to millions of users across iOS, iPadOS, macOS, and other…
CISA Alerts on Apple WebKit Zero-Day Actively Used in Cyberattacks

Dec 16, 2025 9:19 PM

Tags: apple, cisa, cve, cyber, cyberattack, cybersecurity, exploit, infrastructure, kev, macOS, risk, vulnerability, zero-day

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical zero-day vulnerability affecting multiple Apple products to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. CVE-2025-43529 represents a severe use-after-free vulnerability in WebKit, Apple’s rendering engine, that poses a significant risk to millions of users across iOS, iPadOS, macOS, and other…
Apple blocks dev from all accounts after he tries to redeem bad gift card

Dec 16, 2025 6:24 PM

Tags: apple

Paris Buttfield-Addison literally wrote books on Swift First seen on theregister.com Jump to article: www.theregister.com/2025/12/15/apple_dev_bad_gift_card_code/
Apple Patches More Zero-Days Used in ‘Sophisticated’ Attack

Dec 15, 2025 11:19 PM

Tags: apple, attack, flaw, google, vulnerability, zero-day

Two Apple zero-day vulnerabilities discovered this month have overlap with another mysterious zero-day flaw Google patched last week. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/apple-patches-more-zero-days-sophisticated-attack
U.S. CISA adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog

Dec 15, 2025 9:19 PM

Tags: apple, cisa, cybersecurity, exploit, flaw, infrastructure, kev, vulnerability

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: Last week, Apple and…
U.S. CISA adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog

Dec 15, 2025 9:19 PM

Tags: apple, cisa, cybersecurity, exploit, flaw, infrastructure, kev, vulnerability

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: Last week, Apple and…
NDSS 2025 Evaluating Users’ Comprehension and Perceptions of the iOS App Privacy Report

Dec 15, 2025 7:19 PM

Tags: access, apple, conference, data, Internet, LLM, network, phone, privacy, tool

Session 6A: LLM Privacy and Usable Privacy Authors, Creators & Presenters: Xiaoyuan Wu (Carnegie Mellon University), Lydia Hu (Carnegie Mellon University), Eric Zeng (Carnegie Mellon University), Hana Habib (Carnegie Mellon University), Lujo Bauer (Carnegie Mellon University) PAPER Transparency or Information Overload? Evaluating Users’ Comprehension and Perceptions of the iOS App Privacy Report Apple’s App Privacy…
NDSS 2025 Evaluating Users’ Comprehension and Perceptions of the iOS App Privacy Report

Dec 15, 2025 7:19 PM

Tags: access, apple, conference, data, Internet, LLM, network, phone, privacy, tool

Session 6A: LLM Privacy and Usable Privacy Authors, Creators & Presenters: Xiaoyuan Wu (Carnegie Mellon University), Lydia Hu (Carnegie Mellon University), Eric Zeng (Carnegie Mellon University), Hana Habib (Carnegie Mellon University), Lujo Bauer (Carnegie Mellon University) PAPER Transparency or Information Overload? Evaluating Users’ Comprehension and Perceptions of the iOS App Privacy Report Apple’s App Privacy…