Intego is the leader in Mac security, protecting Apple users from the dangers of the Internet since 1997. Follow for The Mac Security Blog and Podcast updates.
“Intego achieved great success in AV-Comparatives’ Mac Security Test Series…
“AV-Comparatives’ tests are very carefully designed and executed to thoroughly and realistically simulate scenarios that face users in real life… a guarantee of an effective and reliable product.” 🏆
🚨
#CAUTION
: Intego has discovered new Mac malware, OSX/CrescentCore🌙, actively spreading in the wild. Here's everything you need to know to stay protected. 🍎🔓
#Apple
#Mac
#macOS
#malware
Intego has discovered new Mac malware spreading in the wild, designed to evade antivirus detection. 🍎🐛 Here's how to protect your Mac.
#Apple
#Mac
#macOS
#Malware
25 years ago today—May 6, 1998—Steve Jobs introduced the original, “Bondi blue” iMac at an Apple keynote in Cupertino, California.
The venue was the Flint Center for the Performing Arts at De Anza College, the same place where Jobs unveiled the original Macintosh in 1984.
#Mac
The latest Mac malware bypasses
@Apple
's security measures simply by instructing users to "right-click." 🍎🔓 Very few antivirus apps detect it. 🛡🔓 Are you protected?
#PSA
#onlinesafety
#Shlayer
#Bundlore
If you use Adobe Reader on your
#Mac
, update to the latest version now; it resolves 3 critical
#security
issues. 🍎 While you're at it, enable Protected Mode. 🔒
What were the most notable examples of Mac and iPhone malware in 2023? 🐛🍎
And what can we expect to see more of in 2024? 👾👀
Check out our latest article to find out!
👉
(Article ✍️ by
@theJoshMeister
)
21 years ago today—May 19, 2001—the first 2 physical Apple Stores opened their doors. Pundits thought they would fail, but the
#AppleStore
has been a big success.
Days earlier, Steve Jobs introduced the stores via an online video. Here's a clip of Jobs explaining the Genius Bar.
Apple has just released
#iOS
13.1.1 and
#iPadOS
13.1.1 to fix a new security vulnerability.
This update comes hot on the heels of 13.1 (released Tuesday) and 13 (released last Thursday), which also included
#security
updates.
#Apple
#iPhone
#iPad
#iPod
We’re pleased to announce that Intego’s Chief Security Analyst, Josh Long (
@theJoshMeister
), will be speaking about
#Mac
#malware
at the Objective by the Sea v2.0 conference, in Monaco on June 1–2. Come listen to some stellar
#Apple
#security
talks! 🍎🔒
📣
#OBTS
2.0 Talk Alert 📣
"Fun with Mac Malware Attribution" ()
Attribution is a tough puzzle to solve, but sometimes malware authors slip up or are rather sloppy 👾🤪
Stoked for Josh Long's (
@theJoshMeister
) research on identifying Mac adversaries 🔍👀
Apple released security patches for macOS Sonoma & iOS 17 yesterday. The updates address 2 WebKit vulnerabilities that were "actively exploited" on iPhone.
Meanwhile, several major macOS vulnerabilities remain unpatched. 👀
(Article ✍️by
@theJoshMeister
)
🚨 Important security alert for users of the Mastodon social network
(Note: The mastodon․social server, and many popular ones such as infosec․exchange, have already been patched.)
👉 For more about Mastodon safety, check out
@theJoshMeister
ʼs article:
🦣 An alternative social network is encouraging server admins to patch a major security vulnerability as soon as possible.
Roughly 20% of the top 20 instances on the official server list currently appear to be vulnerable. 👀
@theJoshMeister
@BasicAppleGuy
A few years ago, Kirk
@McElhearn
wrote “Why Apple Is Missing the Boat on Home Wi-Fi.”
He discussed, among other things, how Apple could have opted to use its Wi-Fi routers to double down on privacy (not to mention interoperability & data integrity). 🍎🛜
We've often stressed how important it is to use a VPN. On this podcast episode we welcome Andra Zaharia from
@CyberGhost_EN
to discuss why we all need a VPN at times.
🚨 Apple continues to welcome fraudulent, unethical apps into the iPhone App Store. 🐛🍎
Fake loan apps abound. A “to-do list” app pirates films. And an “energy monitoring” app steals an Android Bitcoin wallet’s name and logo. 👀‼️
✍️ by
@theJoshMeister
Watch out for phishing sites ending in “.zip” or “.mov” — Google has started selling these domains that look like file names. In some cases (like on Twitter), a typed file name may automatically become a link, which could potentially lead to a malicious domain.
Again, .zip domains should *not* be for sale. Google had the opportunity to own the .zip TLD while *not* selling domains for it, specifically to prevent this kind of abuse. There’s already an apparent Microsoft phishing site (screenshot in this thread). 🤦🏼♂️
Verified Twitter accounts were hijacked this week—what exactly happened? 🐦🔓
@McElhearn
and
@theJoshMeister
discuss the implications on today's episode of the Intego Mac Podcast
Can’t run the latest macOS version on your older Mac? There’s an app for that! 😄
Many old Macs (circa 2008 or later) can be upgraded to Monterey—unofficially, unsupported, and at your own risk—and some may soon be able to run Ventura, too.
Update: Apple released Safari 15.6.1 for macOS Big Sur and Catalina to address the WebKit vulnerability.
However, it remains unknown whether these older macOS versions are affected by the actively exploited kernel vulnerability—and whether Apple will patch them accordingly.
Happy 35th birthday to the Macintosh! Few products have ever made such an impact on the world as this incredible personal computer did in 1984. We're proud to support the Mac! ❤️
35 years ago, Macintosh said hello. It changed the way we think about computers and went on to change the world. We love the Mac, and today we’re proud that more people than ever are using it to follow their passions and create the future.
25 years ago today—August 15, 1998—Apple released the very first iMac.
Its color was called “Bondi blue,” named after the water at Sydney, Australia’s Bondi Beach.
Here’s Steve Jobs enthusiastically introducing it 3 months prior (including “the coolest mouse on the planet” 😂).
𝕏 now supports Passkeys on iOS. 🍎🔒
If you use the iPhone app, you’ll be able to enable this feature soon.
(For me, the option is not showing up yet, even with the latest version of the X app installed.)
Apple has been caught many times notarizing
#macOS
malware. This automated “stamp of approval” can enable
#malware
to infect Macs more easily.
Don’t rely on
#Apple
alone to protect your Mac—use a trusted anti-malware solution. We’ve got you covered. 😇
@objective_see
@Apple
Yes, indeed—and this isn’t even the first example of notarized, M1-native malware. Sadly, Apple’s notarization process is deeply flawed, and is easily (and frequently) rendered useless by malware makers.
#Apple
#Mac
#malware
#M1
Kudos to Apple for launching an open, comprehensive, competitive, bug-bounty program! 🍎🥰
Sure this mutually benefits security researchers & Apple, but end users should be also stoked on the increased security this brings🛡️ ...now off to submit bugs 🐛
@objective_see
Good guess about the name. 😉 Also,
@threatpost
's coverage adds additional insight into the name choice: while coming up with a name, we googled the idea "CrescentCore," and one of the top results was a 2nd variant of the unnamed malware!
#Fate
#MeantToBe
Featuring a weekly
#cybersecurity
news update from Intego's Chief Security Analyst, Josh Long (
@theJoshMeister
). Subscribe on YouTube📺 and hit the 🔔 to make sure you never miss any episodes!
Mac news sites have been reporting this week about "ShadowVault," new data-stealing macOS malware.
But nobody has actually seen any confirmed samples of it yet, and it isn't known to be in the wild. 🤔
Here's what we know about ShadowVault so far.
#Apple
On Wednesday, Apple patched 3 “actively exploited” vulnerabilities.
2 of the 3 had been used in targeted attacks to install TriangleDB malware on iPhones in Russia. 🍎👾👀
Make sure you've got the latest security updates installed!
#macOS
#iOS
There are lots of hidden features in macOS that the average user doesn't know about.
Here are 6 cool Mac features that Apple hid deep within System Settings. 🍎🔍🧑💻 (✍️ by Kirk
@McElhearn
)
September has been a big month for Mac malware campaigns. 🐛🍎
Here’s the latest news on three families of macOS stealer malware: AtomicStealer, MetaStealer, and Realst Stealer.
(Article ✍️ by
@theJoshMeister
)
#Apple