Gatekeeper Alone Won’t Mitigate Apple Keychain Attack

Apple said that macOS’ native Gatekeeper security feature would protect against a Keychain attack disclosed this week, but researcher Patrick Wardle said that won’t help against Mac malware signed with an Apple certificate. Continue reading Gatekeeper Alone Won’t Mitigate Apple Keychain Attack

macOS High Sierra Available—And Vulnerable to Keychain Attack

Researcher Patrick Wardle has discovered a critical vulnerability that allows an attacker to dump passwords in plaintext from the macOS Keychain. The vulnerability is in macOS High Sierra, Sierra and El Capitan, and has yet to be patched. Continue reading macOS High Sierra Available—And Vulnerable to Keychain Attack

Deprecated, Insecure Apple Authorization API Can Be Abused to Run Code at Root

An insecure Apple authorization API is used by numerous popular third-party application installers and can be abused by attackers ro run code as root. Continue reading Deprecated, Insecure Apple Authorization API Can Be Abused to Run Code at Root

Deprecated, Insecure Apple Authorization API Can Be Abused to Run Code at Root

An insecure Apple authorization API is used by numerous popular third-party application installers and can be abused by attackers ro run code as root. Continue reading Deprecated, Insecure Apple Authorization API Can Be Abused to Run Code at Root

macOS Fruitfly Backdoor Analysis Renders New Spying Capabilities

This week at Black Hat, Mac malware expert Patrick Wardle will describe how he used a custom-built command and control server to analyze new spying capabilities in a variant of the FruitFly backdoor. Continue reading macOS Fruitfly Backdoor Analysis Renders New Spying Capabilities

Patrick Wardle on MacRansom Ransomware-as-a-Service

Patrick Wardle of Synack and the Objective-See blog talks to Mike Mimoso about the emergence of a ransomware service targeting MacOS machines. Wardle explains why he characterizes MacRansom as “lame” and whether this could kick off a wave of copycats vying for the Apple platform. Continue reading Patrick Wardle on MacRansom Ransomware-as-a-Service

Free Mac-Based Ransomware-as-a-Service MacRansom Surfaces

A new, free macOS-based ransomware as a service has surfaced on the darkweb. Researchers say once the malware encrypts users’ files, they’re “pretty much gone for good.” Continue reading Free Mac-Based Ransomware-as-a-Service MacRansom Surfaces