Security

Have you noticed your iPhone jump onto a WiFi network when you’re away from home without asking first? Or maybe you want to check what networks your iPhone is auto-joining? Follow along for how to turn off iPhone WiFi auto-join for public and carrier networks.

SIM swaps are one of the biggest security threats we face, allowing criminals to access most services protected by two-factor authentication. The situation could be about to get even worse, as we learn of an apparent large-scale attempt to bribe T-Mobile and Verizon workers to facilitate the swaps.

While new rules and security features are supposed to make these attacks harder to pull off, now would be an excellent time to ensure your accounts are protected by authenticator apps rather than text messages …

Cybercrime is on an unprecedented rise. A new Statista Market Insights survey predicts that the annual cost of cyberattacks will reach $9.2 trillion this year. For perspective, that’s about one-third of the United States’ GDP or 24 times Apple’s annual revenue in 2023.

Here’s what I’ve learned after calling up a few industry professionals.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Considering a career change? The prices of zero-day hacking tools continue to rise. In a new pricing list published this week, spotted by TechCrunch, startup Crowdfense said that it will pay between $5 and $7 million for zero-days to break into iPhones.

Email security today has many shortcomings. It is widely known that email service providers cannot prevent every suspicious email from being received. However, a new study by web browser security startup SquareX reveals how little companies are doing to block malicious attachments and protect users.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

During an analysis of various splinter samples of a noteworthy macOS stealer, security researchers at Moonlock discovered one with an alarming level of sophistication. Under the disguise of the unreleased video game GTA 6, once installed, the malware executes rather clever techniques to extract sensitive information, such as passwords from a user’s local Keychain.

In typical Security Bite fashion, here’s the breakdown: how it works and how to stay safe.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

There are many known phishing attacks that target users of Apple devices to gain access to their Apple ID. However, a new “elaborate” attack uses a bug in the Apple ID password reset feature with “push bombing” or “MFA fatigue” techniques to flood Apple devices with password reset requests.

iOS includes an iMessage security feature called Contact Key Verification (CKV) that gives users more certainty they’re messaging with the people they think they are. Follow along for what this feature is, how it works, and how to turn on Contact Key Verification on for iMessage.

iOS 17.4.1 and macOS 14.4.1 have arrived for all users after the major iOS 17.4/macOS 14.4 updates. Now Apple has revealed what important security patches come with the latest updates for iPhone, Mac, and more.

Two senators who have received classified TikTok national security briefings say that the information revealed to them has left them “deeply troubled.”

They are calling for the information to be declassified, as they say it is “critically important” that the American people can consider the issues for themselves – especially if they currently use the Chinese-owned app …

Update: Apple released details on the security patches for iOS 17.4.1, iPadOS 17.4.1, visionOS 1.1.1, as well as macOS 14.4.1. They all patch an integer overflow vulnerability in two separate frameworks. Apple didn’t say whether it was being actively exploited. More details can be found here.

Last week, Apple released iOS 17.4.1 with rather vague release notes claiming to include important bug fixes and security patches. Two days later, the company has yet to add any specifics. This is unusual for Apple, which typically lists critical security patches hours after a release and suggests that the ones in iOS 17.4.1 could be significant or something else entirely…

University researchers have found an unpatchable security flaw in Apple Silicon Macs, which would allow an attacker to break encryption and get access to cryptographic keys.

The flaw is present in M1, M2, and M3 chips, and because the failing is part of the architecture of the chips, there’s no way for Apple to fix it in current devices …

Ever wonder what malware can your Mac detect and remove without any third-party software? Recently, security researchers have correlated some bizarre macOS YARA rules used by the built-in XProtect suite with their public names. Here’s what malware it looks for…

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

ExpressVPN has been making impressive moves in the hardware space since the introduction of the Aircove router in 2022. Today, the popular virtual private network provider is expanding its lineup by launching its first portable Wi-Fi 6 router with built-in VPN protection. Meet Aircove Go.

Apple on Tuesday released an update for GarageBand, its digital audio workstation software. However, although the update doesn’t add any new features, it does bring an important security patch for for GarageBand users on macOS. Read on as we detail which exploit today’s update fixes.

An Android trojan called GoldDigger surfaced last year that can steal biometric data and more from victims to compromise their bank accounts. Now the threat has evolved into the GoldPickaxe trojan that can infect iOS and Android. Fortunately, there are several simple ways to protect against the first iPhone trojan, here’s what you should know.

CISA says two systems were hacked in February through vulnerabilities in Ivanti products. In response, the agency had to shut down both systems, which reportedly had critical ties to U.S. infrastructure.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

We learned with the public launch of iOS 17.4 that Apple included fixes for two exploited vulnerabilities and two other security issues. Now with the arrival of macOS 14.4, there are over 50 security patches and the list of security fixes for iOS 17.4 has been updated to over 40.

Yesterday’s global meta outage seemingly took out the company’s entire network, with users unable to access Facebook, Messenger, Instagram, Threads, and Quest headsets.

The outage lasted between one and two hours for most users, and while everything now appears back to normal, questions are naturally being asked about what went wrong …

Regain clarity with CleanMyPhone by MacPaw — the new AI-powered cleaning app that quickly identifies and removes blurred images, screenshots, and other clutter from your device. Download it now with a free trial.

iOS 17.4 is here for all users and comes with lots of changes including new emoji, a CarPlay update, EU App Store changes, quantum security for iMessage, and more. However, there are also important security fixes with the release. Here are all the details.