All news with #apple tag

Analyzing ClickFix: A Rising Click-to-Execute Threat

🛡️ Microsoft Threat Intelligence and Microsoft Defender Experts describe the ClickFix social engineering technique, where attackers trick users into copying and pasting commands that execute malicious payloads. Observed since early 2024 and active through 2025, these campaigns deliver infostealers, RATs, loaders, and rootkits that target Windows and macOS devices. Lures arrive via phishing, malvertising, and compromised sites and often impersonate legitimate services or CAPTCHA verifications. Organizations should rely on user education, device hardening, and Microsoft Defender XDR layered protections to detect and block ClickFix activity.

CISA Adds Apple iOS/iPadOS/macOS KEV: CVE-2025-43300

⚠️ CISA added CVE-2025-43300 to its Known Exploited Vulnerabilities (KEV) Catalog, identifying an out‑of‑bounds write in Apple iOS, iPadOS, and macOS that the agency says is under active exploitation. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by established deadlines, and CISA strongly urges all organizations to prioritize timely patching and mitigation. This vulnerability reflects a common and high-risk memory-corruption vector that can enable code execution or other severe impacts if exploited. CISA will continue to update the KEV Catalog as new evidence of exploitation emerges.

Falcon Stops COOKIE SPIDER's SHAMOS macOS Delivery

🔒 Between June and August 2025, the CrowdStrike Falcon platform blocked a widespread malware campaign that attempted to compromise more than 300 customer environments. The campaign, operated by COOKIE SPIDER and renting the SHAMOS stealer (an AMOS variant), used malvertising and malicious one-line install commands to bypass Gatekeeper and drop a Mach-O executable. Falcon detections—machine learning, IOA behavior rules and threat prevention—prevented SHAMOS at download, execution and exfiltration stages. CrowdStrike published hunting queries, mitigation guidance and IOCs including domains, a spoofed GitHub repo and multiple script and Mach-O hashes.

Tech industry must resist weakening end-to-end encryption

🔐 The UK government's proposal to require access to end-to-end encrypted data—intended to combat terrorism and child sexual abuse—would effectively demand backdoors that major vendors refuse to build. Apple removed Advanced Data Protection for UK users after a non-public notice under the Investigatory Powers Act reportedly sought access, and WhatsApp has supported Apple's stance. The article argues such per-country mandates are technically unenforceable and easily circumvented, creating border chaos and disproportionate privacy harms. ESET recommends preserving strong encryption and using court-backed, oversightable access mechanisms rather than backdoors.