While I’m not currently maintaining this site, I should flag the pretty good MacOS Malware Pedia implemented by Checkpoint. Hat tip to Virus Bulletin, who drew my attention to that page in their March 11th newsletter.

Added to the Malware Descriptions page.

David Harley

For the present, I’m not working in the security industry (apart from working on the occasional book), so I shan’t be regularly maintaining this blog, though I’ll keep it intact for the present in case people still find some use for what’s here.

I don’t plan to look for another security job at present, but never say never: this site might just surprise you. 🙂

David Harley

Bleeping Computer: WebKit Vulnerability Affects Latest Versions of Apple Safari

“A researcher published exploit code for a vulnerability in WebKit, the web browser engine that powers Apple’s Safari, along with other apps on macOS, iOS, and Linux.”

David Harley

Apologies for the continuing silence from this page, due to bereavement and personal illness. I still don’t have much time to give to this project at the moment, but here are a few ‘catch-ups’.

• A big dollop of Apple updates across practically everything, summarized here by The Register: It’s December 2018, and a rogue application can still tell your Apple Mac: I’m your El Capitan now
  – “iOS, macOS, tvOS, Safari, and anyone for some reason using iTunes on Windows – get patching”
• John Gruber links to and comments on David Barnard’s article on Gaming the App Store: “…it continues to surprise me that Apple hasn’t cracked down on all of these scams, especially the ones that trick people into paying for subscriptions […] The apps that sell your location data to third parties are a head-scratcher too…”
• Talking of which… Lawrence Abrams of Blinking Computer: Scam iOS Fitness Apps Steal Money Through Apple Touch ID

David Harley

Bleeping Computer: iPhone X, Galaxy S9, Xiaomi Mi6 Fall at Pwn2Own Tokyo – “iPhone X, Samsung Galaxy S9, and Xiaomi Mi6 all fell at the hands of hackers that found bugs in various components and crafted exploits that allowed complete take over of the targeted device.”

---

Tomáš Foltýn for ESET: Google’s data charts path to avoiding malware on Android
“How much higher are the odds that your device will be exposed to malware if you download apps from outside Google Play or if you use one of Android’s older versions? Google has the numbers”

---

Cyberscoop: Apple’s new security chip kills access to microphone – “In a security pamphlet released after Apple’s press event on Tuesday, the company revealed that the chip will completely cut off access to the device’s microphone when the MacBook lid is shut.”

---

The Register: Android fans get fat November security patch bundle – if the networks or mobe makers are kind enough to let ’em have it – “And Apple fixes Watch-killing security patch of its own”

---

Graham Cluley for BitDefender: Yes, you should update your iPhone to iOS 12.1, but its lock screen is *still* unsafe

John E. Dunn for Sophos: Another day, another update, another iPhone lock screen bypass

---

Sophos: Update now! Apple releases security fixes for iOS, MacOS, Safari, others

---

Brian Krebs: Busting SIM Swappers and SIM Swap Myths – “KrebsOnSecurity recently had a chance to interview members of the REACT Task Force, a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims.”

David Harley