serisec

Category: macOS

  • Singer loses life savings to fake wallet downloaded from the Apple App Store

    Singer loses life savings to fake wallet downloaded from the Apple App Store If you hold cryptocurrency, there’s a very simple golden rule that you should always follow. Never hand over your seed phrase. Garrett Dutton, better known as G. Love – the front man of blues-hip-hop outfit G. Love & Special Sauce – has…

  • Critical ExifTool Flaw Lets Malicious Images Trigger Code Execution on macOS

    Critical ExifTool Flaw Lets Malicious Images Trigger Code Execution on macOS A newly discovered vulnerability is challenging the long-held belief that macOS systems are inherently immune to malware. Security researchers from Kaspersky’s Global Research and Analysis Team (GReAT) have identified a critical flaw that allows threat actors to execute malicious code on Macs simply by…

  • New MacSync Stealer Uses Signed macOS App to Evade Gatekeeper and Steal Data

    New MacSync Stealer Uses Signed macOS App to Evade Gatekeeper and Steal Data Cybersecurity researchers have discovered a new variant of the MacSync malware targeting macOS users. Unlike previous versions that relied on complex ClickFix techniques, this iteration masquerades as a legitimately signed, notarised Apple application, thereby bypassing macOS Gatekeeper security and stealing sensitive data.…

  • PoC Exploit Released for macOS CVE-2025-31258 Vulnerability Bypassing Sandbox Security

    PoC Exploit Released for macOS CVE-2025-31258 Vulnerability Bypassing Sandbox Security A proof-of-concept (PoC) exploit has been released for a recently patched vulnerability in Apple’s macOS operating system, tracked as CVE-2025-31258.  The flaw could allow malicious applications to break out of the macOS sandbox protection mechanism, potentially giving attackers access to sensitive system resources and user…

  • Docker Registry Vulnerability Lets MacOS Users Pull Images from Any Registry

    Docker Registry Vulnerability Lets MacOS Users Pull Images from Any Registry A newly disclosed vulnerability in Docker Desktop’s Registry Access Management (RAM) feature has left macOS users vulnerable to unauthorized image pulls, undermining critical container security controls.  Designated CVE-2025-4095, the flaw allows developers to bypass registry restrictions enforced by administrators, potentially exposing organizations to malicious…

  • Smashing Security podcast #399: Honey in hot water, and reset your devices

    Smashing Security podcast #399: Honey in hot water, and reset your devices Ever wonder how those “free” browser extensions that promise to save you money actually work? We dive deep into the controversial world of Honey, the coupon-finding tool owned by PayPal, and uncover a scheme that might be leaving you with less savings and…