Arin Waichulis is a security writer for 9to5Mac and the Director of Social Media for the 9to5 family of sites (9to5Mac, Electrek, 9to5Google, DroneDJ, Space Explored, 9to5Toys).
In iOS 18, Apple spun off its Keychain password management tool—previously only tucked away in Settings—into a standalone app called Passwords. It was the company’s first move at making credential management more convenient for users. It’s now been revealed that a serious HTTP bug left Passwords users vulnerable to phishing attacks for nearly three months, from the initial release of iOS 18 until the patch in iOS 18.2.
Whether you own a Mac personally or manage a fleet with enterprise endpoint software like Mosyle, there’s a good chance you have scores of old unsecured wireless networks saved—Wi-Fi points that don’t require authentication. Common places where users connect and save these networks could be Starbucks (often “Starbucks WiFi”) and airports (like “Airport Guest”).
So, the risk? Attackers can exploit this by setting up rogue access points with the same SSIDs, tricking your device into connecting automatically. To prevent spoofing attacks like this, you can automate the removal of common SSIDs using the following script below!
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
One of the greatest benefits of Touch ID on Mac is rarely having to type your password when making purchases, signing into apps, and, of course, unlocking the device. It might be ancient technology to the iPhone at this point, but it continues to be a default luxury on Mac. If you frequent Terminal, you’ll be glad to know you can also authenticate as administrator with Touch ID for all the sudo goodness with one tap.
Imagine you’re on your way to dinner, walking down a decently busy street during the day. You’re using your new iPhone 16 Pro for directions before, out of nowhere, a masked individual on an e-bike whips around to your side and snatches your Desert Titanium baby and zooms off. All in seconds. This sounds like a one-off insane situation, but this is precisely what happened to Dimitar Stanimiroff last week in London, England. And he’s not alone…
The most recent statistics say a phone is stolen on average every 6 minutes in London, or about 64,000 annually. It’s so common that the City of London Police deployed special task forces to snuff out these gangs and even had to publish a blog post explaining how to protect your mobile device in public.
Over the years, Apple has made impressive strides in implementing anti-theft measures like Activation Lock and inadvertent “parts pairing” rules. These features and others are meant to deter thieves and minimize situations like Stanimiroff’s. Is it enough?
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
Tired of hearing about DeepSeek yet? The China-based LLM chatbot beached itself onto the scene this week, dominating the tech news cycle and even taking #1 on the App Store, where it still sits as of writing. However, its rapid popularity has led to a wave of new phishing campaigns, investment scams, and macOS malware disguised as real DeepSeek applications. Here’s the latest.
You’re reading 9to5MacSecurity Bite, where each week, I share insights on data privacy, discuss the latest vulnerabilities, and shed light on emerging threats within Apple’s vast ecosystem of over 2 billion active devices.
On this day 41 years ago, Apple’s first Macintosh went on sale, just two days after being introduced to the world during a commercial break in the third quarter of Super Bowl XVIII. Although “1984” became a cultural phenomenon and a watershed moment for product launches, Apple’s Board of Directors was against it from the start. Here’s how the legendary ad almost didn’t air…
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
Last weekend, Google was found again serving a malicious website at the top of Search as a sponsored result. This isn’t the first time Google Ads has approved websites with embedded malware; in fact, the first instance of this goes back to 2007 when the platform (then called Google AdWords) was promoting fake antivirus software widely referred to as “scareware” at the time. But how, in 2025, can Google, with its DeepMind and deeper pockets, still allow this to happen? How are hackers outsmarting it?
This week, I want to briefly discuss this new campaign and how they were likely able to pull it off.
Security Bite is a weekly security-focused column on 9to5Mac. Each week, I share insights on data privacy, discuss the latest vulnerabilities, and shed light on emerging threats within Apple’s vast ecosystem of over 2 billion active devices.
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
Between the rapid news cycle around the TikTok ban, the vulnerability found in the iPhone’s USB-C port controller, and the overruling of net neutrality protections (again), it’s felt like a rollercoaster of a month so far. But this week, I want to step back and share what’s on my growing reading list for this year, as well as some other resources that I recommend for those just starting their Apple security journey in 2025.
Security Bite is a weekly security-focused column on 9to5Mac. Each week, I share insights on data privacy, discuss the latest vulnerabilities, and shed light on emerging threats within Apple’s vast ecosystem of over 2 billion active devices.
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
A new report from Check Point Research details how a new variant of the infamous Banshee stealer malware from Russian-speaking cybercriminals takes a page from Apple’s own security practices to evade detection. The malware remained undetected for over two months by cleverly incorporating the same encryption methods as Mac’s XProtect antivirus detection suite.
If you’re an avid reader of Security Bite, you’ve heard me say (more than once) that malware stealers, usually through malware-as-a-service (MaaS) business models, are currently the largest threat to Mac users. They’re destructive, targeting your iCloud Keychain passwords, cryptocurrency wallets, sensitive information from files, and even system passwords like a stealthy low-orbiting ion canon. Cybercriminals will often embed this malicious code in seemingly legitimate applications as a ploy to infect machines.
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
I’ve been a CleanMyMac subscriber for nearly a decade, and I’ve been truly impressed by the app’s recent focus on providing Mac users with simple yet effective malware detection and prevention features. So, when MacPaw offered to fly me out to Kyiv, Ukraine, to meet and interview the folks leading Moonlock, its cybersecurity division, I jumped at the opportunity.
This interview is divided into three parts: About Moonlock, the technology behind the Moonlock Engine, and what’s planned for the future.
Disclosure: Ukraine is a country at war. Many members of the Moonlock team also aid in the defense of their country, so false names may be used below to protect their identity. Some parts of the transcript were edited for clarity.
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
The Mac-infecting Realst crypto stealer is back. It’s been over a year since the malware emerged as a tool for cybercriminals to drain cryptocurrency from wallets and steal other credentials. It was initially disseminated through fake blockchain games, as I reported at the time. However, it now appears to be directed at Web3 developers in a targeted spear-phishing campaign.
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
Last week, I received an interesting report from the security research arm of the popular Apple device management software firm Jamf that detailed a serious but now-patched iOS and macOS vulnerability. The finding was under embargo, but today, I can finally talk about it.
Jamf Threat Labs uncovered a significant vulnerability in Apple’s iOS Transparency, Consent, and Control (TCC) subsystem on iOS and macOS that could allow malicious apps to access sensitive user data completely unnoticed without triggering any notifications or user consent prompts.
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
Each year, Moonlock Lab, the cybersecurity research wing of MacPaw, releases an annual report detailing the current state of the macOS threat landscape. On Tuesday, Moonlock Lab released its 2024 Threat Report, detailing how AI tools like ChatGPT are helping to write malware scripts, the shift to Malware-as-a-Service (MaaS), and other interesting statistics it’s seeing through internal data.
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
In this week’s special edition of Security Bite, Mosyle, a leader in Apple Device Management and Security, has exclusively revealed to 9to5Mac details on a new family of Mac malware loaders. Mosyle’s Security Research team discovered these new threats are written in unconventional programming languages and use several other sneaky techniques to evade detection.
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
Corvus, one of the leading cyber insurance providers, has published its quarterly Cyber Threat Report for Q3 2024, focused on the shifting ransomware landscape. While the rising number of ransomware attacks should be no surprise to anyone, the report outlines how cybercriminals are becoming more competitive and adopting more aggressive strategies rather than waiting for the next mass-exploit event.
It’s a little-known fact that before emails reach your inbox, they pass through a buffer designed to scan and block malicious content. However, over time, email providers—especially Gmail—have shifted their focus to just adding “warning labels” to those with suspicious links or attachments. This approach, best described as “beating around the bush” hasn’t reduced threats much at all. Shockingly, 91% of all cyberattacks still originate from emails. So, what gives?
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
This week, I want to share a fascinating talk I came across on social media about an Apple service that doesn’t seem to get as much attention in the community: CarPlay. While Apple has not publicly disclosed the exact number of CarPlay users, I’d venture to say it’s one of its most used services. And one of the biggest concerns is anything that could compromise driver safety or privacy. So, how secure is CarPlay?
Last week, we invited the 9to5Mac community on social media to share their best iPhone 16 Pro shots with us. We received hundreds of awe-inspiring replies that showcased the camera system’s capability. Here’s a handful that stood out as the best iPhone 16 Pro pictures I’ve seen yet.
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
Private Cloud Compute (PCC), the computational powerhouse behind Apple Intelligence, was unveiled months back at WWDC24 as Apple’s new privacy-focused cloud infrastructure. At the same time, the company stated it would periodically release subsets of PCC source code for independent review. After some wait, 9to5Macreported last week that many of its resources are now available to everyone. Here’s what’s included.
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
In possibly a first since the release of macOS Sequoia, cybersecurity researchers have identified a new attack vector that sidesteps the usual “right-click, open” in favor of something rather unusual. In a recent finding shared on social media, this new method involves tricking users into dragging and dropping malicious code (via a .txt file) directly into the Terminal.
MacPaw has unveiled a major (and shiny) new update to its flagship product, CleanMyMac, a go-to app for optimizing, cleaning, and protecting Macs. The first thing you’ll notice is that the sidebar has been dramatically simplified to just six main modules for easier navigation.
However, this didn’t come at the cost of new features. Along with a redesigned interface, CleanMyMac now comes packed with more personalized Mac Health reports, enhanced privacy protections, and smart optimization tools, like duplicate file management.
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
I’m in the midst of traveling to Ukraine this week for OFTWv2.0, and I can’t help but think about the comments on last week’s edition of Security Bite defending the VPN apps that still exist on the App Store in Russia. While almost every app from legitimate providers in the country has been removed, Russian users can still find a surplus of VPN options claiming to offer secure encryption and private browsing. The only question being–really?
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
Since Russia’s full-scale assault on Ukraine, Apple has significantly scaled back its operations in the country. It has since suspended all product sales and limited certain services, such as Apple Pay. Despite this, Apple continues to operate a full-fledged App Store in Russia. However, it’s now facing worthy criticism for complying with Russian government requests to remove VPN apps to adhere to local regulations–censorship.
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform.Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
On Monday, Apple released its latest iteration of Mac’s operating system, macOS Sequoia. The new update introduced tighter control over app permissions and an overhaul to Gatekeeper, among other features. However, according to TechCrunch, it now appears to be disrupting security tools made by CrowdStrike, SentinelOne, and Microsoft. Social media users are also reporting connection failures with third-party VPNs.
Update (10/2): Thursday’s release of macOS 15.0.1 fixes the underlying networking issues that plagued certain security software in the initial release of macOS 15.
