Apple's 'fix' for a macOS kernel panic, fixes nothing and worse, introduces a new bug.

The macOS kernel had an (intentional?) off-by-one bug that could trigger a kernel panic.

Let's analyse the malware that appeared in 2016, discussing the infection vector, persistence mechanism, feature, and disinfection for each.

Apple's App Translocation broke several of my tools, but we can locally undo it to restore broken functionality!

Turns out that writing security tools is a great way to inadvertently uncover bugs in macOS. How about a crash in Apple's 'Security' framework ... that can't be good!?

In this guest blog post my friend Mikhail Sosonkin reverses Apple's screencapture utility, discusses Mac malware that captures desktop images, and suggests methods for screen-capture detection!

The macOS sandbox is seeks to prevent malicious applications from surreptitiously spy on unsuspecting users. Turns out, it's trivial to sidestep some of these protections, resulting in significant privacy implications!

If you can programmatically generate synthetic mouse clicks, you can break macOS! Approving kernel extensions, dismissing privacy alerts, and much more more...

I uncovered a new cross-platform backdoor that provides remote attackers persistent access to infected systems

Learn how a Finder Sync can 'extend' Finder.app and how this could be abused for persistence

Apple wrote code to appease the Chinese government ...it was buggy. In certain configurations, iOS devices were vulnerable a "emoji-related" flaw that could be triggered remotely!

How to verify that an application came from the official Mac App Store, via receipt validation