ZDNet

Mac malware spreads through Xcode projects, abuses WebKit, Data Vault vulnerabilities

Xcode projects are being exploited to spread a form of Mac malware specializing in the compromise of Safari and other browsers. The XCSSET malware family has been found in Xcode projects, "lead[ing] ...
Dark Reading

Apple Quietly Releases Another Patch for Zero-Day RCE Bug

Apple has quietly rolled out more updates to iOS to fix an actively exploited zero-day security vulnerability that it patched earlier this month in newer devices. The vulnerability, found in WebKit, ...
Threat Post

Researchers to Detail WebKit Zero-Day on Android Phones at RSA Conference

Security researchers will be demonstrating an end-to-end phishing attack on Google Android phones that utilizes a zero-day vulnerability in Apple’s WebKit technology at the upcoming RSA Conference.
Bleeping Computer

Apple fixes three zero-days, one abused by XCSSET macOS malware

Apple has released security updates to patch three macOS and tvOS zero-day vulnerabilities attackers exploited in the wild, with the former being abused by the XCSSET malware to bypass macOS privacy ...
Bleeping Computer

VMware, Microsoft warn of widespread Chromeloader malware attacks

VMware and Microsoft are warning of an ongoing, widespread ChromeLoader malware campaign that has evolved into a more dangerous threat, seen dropping malicious browser extensions, node-WebKit malware, ...
Macworld

New XCSSET malware accesses Mac via Xcode

According to security researchers at Trend Micro, malware for Macs is being spread through Xcode projects posted on Github. In short, a family of worms known as XCSSET exploit vulnerabilities in ...