Here, we reverse, then ‘extend’ a popular macOS anti-virus engine. With the creation of a new anti-virus signature, classified documents

Turns out the innocuously named “Calendar 2” app, found on the official Mac App Store, was surreptitiously turning Mac into

Are full paths and preview thumbnails for files even on encrypted containers and removable usb devices really persistently stored? …yes

In this guest blog post my friend Mikhail Sosonkin reverses Apple’s screencapture utility, discusses Mac malware that captures desktop images,

Analyzing code within the macOS kernel audit subsystem uncovered an exploitable heap overflow.Objective-See’s BlogRead More

I uncovered a new cross-platform backdoor that provides remote attackers persistent access to infected systemsObjective-See’s BlogRead More

The EFF/Lookout discovered a cross-platform implant, named CrossRat with ties to nationstate operators. Here, we tear it apart; analyzing its

A 0day logic flaw in Microsoft Excel leads to ‘remote’ code execution on macOS, via malicious macros.Objective-See’s BlogRead More

A 0day logic flaw in Microsoft Excel leads to ‘remote’ code execution on macOS, via malicious macros.Objective-See’s BlogRead More

The APT group WindShift has been targeting Middle Eastern governments with Mac implants. Let’s (continue to) analyze their 1st-stage macOS

@CodeColorist continues writing about bugs, such as CVE-2019-8521 and CVE-2019-8565 that provide a mechanism to elevate privileges to root on

In part one of a guest blog post, @CodeColorist writes about several neat macOS vulnerabilities.Objective-See’s BlogRead More

In this guest blog post my friend Mikhail Sosonkin reverses Apple’s screencapture utility, discusses Mac malware that captures desktop images,

OSX/MaMi (the first Mac malware of 2018) hijacks infected users’ DNS settings and installs a malicious certificate into the System

The Lazarus group’s latest implant/loader supports in-memory loading of 2nd-stage payloads. In this post we describe exactly how to repurposing

Let’s tear apart a persistent piece of adware, decompiling, decoding, and decompressing it’s code to uncover its methods and capabilities.Objective-See’s

Recently, an attacker targeted (Mac) users via a Firefox 0day. In this first post, we triage and identify the malware

Yet another a massive security flaw affects the latest version of macOS (High Sierra), allowing anybody to log into the

High Sierra suffered from a nasty bug (CVE-2017-7149) that afforded local attackers access to the contents of encrypted APFS volumes.Objective-See’s

A new ‘security’ feature in macOS 10.13, is trivial to bypass.Objective-See’s BlogRead More

Some undetected adware named “Mughthesec” is infecting Macs…let’s check it out!Objective-See’s BlogRead More

Looks like somebody on the ‘dark web’ is offering ‘Ransomware as a Service’…that’s designed to infect Macs!Objective-See’s BlogRead More

Analysis of OSX/Proton.B reveals some interesting tricks plus a command file that can be decrypted to reveal the malware’s capabilitiesObjective-See’s

Turns out the innocuously named “Calendar 2” app, found on the official Mac App Store, was surreptitiously turning Mac into

Analyzing code within the macOS kernel audit subsystem uncovered an exploitable heap overflow.Objective-See’s BlogRead More

I uncovered a new cross-platform backdoor that provides remote attackers persistent access to infected systemsObjective-See’s BlogRead More

The EFF/Lookout discovered a cross-platform implant, named CrossRat with ties to nationstate operators. Here, we tear it apart; analyzing its

On my flight to ShmooCon, I managed to panic my fully-patched MacBook. Here we analyze the kernel panic report, finding

OSX/MaMi (the first Mac malware of 2018) hijacks infected users’ DNS settings and installs a malicious certificate into the System

Let’s look at all the mac malware from 2017, for each – discussing their infection vector, persistence mechanism, features &

Here, we reverse, then ‘extend’ a popular macOS anti-virus engine. With the creation of a new anti-virus signature, classified documents

In this guest blog post my friend Mikhail Sosonkin reverses Apple’s screencapture utility, discusses Mac malware that captures desktop images,

The EFF/Lookout discovered a cross-platform implant, named CrossRat with ties to nationstate operators. Here, we tear it apart; analyzing its

NSLog(@”Hello World”); Objective-See.com is alive!Objective-See’s BlogRead More

High Sierra suffered from a nasty bug (CVE-2017-7149) that afforded local attackers access to the contents of encrypted APFS volumes.Objective-See’s

A new ‘security’ feature in macOS 10.13, is trivial to bypass.Objective-See’s BlogRead More

Some undetected adware named “Mughthesec” is infecting Macs…let’s check it out!Objective-See’s BlogRead More

Looks like somebody on the ‘dark web’ is offering ‘Ransomware as a Service’…that’s designed to infect Macs!Objective-See’s BlogRead More

Recently, the popular MacUpdate website was subverted to distribute a new macOS cryptominer; OSX/CreativeUpdater.Objective-See’s BlogRead More

Here, we reverse, then ‘extend’ a popular macOS anti-virus engine. With the creation of a new anti-virus signature, classified documents

Let’s look at all the mac malware from 2017, for each – discussing their infection vector, persistence mechanism, features &

Yet another a massive security flaw affects the latest version of macOS (High Sierra), allowing anybody to log into the

Analysis of OSX/Proton.B reveals some interesting tricks plus a command file that can be decrypted to reveal the malware’s capabilitiesObjective-See’s

OSX/MaMi (the first Mac malware of 2018) hijacks infected users’ DNS settings and installs a malicious certificate into the System

Are full paths and preview thumbnails for files even on encrypted containers and removable usb devices really persistently stored? …yes

In this guest blog post my friend Mikhail Sosonkin reverses Apple’s screencapture utility, discusses Mac malware that captures desktop images,

The macOS sandbox is seeks to prevent malicious applications from surreptitiously spy on unsuspecting users. Turns out, it’s trivial to

A 0day logic flaw in Microsoft Excel leads to ‘remote’ code execution on macOS, via malicious macros.Objective-See’s BlogRead More

Looks like somebody on the ‘dark web’ is offering ‘Ransomware as a Service’…that’s designed to infect Macs!Objective-See’s BlogRead More

Analysis of OSX/Proton.B reveals some interesting tricks plus a command file that can be decrypted to reveal the malware’s capabilitiesObjective-See’s

Here, we reverse, then ‘extend’ a popular macOS anti-virus engine. With the creation of a new anti-virus signature, classified documents

Let’s look at all the mac malware from 2017, for each – discussing their infection vector, persistence mechanism, features &

High Sierra suffered from a nasty bug (CVE-2017-7149) that afforded local attackers access to the contents of encrypted APFS volumes.Objective-See’s

A new ‘security’ feature in macOS 10.13, is trivial to bypass.Objective-See’s BlogRead More

Some undetected adware named “Mughthesec” is infecting Macs…let’s check it out!Objective-See’s BlogRead More

The EFF/Lookout discovered a cross-platform implant, named CrossRat with ties to nationstate operators. Here, we tear it apart; analyzing its

On my flight to ShmooCon, I managed to panic my fully-patched MacBook. Here we analyze the kernel panic report, finding

OSX/MaMi (the first Mac malware of 2018) hijacks infected users’ DNS settings and installs a malicious certificate into the System

A 0day logic flaw in Microsoft Excel leads to ‘remote’ code execution on macOS, via malicious macros.Objective-See’s BlogRead More

Yet another a massive security flaw affects the latest version of macOS (High Sierra), allowing anybody to log into the

Turns out the innocuously named “Calendar 2” app, found on the official Mac App Store, was surreptitiously turning Mac into

Analyzing code within the macOS kernel audit subsystem uncovered an exploitable heap overflow.Objective-See’s BlogRead More

I uncovered a new cross-platform backdoor that provides remote attackers persistent access to infected systemsObjective-See’s BlogRead More

The macOS sandbox is seeks to prevent malicious applications from surreptitiously spy on unsuspecting users. Turns out, it’s trivial to

In part one of a guest blog post, @CodeColorist writes about several neat macOS vulnerabilities.Objective-See’s BlogRead More

Turns out the innocuously named “Calendar 2” app, found on the official Mac App Store, was surreptitiously turning Mac into

Analyzing code within the macOS kernel audit subsystem uncovered an exploitable heap overflow.Objective-See’s BlogRead More

I uncovered a new cross-platform backdoor that provides remote attackers persistent access to infected systemsObjective-See’s BlogRead More

Are full paths and preview thumbnails for files even on encrypted containers and removable usb devices really persistently stored? …yes

In this guest blog post my friend Mikhail Sosonkin reverses Apple’s screencapture utility, discusses Mac malware that captures desktop images,

OSX/MaMi (the first Mac malware of 2018) hijacks infected users’ DNS settings and installs a malicious certificate into the System

Some undetected adware named “Mughthesec” is infecting Macs…let’s check it out!Objective-See’s BlogRead More

Looks like somebody on the ‘dark web’ is offering ‘Ransomware as a Service’…that’s designed to infect Macs!Objective-See’s BlogRead More

Analysis of OSX/Proton.B reveals some interesting tricks plus a command file that can be decrypted to reveal the malware’s capabilitiesObjective-See’s

Recently, the popular MacUpdate website was subverted to distribute a new macOS cryptominer; OSX/CreativeUpdater.Objective-See’s BlogRead More

NSLog(@”Hello World”); Objective-See.com is alive!Objective-See’s BlogRead More

Here, we reverse, then ‘extend’ a popular macOS anti-virus engine. With the creation of a new anti-virus signature, classified documents

Let’s look at all the mac malware from 2017, for each – discussing their infection vector, persistence mechanism, features &

A massively popular iOS application turns out to be a government spy tool! Here, we analyze the app; decrypting its

Yet another a massive security flaw affects the latest version of macOS (High Sierra), allowing anybody to log into the

High Sierra suffered from a nasty bug (CVE-2017-7149) that afforded local attackers access to the contents of encrypted APFS volumes.Objective-See’s

A new ‘security’ feature in macOS 10.13, is trivial to bypass.Objective-See’s BlogRead More

Here, we reverse, then ‘extend’ a popular macOS anti-virus engine. With the creation of a new anti-virus signature, classified documents

Let’s look at all the mac malware from 2017, for each – discussing their infection vector, persistence mechanism, features &

The EFF/Lookout discovered a cross-platform implant, named CrossRat with ties to nationstate operators. Here, we tear it apart; analyzing its

On my flight to ShmooCon, I managed to panic my fully-patched MacBook. Here we analyze the kernel panic report, finding

OSX/MaMi (the first Mac malware of 2018) hijacks infected users’ DNS settings and installs a malicious certificate into the System

Are full paths and preview thumbnails for files even on encrypted containers and removable usb devices really persistently stored? …yes

In this guest blog post my friend Mikhail Sosonkin reverses Apple’s screencapture utility, discusses Mac malware that captures desktop images,

Analyzing code within the macOS kernel audit subsystem uncovered an exploitable heap overflow.Objective-See’s BlogRead More

I uncovered a new cross-platform backdoor that provides remote attackers persistent access to infected systemsObjective-See’s BlogRead More

Turns out the innocuously named “Calendar 2” app, found on the official Mac App Store, was surreptitiously turning Mac into

Yet another a massive security flaw affects the latest version of macOS (High Sierra), allowing anybody to log into the

Are full paths and preview thumbnails for files even on encrypted containers and removable usb devices really persistently stored? …yes

High Sierra suffered from a nasty bug (CVE-2017-7149) that afforded local attackers access to the contents of encrypted APFS volumes.Objective-See’s

A new ‘security’ feature in macOS 10.13, is trivial to bypass.Objective-See’s BlogRead More

Some undetected adware named “Mughthesec” is infecting Macs…let’s check it out!Objective-See’s BlogRead More

Looks like somebody on the ‘dark web’ is offering ‘Ransomware as a Service’…that’s designed to infect Macs!Objective-See’s BlogRead More

Analysis of OSX/Proton.B reveals some interesting tricks plus a command file that can be decrypted to reveal the malware’s capabilitiesObjective-See’s

Recently, the popular MacUpdate website was subverted to distribute a new macOS cryptominer; OSX/CreativeUpdater.Objective-See’s BlogRead More