The macOS Keychain attack, Signal’s new private contact discovery service, the Deloitte hack, and a handful of mobile stock trading app vulnerabilities are discussed.

Apple said that macOS’ native Gatekeeper security feature would protect against a Keychain attack disclosed this week, but researcher Patrick Wardle said that won’t help against Mac malware signed with an Apple certificate.

Researcher Patrick Wardle has discovered a critical vulnerability that allows an attacker to dump passwords in plaintext from the macOS Keychain. The vulnerability is in macOS High Sierra, Sierra and El Capitan, and has yet to be patched.

An insecure Apple authorization API is used by numerous popular third-party application installers and can be abused by attackers ro run code as root.

Apple fixed 66 vulnerabilities – many found at March’s Pwn2Own competition – across seven product lines, including Safari, iTunes, macOS, and iOS, on Monday.

RSA 2017 is previewed and last week’s report on iOS apps being vulnerable to interception attacks, macro malware coming to MacOS, and new Uber open source module are discussed.

Apple released a massive update for macOS Sierra on Tuesday to address 72 vulnerabilities in the operating system.

Apple fixed dozens of vulnerabilities in its software on Monday, including 60 vulnerabilities in its operating system, OS X, and 43 in its mobile operating system, iOS. The OS X update graduates the desktop and server operating system to OS X El Capitan v10.11.6 and applies to anyone running OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, or OS X...

At last week’s Apple Worldwide Developer Conference, Apple announced some security upgrades around Gatekeeper and a new filesystem that includes native support for encryption. Mac hacker Patrick Wardle, director of research at Synack, explains whether this a big deal and how the upgrades address some problems he’d disclosed to Apple. Download: Patrick_Wardle_on_MacOS_Gatekeeper_Security.mp3 Music by Chris Gonsalves