Apple 0-Day allows hackers to mimic mouse-clicks for kernel access, despite mitigations.

A Black Hat talk demonstrates the ease of poking holes in firewalls: How to break, bypass and dismantle macOS firewall products.

Researcher brings Apple down to earth, addressing Mac malware questions and the company’s smart moves to bolster security.

Researchers demonstrate how an encrypted macOS hard drive can still leak unprotected data via the operating system’s Finder and QuickLook feature.

Apple rushed out an emergency patch that fixed an bug in High Sierra that revealed APFS volume passwords via the password hint feature.

The macOS Keychain attack, Signal’s new private contact discovery service, the Deloitte hack, and a handful of mobile stock trading app vulnerabilities are discussed.

Apple said that macOS’ native Gatekeeper security feature would protect against a Keychain attack disclosed this week, but researcher Patrick Wardle said that won’t help against Mac malware signed with an Apple certificate.

Researcher Patrick Wardle has discovered a critical vulnerability that allows an attacker to dump passwords in plaintext from the macOS Keychain. The vulnerability is in macOS High Sierra, Sierra and El Capitan, and has yet to be patched.

An insecure Apple authorization API is used by numerous popular third-party application installers and can be abused by attackers ro run code as root.

Mughthesec, a variant of the OperatorMac adware, has been turning hijacked Macs into revenue-generating machines for the authors.