TechRadar: Google Drive is flagging some macOS files for copyright violation

TechRadar: Google Drive is flagging some macOS files for copyright violation. “A disgruntled Reddit user recently reported that a ‘.DS_Store’ file on their Google Drive was flagged by the search giant for violating its copyright infringement policy. Apparently, this isn’t the first time this issue has been encountered as macOS users also reported experiencing similar problems last month.”

Ars Technica: Backdoor for Windows, macOS, and Linux went undetected until now

Ars Technica: Backdoor for Windows, macOS, and Linux went undetected until now. “The discovery is significant for several reasons. First, fully cross-platform malware is something of a rarity, with most malicious software being written for a specific operating system. The backdoor was also written from scratch and made use of four separate command-and-control servers, an indication that the people who developed and used it were part of an advanced threat actor that invested significant resources. It’s also unusual for previously unseen Linux malware to be found in a real-world attack.”

9to5 Mac: ‘OldOS’ developer launches new website that gives classic macOS widgets a new life

9to5 Mac: ‘OldOS’ developer launches new website that gives classic macOS widgets a new life. “The same developer behind the now incredibly popular ‘OldOS’ TestFlight app for iPhone, Zane Kleinberg, is back with a new tool that lets you use classic macOS widgets through a web browser. Kleinberg explained how classic macOS widgets, first introduced in Tiger, were made entirely out of HTML, CSS, and JavaScript. This enabled him to revive several old Apple-designed widgets, including calculator, world clock, unit converter, stickies, and the tile puzzle.”

Ars Technica: Webkit zero-day exploit besieges Mac and iOS users with malvertising redirects

Ars Technica: Webkit zero-day exploit besieges Mac and iOS users with malvertising redirects. “Attackers have bombarded the Internet with more than 1 billion malicious ads in less than two months. The attackers targeted iOS and macOS users with what were zero-day vulnerabilities in Chrome and Safari browsers that were recently patched, researchers said on Monday.”

Neowin: Google reveals “high severity” flaw in macOS kernel

Neowin: Google reveals “high severity” flaw in macOS kernel. “Google’s Project Zero team is well-known for its knack of finding security flaws in the company’s own products as well as those manufactured by other firms. Its members locate flaws in software, privately report them to the manufacturers, and give them 90 days to resolve the problem before publicly disclosing it. Last year, the team revealed vulnerabilities in Windows 10 S and Microsoft Edge. Now, it has exposed a ‘high severity’ flaw in macOS’ kernel.”

The Hacker News: Apple Removes Several Trend Micro Apps For Collecting MacOS Users’ Data

The Hacker News: Apple Removes Several Trend Micro Apps For Collecting MacOS Users’ Data. “Apple has removed almost all popular security apps offered by well-known cyber-security vendor Trend Micro from its official Mac App Store after they were caught stealing users’ sensitive data without their consent. The controversial apps in question include Dr Cleaner, Dr Cleaner Pro, Dr Antivirus, Dr Unarchiver, App Uninstall, Dr. Battery, and Duplicate Finder for Mac computers.”

Motherboard: Bugs Allowed Hackers to Make Malware Look Like Apple Software

Motherboard: Bugs Allowed Hackers to Make Malware Look Like Apple Software . “For years, hackers could hide malware alongside legitimate Apple code and sneak it past several popular third-party security products for Mac computers, according to new research. This is not a flaw in MacOS but an issue in how third-party security tools implemented Apple’s APIs. A researcher from security firm Okta found that several security products for Mac—including Little Snitch, xFence, and Facebook’s OSquery—could be tricked into believing malware was Apple code, and let it past their defenses.”

Hello Web Books: First free zine on command line basics has launched today!

Hello Web Books: First free zine on command line basics has launched today!. “Over the last few weeks, I’ve been working on a little project to go along with the Kickstarter campaign for Hello Web App (one week left!) I’ve punted around the idea of releasing little mini-books or zines on small ideas, like pairing fonts or working with git. Today I’m releasing my first project, A Really Friendly Command Line Intro for MacOS! For free! This is a great addition to Hello Web App (and will be bundled with it moving forward). I walk through all the basic UNIX/command line commands that a beginner might need to learn when they start coding for the first time.” The graphic for the project notes that Linux and Windows versions are “coming soon”.

Warning: A simple text message can crash iOS and macOS (BetaNews)

BetaNews: Warning: A simple text message can crash iOS and macOS. “The chaiOS bug, as it’s been dubbed, links to a page of code on GitHub. When the recipient clicks on the link, Apple’s Messages app freaks out, and ultimately crashes. Bugs like this are a nuisance rather than a genuine worry, and Apple does tend to roll out updates for such issues pretty quickly, so there’s a good chance it will be fixed in the near future.” I don’t think this has been weaponized, so it’s more of an “Oh boy this is annoying” issue than a security issue.

The Verge: Major Apple security flaw grants admin access on macOS High Sierra without password

The Verge: Major Apple security flaw grants admin access on macOS High Sierra without password. “There’s a major flaw in Apple’s macOS High Sierra operating system that allows anyone with physical access to a Mac to gain system administrator access without so much as entering a password. Late Tuesday, Apple confirmed that it’s working on a software update to fix the issue and published step-by-step instructions to help customers protect their machines in the meantime.”