This page collects WhisperX intelligence signals tagged #MacOS. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security flaw has been identified in the Tailscale macOS application, exposing an internal XPC service to any local program. The service, named "Downloader," lacks the mandatory `SMAuthorizedClients` validation, effectively removing the authentication barrier. This omission allows any application running on ...
Apple has officially approved a driver that enables Nvidia external GPUs (eGPUs) to work with its Arm-based Mac computers, a significant shift in its hardware ecosystem strategy. This move ends a multi-year period where Nvidia's powerful graphics hardware was effectively locked out of the modern Mac platform, forcing u...
OpenTelemetry Go SDK 被曝存在一个关键的安全漏洞,允许攻击者在 macOS 系统上劫持执行路径。该漏洞被追踪为 CVE-2026-24051,影响范围覆盖从 v1.20.0 到 v1.39.0 的所有版本。漏洞根源于 SDK 的资源检测代码,具体位于 `sdk/resource/host_id.go` 文件中,其在 macOS/Darwin 系统上执行时存在不受信任的搜索路径问题。这为潜在的攻击者提供了可乘之机,可能通过操纵系统路径来执行恶意代码。 该漏洞的核心在于资源检测逻辑的缺陷。当 SDK 在受影响的版本中运行时,其用于获取主机标识符的代码路径可能被恶意利用。虽然漏洞详情在当前的 PR 描述中被平台限制截...
Two high-severity vulnerabilities have been flagged in terminal applications, posing a significant remote code execution risk. The first, CVE-2002-1898 (CVSS 7.2), is a legacy flaw in Apple Mac OS X 10.2's Terminal.app that allows attackers to execute arbitrary commands via malicious `telnet://` links. The second, CVE-...
오픈AI가 맥OS용 챗GPT 데스크톱 앱을 포함한 주요 애플리케이션의 서명 인증서를 긴급히 전면 교체했다. 이는 앱 서명 과정에 사용된 외부 개발 도구 '액시오스'(Axios)에서 3월 말경 침해 정황이 확인되자 취한 선제적 보안 조치다. 인증서 교체는 해당 도구를 통해 악성 코드가 유입될 가능성에 대한 직접적인 대응으로, 사용자 시스템의 보안 위협을 차단하기 위한 목적이었다. 오픈AI는 지난주 후반 배포한 업데이트를 통해 이번 사건을 공개했다. 문제의 서드파티 도구 액시오스는 애플리케이션과 서버 간 통신을 관리하는 라이브러리로, 이 도구의 침해는 앱 빌드 및 서명...
An open-source, two-tier personal defense system named SHIELD has been published, explicitly designed as a real-world daily-use tool against a capable adversary with both remote and physical-proximity attack capabilities. The project, hosted on GitHub, is described as "not a toy" and is built to provide a comprehensive...
Компания OpenAI вынуждена отозвать и обновить сертификаты для подписи своих приложений под macOS. Причиной стала компрометация в цепочке поставок: скомпрометированная версия популярного npm-пакета Axios попала в рабочий процесс разработки OpenAI. Этот инцидент демонстрирует, как уязвимость в сторонней библиотеке может ...
Когда вы делаете скриншот Netflix или демонстрируете экран в Zoom, вместо видео появляется чёрный прямоугольник. Это не магия и не защита кодека, а один документированный флаг в оконном API, который сообщает системе: «это окно не должно попадать в захваченные кадры». Механизм работает в менеджерах паролей, банковских к...
OpenAI не просто обновила Codex для Mac — она внедрила в него технологию, которая меняет представление о том, как ИИ может управлять компьютером. Ключевым нововведением стал инструмент, позволяющий Codex взаимодействовать с несколькими программами macOS одновременно в фоновом режиме, используя «параллельные курсоры». Э...
Eine Sicherheitsanalyse von Golem.de zeigt, dass die Claude-Desktop-Anwendung von Anthropic auf macOS Native Messaging Hosts in Chromium-basierte Browser anlegt – und zwar auch für Browser, die zum Zeitpunkt der Installation noch gar nicht vorhanden sind. Die App erstellt demnach Konfigurationsdateien im Dateisystem, d...
Security researchers have identified a sophisticated cross-platform malware campaign, tracked as CRPx0, that exploits the promise of free OnlyFans content to compromise macOS and Windows machines, with evidence suggesting Linux capabilities remain under active development. The campaign demonstrates a level of technical...
Mac users are being targeted through fake search engine results that impersonate Anthropic's Claude AI assistant, Malwarebytes researchers warned. The campaign employs the ClickFix social engineering technique, instructing victims to open Terminal and paste a base64‑encoded command — a delivery method increasingly favo...