Most #macOS devs often underestimate #Apple #TCC. I used to—until I wrote #malware and hit that wall. TCC is the last line protecting users even after compromise. In my latest post, I explain why vendors should care. Enjoy! afine.com/threat-of-tcc-…

Security & Usability are often (unfortunately) at odds with each other. Here's a (hilarious) example: Apparently: "if you send an audio message (via iMsg) that includes “Dave and Buster's” the message will never be received" 👀 ...cuz of BlastDoor 😂 rambo.codes/posts/2025-05-…

Stoked for #OFTW v3.0 in London! Know any students that might be interested? Please share! 🙏🏽

Fantastic opportunity for students to kickstart their macOS security knowledge & career cc Abertay Hackers Division of Cybersecurity Edinburgh Napier University Security Society SIGINT Leeds Hacking Soc BSides London BSides Scotland Hack Glasgow SteelCon

Excited for the next OFTW! Share/Apply, will be fun. Will be doing an arm64 training. :)

Great opportunity for students and beginners who are interested in macOS/iOS security 🔥

This is going to be a lot of fun! 🍎 I'll be talking about macOS tradecraft and internal red teaming more generally. Attendance is completely free and gives access to the talks and trainings. If you're a student or are starting your career in security, check it out! 🤙

Stoked for Jaron Bradley's soon to be released 2nd-book: "Threat Hunting macOS" 😍📚 (And was honored to write its forward). Jaron is an outstanding researcher, speaker, trainer, & friend, and this book will become an essential macOS security resource. linkedin.com/feed/update/ur…

Always love a deep dive into (Apple) heap internals 🙌🏽 Thanks for sharing this research Dataflow Security 🙏🏽 blog.dfsec.com/ios/2025/05/30…

Stoked to be hosting an introductory macOS malware analysis workshop at the "Malware Village" at DEF CON! 👨🏻‍🏫🍏🐛👾 #defcon33 Space is limited, so if you're interested (and want some free books too!), apply via the Malware Village form: forms.gle/Ruy7FyCe8fcHdh…

Makes sense: 1️⃣ Apple scans for malware before notarizing. 2️⃣ If malware slips through, they can revoke the notarization ticket (that is checked at every launch). (No way XProtect sigs are better than Apple's initial notarization scans anyway)

macOS Tahoe brings a new disk image format eclecticlight.co/2025/06/12/mac… via Howard Oakley, Eclectic Light Co

ICYMI, yesterday we released a report providing a first look at how we found traces of spyware on two journalists' iPhones, traces which we can attribute with high confidence to Paragon's Graphite spyware: citizenlab.ca/2025/06/first-…

My next book is open for pre-orders!!! I have included the first two chapters in audiobook form for free. You can listen to them now on my website or you can listen and read the sample on Apple Books. Looking forward to getting it into your hands. themittenmac.com/threat-hunting…

1/8: Our team investigated yet another #macOS #stealer hidden behind a fake CleanMyMac website. It all started with an impersonating domain: cleanmymacpro[.]net, and resulted in a chain of hidden requests. Here’s how the malware is delivered and what tricks are used 👇

Not only is Huntress a generous supporter of our Foundation, they also consistently publish top-notch research on emerging macOS threats 🤩 Their latest (by alden & Stuart Ashenbrenner 🇺🇸 🇨🇦): "Feeling Blue(Noroff): Inside a Sophisticated DPRK Web3 Intrusion": huntress.com/blog/inside-bl…

⏳ Just one week left to submit your talk to #OBTS v8 objectivebythesea.org/v8/cfp.html (CFP closes June 30th). We’ve expanded to 3 days of talks this year, making room for even more cutting-edge research +  first-time speakers. So submit your Apple security-themed proposal today!

A big mahalo to Fleet (and Mike McNeil) 🙏🏽