@objective-see.org.blog.html@rss-parrot.net
I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline! Brought to you by the RSS Parrot.
---
Site URL: objective-see.org/blog.html
Feed URL: objective-see.org/rss.xml
Posts: 10
Followers: 8
Catching macOS Stealers in the Wild
https://objective-see.org/blog/blog_0x88.html
Published: April 1, 2026 00:00
macOS stealers continue to be a pervasive threat! In this guest blog post, one of our #OBTS student scholars, Pablo Redondo Castro, shares the technical details of a macOS stealer (likely AMOS-related) he analyzed.
No Paste for You!
https://objective-see.org/blog/blog_0x87.html
Published: March 31, 2026 00:00
In macOS 26.4, Apple added ClickFix protections. In this post, we reverse macOS to uncover exactly how these protections are implemented, and whether we can replicate the same approach in our own tools.
ClickFix: Stopped at ⌘+V
https://objective-see.org/blog/blog_0x86.html
Published: March 27, 2026 00:00
You can now build macOS firewalls/network tools via Endpoint Security ...no Network Extension needed! In this post, we reverse macOS 26.4's new ES_EVENT_TYPE_RESERVED_* ES events shows some are network auth/notify hooks.
ClickFix: Stopped at ⌘+V
https://objective-see.org/blog/blog_0x85.html
Published: February 15, 2026 00:00
ClickFix represents a shift in attacker tradecraft, exploiting user trust rather than software vulnerabilities. In this post, we introduce a lightweight execution-boundary defense that intervenes at paste time to generically disrupt most ClickFix-style…
The Mac Malware of 2025
https://objective-see.org/blog/blog_0x84.html
Published: January 1, 2026 00:00
It's here! Our annual report on all the Mac malware of the year (2025 edition). Besides providing samples for download, we cover infection vectors, persistence mechanisms, payloads and more!
A Remote Pre-Authentication Overflow in LLDB's debugserver
https://objective-see.org/blog/blog_0x83.html
Published: December 8, 2025 00:00
In this guest blog post, Nathaniel Oh, details a recent bug he discovered and reported to Apple: a remote pre-authentication buffer overflow in LLDB’s debugserver, now patched as CVE-2025-43504.
Restoring Reflective Code Loading on macOS (Part II)
https://objective-see.org/blog/blog_0x82.html
Published: November 24, 2025 00:00
Let's continue our research into fully restoring reflective code loading on macOS — now with support for macOS 26 and in-memory Objective-C payloads. And what about detection? We cover that too!
[0day] From Spotlight to Apple Intelligence
https://objective-see.org/blog/blog_0x81.html
Published: September 15, 2025 00:00
Malicious Spotlight plugins can leak bytes from TCC-protected files. And while the core bug was publicly disclosed almost a decade ago, it's still present in macOS 26!
TCCing is Believing: Apple finally adds TCC events to Endpoint Security!
https://objective-see.org/blog/blog_0x7F.html
Published: March 27, 2025 00:00
Apple will bring TCC events to Endpoint Security in macOS 15.4. In this post, we covers details, nuances, and provide PoC code for the new 'ES_EVENT_TYPE_NOTIFY_TCC_MODIFY' event.
Leaking Passwords (and more!) on macOS
https://objective-see.org/blog/blog_0x7E.html
Published: March 20, 2025 00:00
In this guest blog post, researcher Noah Gregory shares the technical details of a bug he uncovered (that was subsequently patched by Apple as CVE-2024-5447).