Apple is making significant updates to Safari Private Browsing, which will provide users with enhanced protections against third-party trackers while they browse the internet.

The manufacturer of the iPhone stated, “Advanced fingerprinting and tracking protections go even further to help prevent websites from using the latest techniques to track or identify a user’s device.”

“Private Browsing now locks when it is not in use, allowing a user to keep tabs open even when they are away from the device,” reads the announcement.

Last week, the improvements to privacy were shown off at Apple’s annual Worldwide Developers Conference (WWDC). They are anticipated to be made available to users later this year as part of iOS 17, iPadOS 17, and macOS Sonoma.
Link Tracking Protection in Mail, Messages, and Safari’s private mode, which removes tracking parameters from URLs that are frequently used to track information about a click, is another important change.

According to a Fast Company report, Apple’s Craig Federighi stated, “Safari has been a somewhat unheralded pioneer of private browsing, and so many privacy and security features, and this year it’s just a tour de force.” One of the most significant sources of privacy harm is internet browsing.

A new embedded Photos picker that lets users share specific photos with other apps while keeping their library private is also coming to iOS.
Apple is expanding its Communication Safety feature, which warns children not to send or receive explicit images in Messages, to include video content. In addition, the option is being made available in the Photos picker, AirDrop, and FaceTime video messages.

Sensitive Content Warning, an optional setting that helps adult users avoid receiving unsolicited nude images and videos via Messages, AirDrop, or FaceTime video messages, is expected to be powered by the privacy-preserving technology that underpins Communication Safety.
By creating a group, users will also be able to securely share a set of passwords and passkeys with other people via iCloud Keychain. Passwords can be added and edited by everyone in the group to keep them current.
“Safer wireless connectivity defaults, media handling, media sharing defaults, sandboxing, and network security optimizations” are among the new features that Apple is introducing to Lockdown Mode. Additionally, watchOS support is being added to the enhanced security setting.

According to Apple, “Turning on Lockdown Mode further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface for those who require additional protections.”

“Lockdown Mode expands to provide even more protections for those who, because of who they are or what they do, could be targeted by mercenary spyware,” the article states.

MacStealer is a brand-new piece of information-stealing malware that targets Mac users. It steals credentials stored in the iCloud KeyChain, web browsers, cryptocurrency wallets, and potentially sensitive files.

Targeting Mac users

MacStealer is being dispersed as a malware-as-a-administration (MaaS), where the engineer sells premade works for $100, permitting buyers to spread the malware in their missions.

The new macOS malware can run on macOS Catalina (10.15) and up to the most recent version of Apple’s OS, Ventura (13.2), according to the Uptycs threat research team that discovered it.

The developers of MacStealer have been promoting it on a dark web hacking forum since the beginning of the month, and Uptycs analysts came across it there.

The seller asserts that the malware lacks panels or builders and is still in the early beta stage. Pre-built DMG payloads that can infect macOS Catalina, Big Sur, Monterey, and Ventura are instead offered for purchase.

The threat actor says that the malware costs only $100 because it doesn’t have a builder or panel, but he says that more advanced features will come soon.

The malware developer claims that MacStealer can steal the following data from compromised systems:

• Account passwords, cookies, and credit card details from Firefox, Chrome, and Brave.
• TXT, DOC, DOCX, PDF, XLS, XLSX, PPT, PPTX, JPG, PNG, CSV, BMP, MP3, ZIP, RAR, PY, and DB files
• Extract the Keychain database (login.keychain-db) in base64 encoded form
• Collect System information
• Collect Keychain password information
• Coinomi, Exodus, MetaMask, Phantom, Tron, Martian Wallet, Trust wallet, Keplr Wallet, and Binance cryptocurrency wallets

The Keychain database is a secure storage system in macOS that holds users’ passwords, private keys, and certificates, encrypting it with their login password. The feature can then automatically enter login credentials on web pages and apps.

The perpetrators of the threat distribute MacStealer as a DMG file that is not signed and pretends to be something the victim is tricked into running on their macOS.

The victim is then prompted to enter a fake password in order to execute a command that enables the malware to collect passwords from the compromised machine.
The malware then gathers all of the data mentioned in the preceding section, archives them in a ZIP file, and transmits the stolen data to remote command and control servers for the threat actor to later collect.

Simultaneously, MacStealer sends a fundamental data to a pre-designed Wire channel, permitting the administrator to be immediately informed when new information is taken and download the Compress record.
While the majority of MaaS attacks target Windows users, macOS users should remain vigilant and refrain from downloading files from questionable websites.

A new Mac information-stealing malware was also discovered last month by security researcher iamdeadlyz as part of a phishing campaign aimed at “The Sandbox” blockchain game players.

Additionally, this information thief targeted credentials saved in cryptocurrency wallets and browsers, such as Exodus, Phantom, Atomic, Electrum, and MetaMask.

Malware developers will likely continue to target macOS in their search for cryptocurrency wallets to steal because threat actors are very interested in cryptocurrency wallets.

Apple has issued emergency security updates to fix a new zero-day flaw that can be used to hack into iPhones, iPads, and Macs.

Today’s zero-day patch, CVE-2023-23529 [1, 2], addresses a WebKit confusion issue that could be used to execute code on compromised devices and cause OS crashes.

After opening a malicious web page, attackers can successfully exploit the vulnerability to execute arbitrary code on devices running vulnerable versions of iOS, iPadOS, and macOS (the bug also affects Safari 16.3.1 on macOS Big Sur and Monterey).

“The execution of arbitrary code could occur when maliciously crafted web content is processed. When describing the zero-day, Apple stated, “Apple is aware of a report that this issue may have been actively exploited.”

“We would like to thank The Citizen Lab at The Munk School at The University of Toronto for their assistance.”

Improved security checks were added to iOS 16.3.1, iPadOS 16.3.1, and macOS Ventura 13.2.1 by Apple to address CVE-2023-23529.

Since the bug affects both older and newer models, the complete list of affected devices includes:

Apple also patched a kernel use after free flaw (CVE-2023-23514) reported by Xinru Chi of Pangu Lab and Ned Williamson of Google Project Zero that could allow arbitrary code with kernel privileges on Macs and iPhones. This flaw affects the iPhone 8 and later, iPad Pro (all models), iPad Air (3rd generation and later), iPad 5th generation and later, and iPad mini (5th generation and later).
Apple’s first zero-day patch this year Despite the fact that the company acknowledged being aware of reports of in-the-wild exploitation, the company has yet to release information regarding these attacks.

Apple probably wants to make it as easy as possible for as many people as possible to update their devices by limiting access to this information. This will prevent additional attackers from using the zero-day’s details to create and deploy their own customized exploits that target vulnerable iPhones, iPads, and Macs.

Even though this zero-day bug was probably only used in specific attacks, it is highly recommended to install today’s emergency updates as soon as possible to stop attacks.