The OS X command line developer tools include an old version of the Git source code management system that exposes Mac users to remote code execution attacks.
The FBI reportedly paid professional hackers a one-time fee for a previously unknown vulnerability that allowed the agency to unlock the iPhone of San Bernardino shooter Syed Farook.
Apple has reportedly fixed a vulnerability that could have allowed hackers to bypass the passcode on iPhone 6s and 6s Plus running iOS 9.3.1 in order to access the address book and photos.
Researchers from Check Point Software Technologies found that the communication between MDM products and iOS devices is susceptible to man-in-the-middle attacks and can be hijacked to install malware on non-jailbroken devices.
Attackers are exploiting a weakness in Apple's digital rights management technology to install malicious apps on non-jailbroken iOS devices.
The KeRanger file-encrypting ransomware program for Mac OS X is based on Linux.Encoder and contains crypto flaws that could allow users to recover their files without paying cybercriminals.
Adi Shamir, co-creator of the widely used RSA cryptographic algorithm, believes that Apple should have assisted the FBI in decrypting the iPhone of one of the San Bernardino shooters and choose to resist in a future situation.
A Chinese iOS application recently found on Apple's official store contained hidden functionality that allowed users to install pirated apps on non-jailbroken devices, a technique that could also be leveraged by malware in the future.
Attackers can easily disable SimpliSafe home security systems from up to 30 meters away by using a device that costs around $250 to create, researchers from security firm IOActive found.
An increasing number of iOS application developers use a technique that allows them to remotely modify the code in their apps without going through the official app store's review process, an action that poses security risks for users.
Next year, the Java browser plug-in, which is frequently the target of Web-based exploits, will be retired by Oracle.
VirusTotal, the most widely used online file scanning service, is now executing suspicious Mac apps submitted by users inside a sandbox to generate information that could improve the analysis and detection of Mac malware.
The hardware-based encryption built into popular Western Digital external hard disk drives has flaws that could allow attackers to recover data without knowing the user password.
Adobe released a patch for a critical vulnerability in Flash Player in response to high-profile cyberespionage attacks against governmental targets.
Security researchers have identified over 4,000 iOS apps that have malicious code added by a rogue version of the Xcode development tool.