Zoom has slow-walked a fix for a bug that allows randos to take over your Mac's camera

Zoom is an incredibly popular videoconferencing tool. In late March, security researcher Jonathan Leitschuh notified the company that its Mac software contained a ghastly vulnerability that allowed attackers to take over your camera after tricking you into clicking a malicious link. Leitschuh gave Zoom 90 days to fix the bug before going public (a common courtesy extended by security researchers when they discover dangerous bugs) then watched in dismay as the company slow-walked a response, so that when the deadline rolled around, the vulnerability was still in place. Read the rest

Federal prosecutors say that Ohio man used MacOS malware that covertly operated cameras and mics and exfiltrated porn searches for 13 years

An indictment in the US District Court for the Northern District of Ohio's Eastern Division alleges that Phillip R Durachinsky created a strain of MacOS "creepware" called Fruitfly, which was able to covertly operate the cameras and microphones of infected computers as well as capturing and sharing porn searches from the infected machines; the indictment alleges that Durachinsky used the software for 13 years, targeting individuals, schools, and federal agencies including the Department of Energy. Read the rest

Shazam song-identification program keeps your mic on, even when you turn it off

If you run the Shazam song identification app an Mac, the mic will never switch off, even when the program reports that it has. Read the rest

Proof-of-concept firmware worm targets Apple computers

It's like Bad USB, with extra Thunderbolt badness: Web-based attacks can insert undetectable malicious software into a Mac's UEFI/BIOS, which spreads to other machines by infecting Thunderbolt and USB devices. Read the rest