• en

    • Zero-Day Update: New macOS Bug Lets Hackers Run Your Mac Commands Remotely

    Scam Alerts
    #Phishing & Identity Theft#Malware Scams
    Header

    Author: Trend Micro

    October 12, 2021

    This article is from Trend Micro.

    Apple’s security headaches continue to pound. Researchers have recently found yet another threat. In this latest, hackers are able to trick users into allowing them to run commands remotely on macOS Big Sur.

    It was discovered by independent expert, Park Minchan, and reported to the SSD Secure Disclosure program. They have this to say:

    “A vulnerability in macOS Finder allows files whose extension is inetloc to execute arbitrary commands, these files can be embedded inside emails which if the user clicks on them will execute the commands embedded inside them without providing a prompt or warning to the user
    […]
    If the inetloc file is attached to an email, clicking on the attachment will trigger the vulnerability without warning.”

    While Apple has released a patch for this issue, it has subsequently been reported that it can easily be circumvented. SSD Secure Disclosure has notified Apple of this, but has yet to receive a reply. As such, until this vulnerability has been properly addressed macOS users should be extra vigilant when it comes to engaging with emails.

    On the other hand, this is also simply part of a wider issue: that Macs are indeed vulnerable to attacks. In May, it was attackers being able to take screenshots on your Mac; in July, it was corrupted-memory systems being sitting-ducks for takeover; and just this month we’ve had the zero-clicks debacle. The evidence continues to pile up.

    Trend Micro’s Antivirus One Can Protect Your Mac

    After several months of these Mac security issues coming to light, it should be clear by now that the old myth of Apple products not requiring third-party antivirus protection is untrue — and unsupported by the evidence we see every month.

    Though this latest issue is up to Apple to fix, it would be remiss of us to not encourage you to download our free Antivirus One product for full protection. Its key features include:

    • Fast and thorough scans in under a minute — and the power to eliminate anything malicious if found.
    • Constant, real-time web threat protection as you browse.
    • Data privacy sweeps — in which your personal data will be sought out and eliminated before leaked on dangerous websites.

    Antivirus One is free, fast, and thorough. Try it now: you haven’t a thing to lose in quickly ramping up your defenses.

    Get Antivirus One

    Report a Scam!

    Have you fallen for a hoax, bought a fake product? Report the site and warn others!

    Report a Scam!

    Scam Categories

    Help & Info

    Scam AlertsLearn about ScamsReliable SitesAdvice for CompaniesResearch & ReportsGlobal Scam Country Guide
    See all

    Popular Stories

    How to Recognize a Scam Website

    As the influence of the internet rises, so does the prevalence of online scams. There are fraudsters making all kinds of claims to trap victims online - from fake investment opportunities to online stores - and the internet allows them to operate from any part of the world with anonymity. The ability to spot online scams is an important skill to have as the virtual world is increasingly becoming a part of every facet of our lives. The below tips will help you identify the signs which can indicate that a website could be a scam. Common Sense: Too Good To Be True When looking for goods online, a great deal can be very enticing. A Gucci bag or a new iPhone for half the price? Who wouldn’t want to grab such a deal? Scammers know this too and try to take advantage of the fact. If an online deal looks too good to be true, think twice and double-check things. The easiest way to do this is to simply check out the same product at competing websites (that you trust). If the difference in prices is huge, it might be better to double-check the rest of the website. Check Out the Social Media Links Social media is a core part of ecommerce businesses these days and consumers often expect online shops to have a social media presence. Scammers know this and often insert logos of social media sites on their websites. Scratching beneath the surface often reveals this fu

    Read more

    How Do I Get Money Back From a Scammer?

    So the worst has come to pass - you realise you parted with your money too fast, and the site you used was a scam - what now? Well first of all, don’t despair!! If you think you have been scammed, the first port of call when having an issue is to simply ask for a refund. This is the first and easiest step to determine whether you are dealing with a genuine company or scammers. Sadly, getting your money back from a scammer is not as simple as just asking.  If you are indeed dealing with scammers, the procedure (and chance) of getting your money back varies depending on the payment method you used. PayPal Debit card/Credit card Bank transfer Wire transfer Google Pay Bitcoin PayPal If you used PayPal, you have a strong chance of getting your money back if you were scammed. On their website, you can file a dispute within 180 calendar days of your purchase. Conditions to file a dispute: The simplest situation is that you ordered from an online store and it has not arrived. In this case this is what PayPal states: "If your order never shows up and the seller can't provide proof of shipment or delivery, you'll get a full refund. It's that simple." The scammer has sent you a completely different item. For example, you ordered a PlayStation 4, but instead received only a Playstation controller.  The condition of the item was misrepresented on the product page. This could be the

    Read more