Apple macOS Privacy & Security settings may not reflect real access to protected folders, according to a demonstration by The Eclectic Light Company using a notarized test app called Insent. The author shows an app can regain access to Documents through Open and Save Panel intent even after the Files & Folders toggle is turned off, with testing on macOS Tahoe 26.4 and suspected impact from macOS 13.5 onward. The reported workaround is to reset TCC for the app and restart, although the author later noted MACL persistence may mean access is not fully cleared.

https://eclecticlight.co/2026/04/10/why-you-cant-trust-privacy-security/

#InfoSec #MacSecurity #Privacy

KnockKnock finds what's persistently installed on a Mac—spotting potential malware that survives restarts. The free tool exposes persistent launchers, agents & drivers so users can assess threats. Learn more: https://objective-see.org/products/knockknock.html 🛡️🔎 #MacSecurity #InfoSec

https://formulae.brew.sh/cask/knockknock#default

#KnockKnock „Who's there?“ zeigt, was dauerhaft auf dem Mac installiert ist — oft Verstecke für Malware, die sich bei jedem Neustart neu startet. Tool deckt persistente Komponenten auf. Mehr Infos & Download: https://objective-see.org/products/knockknock.html 🔍🛡️ #MacSecurity #Malware #Infosec

https://formulae.brew.sh/cask/knockknock#default

🔒 Il tuo Mac merita il top! Scopri la nostra classifica delle migliori VPN per Mac, aggiornata a Marzo 2026. Sicurezza e velocità a portata di click! #VPN2026 #MacSecurity

🔗 https://www.tomshw.it/hardware/migliori-vpn-per-mac

BYOK means you control your API keys. VaultSort's AI Job Builder never sees them — they stay on your Mac, sent directly to OpenAI, Anthropic, or Google. Better yet: Google Gemini offers free API keys. Zero cost to describe file rules in plain English and let AI build your organization tree. #MacSecurity #OpenSource #Privacy

#PrivacyFirst #MacApps #DataPrivacy

RE: https://infosec.exchange/@_r_netsec/116220859869337905

Waah, joli boulot.
Je me demande qui en est l’auteur.

lecture technique très intéressante.
Une analyse statique complétée par du monitoring comportementale réseau qui plonge dans les entrailles du ver infostealer macOS injecté dans un plugin VS Code lors de la campagne Glassworm v2.. 👀

C’est balaise et résilient, avec une belle répartition des tâches de vol entre AppleScript et Node.js.  

Les échantillons déobfusqués ont aussi été mis à disposition sur #malwarebazaar

https://bazaar.abuse.ch/sample/d72c1c75958ad7c68ef2fb2480fa9ebe185e457f3b62047b31565857fa06a51a/

#CyberVeille #MacSecurity #macOS #Malware #ThreatIntel #Glassworm
👇