Mysk🇨🇦🇩🇪6d ago

📝🚨 New blog post: How a bug in Archive Utility allowed access to protected app data (including iMessage and WhatsApp chats, and Safari cookies) without any permissions.

The bug could also be exploited to hijack installed apps such as Signal and 1Password to perform phishing attacks.

Apple fixed the issue in macOS 26.4 as CVE-2026-28910, five months after we reported it

#Apple #macOS #privacy #security #cybersecurity #infosec

https://mysk.blog/2026/05/19/cve-2026-28910

Show threadMysk🇨🇦🇩🇪6d ago

macOS Archive Utility Bug Could Let Attackers Hijack Signal Sessions—Fixed in 26.4 (CVE-2026-28910)

https://m.youtube.com/watch?v=WuH0pIE7j2Y

macOS Archive Utility Bug Could Let Attackers Hijack Signal Sessions—Fixed in 26.4 (CVE-2026-28910)

YouTube
Show threadMysk🇨🇦🇩🇪6d ago

macOS Security: Archive Utility Bug Could Expose 1Password Secrets — Fixed in 26.4 (CVE-2026-28910)

https://m.youtube.com/watch?v=Hp5NLDtxmzo

macOS Security: Archive Utility Bug Could Expose 1Password Secrets — Fixed in 26.4 (CVE-2026-28910)

YouTube
Show threadMysk🇨🇦🇩🇪6d ago

macOS Security: Archive Utility bug can expose Safari, Messages, and WhatsApp data - CVE-2026-28910

https://m.youtube.com/watch?v=Naq5IojVoNs

macOS Security: Archive Utility bug can expose Safari, Messages, and WhatsApp data - CVE-2026-28910

YouTube
Show threadMysk🇨🇦🇩🇪

macOS Bug Lets Attackers Hijack Background Apps to Spy on Clipboard — Fixed in 26.4 (CVE-2026-28910)

https://m.youtube.com/watch?v=NUm5068G5eM

macOS Bug Lets Attackers Hijack Background Apps to Spy on Clipboard — Fixed in 26.4 (CVE-2026-28910)

YouTube
May 19 at 3:00pmWeb