Mastodawn

📝🚨 New blog post: How a bug in Archive Utility allowed access to protected app data (including iMessage and WhatsApp chats, and Safari cookies) without any permissions.

The bug could also be exploited to hijack installed apps such as Signal and 1Password to perform phishing attacks.

Apple fixed the issue in macOS 26.4 as CVE-2026-28910, five months after we reported it

#Apple #macOS #privacy #security #cybersecurity #infosec

https://mysk.blog/2026/05/19/cve-2026-28910

Show thread

Mysk🇨🇦🇩🇪5d ago

macOS Archive Utility Bug Could Let Attackers Hijack Signal Sessions—Fixed in 26.4 (CVE-2026-28910)

https://m.youtube.com/watch?v=WuH0pIE7j2Y

macOS Archive Utility Bug Could Let Attackers Hijack Signal Sessions—Fixed in 26.4 (CVE-2026-28910)

YouTube

Show thread

Mysk🇨🇦🇩🇪5d ago

macOS Security: Archive Utility Bug Could Expose 1Password Secrets — Fixed in 26.4 (CVE-2026-28910)

https://m.youtube.com/watch?v=Hp5NLDtxmzo

macOS Security: Archive Utility Bug Could Expose 1Password Secrets — Fixed in 26.4 (CVE-2026-28910)

YouTube

Show thread

Mysk🇨🇦🇩🇪5d ago

macOS Security: Archive Utility bug can expose Safari, Messages, and WhatsApp data - CVE-2026-28910

https://m.youtube.com/watch?v=Naq5IojVoNs

macOS Security: Archive Utility bug can expose Safari, Messages, and WhatsApp data - CVE-2026-28910

YouTube

Show thread

Mysk🇨🇦🇩🇪5d ago

macOS Bug Lets Attackers Hijack Background Apps to Spy on Clipboard — Fixed in 26.4 (CVE-2026-28910)

https://m.youtube.com/watch?v=NUm5068G5eM

macOS Bug Lets Attackers Hijack Background Apps to Spy on Clipboard — Fixed in 26.4 (CVE-2026-28910)

YouTube

Show thread

softmaus 5d ago

@mysk Unfortunately, the main font‘s color seems to be white on white in Safari?

Show thread

Mysk🇨🇦🇩🇪5d ago

@softmaus Where? Can you show a screenshot?

Show thread

softmaus 5d ago

@mysk This is on mobile Safari.

Show thread

Mysk🇨🇦🇩🇪5d ago

@softmaus Oh wow. Light mode is broken. We're fixing it. Thanks

@softmaus Fixed!

@mysk Confirmed :)

@softmaus Thanks a lot for reporting it.