Feedback & Followups
- More Mythos developments:
- From Anthropic: Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software — thehackernews.com/…
- Aided by Mythos Preview, Researchers Announce macOS Kernel Exploit Circumventing M5 Memory Integrity Enforcement — daringfireball.net/… (Mythos could not do this alone, and the researchers likely couldn’t have done it alone either; this was a real partnership between skilled humans and powerful tools)
- 🇨🇦 More push-back against Canada’s proposed end-to-end-encryption ban:
- Related: 🇬🇧 Mozilla calls on UK to exclude VPNs from age verification rules — cyberinsider.com/…
Listener Questions
From Allison — ChatGPT Malware?
Allison posted a screenshot on Slack showing her Mac blocking ChatGPT as malware — what happened?
TL;DR — OpenAI fell prey to a supply-chain attack and lost control of one of their software signing certificates, so they marked the certificate as compromised, and rushed out a new version of ChatGPT signed with a safe certificate.
One of the things Apple’s Gatekeeper malware protection feature does is check the digital signatures on every app before the system launches it. This provides two important protections:
- It gives Apple a quick mechanism for blocking known-bad software simply — if an app is signed with a revoked cert, block it! No need to develop some kind of AV-style pattern matching, just check the cert!
- It detects and blocks apps that have changed since they were signed — either you were tricked into installing a booby-trapped version of the app, or, something nasty ran on your Mac for long enough to inject new code into a legitimate app you had installed.
Once OpenAI discovered they had lost the private key controlling their code signing certificate, they revoked it immediately. They also re-signed their app as quickly as they could and pushed out a software update, allowing legitimate versions of ChatGPT to try update themselves to the known-good version.
Neither certificate revocations nor software updates propagate instantaneously, so we now have a race condition! Would Allison’s Mac get the ChatGPT update before her Mac learned about the certificate revocation?
As it happens it seems both sort of happened — the software update process got far enough that the new app was on her Mac, but had clearly not completed all the way. The end result, Allison was told a malicious copy of ChatGPT had been moved to the trash, and, when she tried to launch ChatGPT again it started fine!
There are infinitely many ways for apps to update themselves, but any update mechanism that starts while an app is running needs to briefly have two versions of the app on your system at the same time — you can’t change running code!
Apple’s app store gets around this by forcing your to quit an app before you can update it, which works because the store app is not the app itself.
Firefox has to deal with this problem somehow, because Firefox updates itself without the help of the App Store app. What Firefox does it download updates in the background as soon as they becomes available, then, as it starts, it checks for a waiting copy. If it finds one, it launches a helper app, and exists, letting the helper app do the switcheroo, before it then starts Firefox for you. What you exerience as a user is a slightly slower startup, and you might notice the dock icon appear, disappear briefly, then re-appear.
Chrome on the other hand helps itself to your resources and runs an always-on background app that does nothing but check for updates. It then downloads any updates Google pushes, and checks if Chrome is running, if not, it does the switcheroo, if it is, it waits! The down-side is you have an always-on process consuming your RAM, and if that process has a vulnerability or a bug, your Mac is always running the vulnerable code, even when you quit Chrome. For about a year Mac users running Chrome complained their RAM kept vanishing, and it was eventually traced to a bug in the Chrome updater that forgot to free a piece of memory after use, causing it to grow and grow and grow until you rebooted your Mac!
If you’re curious why certificate revocations are not checked in real-time, there are a few reasons. Before we look at why it’s not done in real time for app launches, I do want to emphasise that it is possible, at least for now.
Certificate Authorities currently provide URLs for querying certificate statuses using OCSP, the Online Certificate Status Protocol.
So, why not use OCSP?
- You need to be able to launch apps while not connected to the internet!
- Checking every cert’s latest status each time would slow down your app launches and flood certificate authorities with real-time certificate status checks
- Checking every time is a privacy leak — the certificate authority’s certificate status protocol servers would see the App cert and the IP of the machine running it each time an app was started, allowing them to track app usage by specific IPs, something data brokers would pay big money for!
Why did I hedge my mention of OCSP with for now? Precisely because of the privacy concerns, it’s being phased out! It is being replaced by a privacy-protecting, less real-time protocol that uses lists of hashed revoked certificates structured in a computationally efficient data structure that can be searched really efficiently.
Links
- MacOS Started Sending ChatGPT to Trash: Why Mac Considers the Program Malicious — hi-tech.ua/…
- OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident — thehackernews.com/…
❗ Action Alerts
- Apple Patches Everything — isc.sans.edu/…
- The graph in the SANS article showing the number of fixes per release over time is interesting — this one is about average
- One notable new security feature: OS 26.5 Adds Encrypted RCS Messaging, Fixes Bugs — tidbits.com/…
- These Mobile Carriers Support iOS 26.5 Encrypted RCS Messaging — www.macobserver.com/…
- Fixes for older OSes too:
- Safari 26.5 — tidbits.com/…
- iOS 18.7.9 and iPadOS 18.7.9 Now Available for Older iPhone and iPad — www.macobserver.com/…
- Apple Rolls Out iOS 16.7.16 and iOS 15.8.8 for Older iPhones with Important Security Fixes — www.macobserver.com/…
- macOS 15.7.7 and 14.8.7 Released Alongside Apples Latest Software Updates — www.macobserver.com/…
- Apple Extends Notification Privacy Fix to iOS 15, iOS 16, and iPadOS 17 — tidbits.com/…
- Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days — www.bleepingcomputer.com/…
- The disgruntled security research who previously released Microsoft zero-days just after Patch Tuesday struck again:
- Windows BitLocker zero-day gives access to protected drives, PoC released — www.bleepingcomputer.com/…
- Physical access to the device is required to booby-trap the firmware, so not a problem for typical users
- Does not allow a drive to be decrypted on any computer other than the one it was encrypted on
- Microsoft shares mitigation for YellowKey Windows zero-day — www.bleepingcomputer.com/… (cumbersome overkill for regular users)
- New Windows ‘MiniPlasma’ zero-day exploit gives SYSTEM access, PoC released — www.bleepingcomputer.com/…
- Local privilege escalation, so not a big problem for typical home users — “if you have malicious code running on your machine …”
- Related: Microsoft warns of new Defender zero-days exploited in attacks — www.bleepingcomputer.com/…
- By default, Defender automatically updates, so no users action is needed
- Good time to check you haven’t disabled automatic Defender updates!
- ⚠️ Ubiquity Owners: Ubiquiti patches three max severity UniFi OS vulnerabilities — www.bleepingcomputer.com/…
- ⚠️ NGNINX Users: 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE — thehackernews.com/…
- No patch yet, but workarounds available
- Only affects very specific configurations, so first step is to check your configs for problem declarations
- ⚠️ Drupal Users: Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks — thehackernews.com/…
- Only affects sites back-ended by PostgreSQL
- Drupal: Critical SQL injection flaw now targeted in attacks — www.bleepingcomputer.com/…
- ⚠️ WordPress Users: Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin — www.bleepingcomputer.com/… (privacy-focused analytics used on over 200,000 sites!)
- ⚠️ Google API Users: Google “Won’t Fix” API key staying active for 23 mins after deletion — cyberinsider.com/…
- This seems utterly un-tenable to me — in the age of AI 23 minutes is an eternity!
- I can’t see how it is possible to safely use Google’s APIs 🙁
Worthy Warnings
- Gift Card Scam Funnels Millions in Apple Devices Through New Hampshire Warehouses — tidbits.com/…
- Avoid buying physical gift cards of any kind in stores!
- ⚠️ Telegram Users: Telegram’s MTProto protocol leaks persistent identifiers enabling user tracking — cyberinsider.com/…
- Treat Telegram like social media — Telegram is not a secure messaging platform
- ⚠️ Mullvad VPN users: 🧯 Mullvad VPN exit IP patterns could enable user fingerprinting — cyberinsider.com/… (not a big problem)
Notable News
- You may want to contribute: Tor launches crowdfunding campaign to support internet freedom projects — cyberinsider.com/…
- Some notable enforcement actions:
- 🇺🇸 California hits GM with record $12.75M fine for selling driver location data — cyberinsider.com/…
- 🇺🇸 FCC moves to impose “Know Your Customer” rules for VoIP providers — cyberinsider.com/… (aim is to tackle robocalls)
- 🇺🇸 Texas sues Netflix for profiling children and selling data to advertisers — cyberinsider.com/…
- Some nice cybersecurity updates and enhancements
- Microsoft backpedals: Edge to stop loading passwords into memory — www.bleepingcomputer.com/… (this should never have needed to fixed, but at least it is now being fixed)
- Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development — thehackernews.com/… (developer tooling)
- Android adds ‘Intrusion Logging’ system to detect spyware attacks — cyberinsider.com/… (An enhancement to Android Advanced Protection Mode developed in collaboration with Amnesty International’s security lab)
- WhatsApp launches “Incognito Chat” for private AI conversations — cyberinsider.com/… (Not a recommendation from Bart suggesting anyone start using WhatApp or Meta’s AI, but if you feel you want to, this is at least less risky)
- Signal begins testing automatic key verification for encrypted chats — cyberinsider.com/… (still in beta, not yet rolled out to users)
- Discord enables E2EE by default for all voice and video communications — cyberinsider.com/… (E2EE is End-to-End-Encryption)
- Proton Pass adds new protections for AI agents with account access — cyberinsider.com/…
- “A new Proton Pass feature allows users to securely share credentials with AI agents via ‘AI access tokens,’ aiming to reduce the security risks posed by autonomous AI tools accessing private accounts.”
- Related: Proton Pass rated “well above par” in independent security audit — cyberinsider.com/…
Interesting Insights
- Apple have published a fascinating writeup on their App Store protections: The App Store stopped over $2.2 billion in potentially fraudulent transactions in 2025 — 📣 Apple PR
- Editorial by Bart: What stands out most to me is how often Apple stress that their process is a partnership between people and AI — AI as a force-multiplier, not as a replacement for people!
Palate Cleansers
- From Allison: LeoLabs — platform.leolabs.space/…
- Cool animation of current satellites, instruments, and debris. You can zoom in and select a specific satellite and follow along in its path, and (if you turn off debris) you can see satellites by country of origin. Mesmerizing while also frightening.
Legend
When the textual description of a link is part of the link, it is the title of the page being linked to, when the text describing a link is not part of the link, it is a description written by Bart.
| Emoji | Meaning |
|---|---|
| 🎧 | A link to audio content, probably a podcast. |
| ❗ | A call to action. |
| flag | The story is particularly relevant to people living in a specific country, or, the organisation the story is about is affiliated with the government of a specific country. |
| 📊 | A link to graphical content, probably a chart, graph, or diagram. |
| 🧯 | A story that has been over-hyped in the media, or, “no need to light your hair on fire” 🙂 |
| 💵 | A link to an article behind a paywall. |
| 📌 | A pinned story, i.e. one to keep an eye on that’s likely to develop into something significant in the future. |
| 🎩 | A tip of the hat to thank a member of the community for bringing the story to our attention. |
| 🎦 | A link to video content. |