The Iru Blog

Christopher Lopez

•

13 min read

InfoStealer Uses SwiftUI, OpenDirectory API to Capture Passwords

On July 29, @4n6Bexaminer tweeted about a new macOS stealer. Moments later, Hunt.io tweeted about the same new malware and then released a blog post about it on July 30. That post focused primarily on the malicious bash scripts that were downloaded from the command-and-control (C2) server and then executed as the second stage.

Threat Intelligence August 8, 2024

Iru Team

•

8 min read

Apple Intelligence: What Mac Admins Need to Know

One of Apple’s biggest announcements at this year’s WWDC was about the upcoming release of what the company calls Apple Intelligence. But, this being Apple, it wasn’t just a jumping-on-the-bandwagon announcement about AI. Rather, it’s about the very Apple approach the company is taking to artificial intelligence, one that puts user benefits and protections first.

Educational July 30, 2024

Iru Team

•

5 min read

How to Make Device Management Work for End Users

There’s no question that modern device management is a boon to IT teams. It simplifies and centralizes the way you deploy operating systems, apps, and settings on the devices your organization relies on to get its work done. It also gives you visibility into how those devices are being used and whether they’re in compliance with your desired end-states.

Educational July 19, 2024

Csaba Fitzl

•

4 min read

Dock Tile Plugins Could Be Used to Escalate Privileges

I recently came across a persistence feature in macOS that's tied to Dock tile plugins.

Threat Intelligence July 19, 2024

Christopher Lopez

•

7 min read

How Twitch Helper Can Be Used for Privilege Escalation

Privileged helpers are bits of software that assist applications by running elevated privileged actions separate from the app itself. XPC is Apple’s interprocess communication mechanism that makes this possible.

Threat Intelligence June 12, 2024

Adam Kohler & Christopher Lopez

•

5 min read

Update: Cuckoo Malware Evolves

Since our initial report about the Cuckoo malware, there have been some updates to its functionality and infection vector that we wanted to let the Apple security community know about.

Threat Intelligence May 29, 2024

Csaba Fitzl

•

9 min read

How Malware Can Bypass Transparency Consent and Control (CVE-2023-40424)

CVE-2023-40424 is a vulnerability that allows a root-level user to create a new user with a custom Transparency Consent and Control (TCC) database in macOS, which can then be used to access other users’ private data.

Threat Intelligence May 22, 2024

Ali Khan

•

5 min read

How MDM Can Help You Achieve ISO 27001 Compliance

ISO 27001 is a compliance standard that defines in general terms what a good information security management system (ISMS) should do. Such systems protect the security, availability, and confidentiality of an organization’s information assets through technical and organizational policies and procedures. Conformity with ISO 27001 means that an organization has systems in place and is following best practices to manage risks to its data.

Educational May 17, 2024

Adam Kohler & Christopher Lopez

•

28 min read

Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware

On April 24, 2024, we found a previously undetected malicious Mach-O binary programmed to behave like a cross between spyware and an infostealer. We have named the malware Cuckoo, after the bird that lays its eggs in the nests of other birds and steals the host's resources for the gain of its young.

Threat Intelligence April 30, 2024

Iru Team

•

5 min read

To Improve IT Efficiency, Consider New KPIs

How efficient is your IT team? Historically, that’s been a straightforward question, with an equally straightforward answer: You look at the number of help-desk tickets they receive in a given time period, count the number that were solved, calculate the ratio of tickets solved to tickets received, and—voila! You have a metric.

Thought Leadership April 23, 2024

Iru Team

•

9 min read

How to Add Devices to Apple Business Manager Using Apple Configurator

Before mobile device management solutions for Apple devices—such as Iru—were common, there was Apple Configurator.

Educational April 18, 2024

Adam Kohler & Christopher Lopez

•

11 min read

CloudChat Infostealer: How It Works, What It Does

On April 3, 2024, we came across an undetected file that had been uploaded to the online virus-checker VirusTotal that day named Clip. Right off the bat, we noticed that the file had some red flags that warranted further investigation.

Threat Intelligence April 8, 2024

Alexandre Morin

•

6 min read

Home Screen Layout: When and How to Use It

Just over eight years ago, at its 2016 spring media event, Apple made a batch of product announcements, including the brand new iPhone SE and iPad Pro. The company also announced the upcoming release of iOS 9.3—one of the biggest ever for the enterprise and education markets alike. It introduced Apple School Manager, Managed Apple IDs, Classroom, and Shared iPad, which allowed a single Apple iPad to be shared among multiple users.

Educational March 29, 2024

Csaba Fitzl

•

14 min read

How Apple Mitigates Vulnerabilities in Installer Scripts

Vulnerabilities are hot topics inside the world of security research and—because of their potentially dramatic impacts—outside as well. Unfortunately, the strategies and tactics that companies like Apple take to prevent specific vulnerabilities—or even entire families of exploits—typically attract less attention. But the fact is that engineering high-impact mitigations is typically more challenging than finding a single vulnerability.

Threat Intelligence March 15, 2024

Iru Team

•

5 min read

Deploying Adobe Creative Cloud: Choosing the Right Path

For Apple IT teams with MDM tools, deploying applications to users is a familiar and relatively straightforward process. Depending on the app and the MDM solution, it could mean deploying titles from the macOS App Store, building and deploying your own app packages, and/or making apps available via self-service.

Educational March 6, 2024