Mac Script Editor becomes new entry point for ClickFix malware

ClickFix attacks targeting Mac users now use Script Editor instead of Terminal, a shift that sidesteps Apple's latest ...
CNET

The "Opener" scare and keeping malicious scripts off your Mac

Over the weekend, MacInTouch and Slashdot posted information regarding a shell script dubbed "opener" that, if installed with proper authentication on a Mac OS X system, can trigger several ...

New macOS stealer campaign uses Script Editor in ClickFix attack

A new campaign delivering the Atomic Stealer malware to macOS users abuses the Script Editor in a variation of the ClickFix ...

Mac users beware — experts say this attack stood out immediately by making a major change

ClickFix on Macs is evolving yet again and is no longer abusing Terminal.
Macworld

How to use Script Editor to re-authorize a balky AppleScript in macOS Catalina and later

If you’ve kicked around with a Mac for more than a few years and you read Macworld, you almost certainly have an AppleScript or seven that you rely on for certain custom features. I wrote a very ...
MacTech

ClickFix attack uses Script Editor instead of Terminal on macOS

Jamf Threat Labs has discovered a ClickFix-style macOS attack that abuses the applescript:// URL scheme to launch Script ...
Arabian Post

Script Editor becomes Mac malware gateway

When a victim clicks an “Execute” button, the site calls the applescript:// URL scheme, prompting the browser to open Script Editor with malicious code already filled in. That removes the need for the ...
Macworld

MWSF: iDo Script Schedule released for Mac OS X

Sophisticated Circuits has released iDo Script Scheduler 1.5, a Mac OS X utility for running AppleScripts at any time you wish. <?php virtual(“/includes/boxad.inc ...
Ars Technica

Actively exploited Mac 0-day neutered core OS security defenses

When Apple released the latest version, 11.3, for macOS on Monday, it didn’t just introduce support for new features and optimizations. More importantly, the company fixed a zero-day vulnerability ...