@misc{appleplatformsecurity, author = {{Apple Inc.}}, title = {Apple Platform Security Guide --- Protecting against malware in {macOS}}, year = {2024}, howpublished = {Online}, url = {https://support.apple.com/guide/security/protecting-against-malware-sec469d47bd8/web}, note = {Documents XProtect, XProtect Remediator, Gatekeeper, Notarization, code signing, App Sandbox, and the hardened runtime} } @techreport{citizenlab2021forcedentry, author = {Marczak, Bill and Scott-Railton, John and Razzak, Bahr Abdul and Al-Jizawi, Noura and Anstis, Siena and Berdan, Kristin and Deibert, Ron}, title = {{FORCEDENTRY}: {NSO} Group {iMessage} Zero-Click Exploit Captured in the Wild}, institution = {The Citizen Lab, University of Toronto}, year = {2021}, month = sep, url = {https://citizenlab.ca/research/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/} } @misc{cve202130860, author = {{MITRE Corporation}}, title = {{CVE-2021-30860} --- {Apple} {CoreGraphics} integer overflow processing maliciously crafted {PDF} ({FORCEDENTRY})}, year = {2021}, howpublished = {Online}, url = {https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30860} } @misc{cve202130858, author = {{MITRE Corporation}}, title = {{CVE-2021-30858} --- Use-after-free in {WebKit}; exploited in the wild against {Safari}}, year = {2021}, howpublished = {Online}, url = {https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30858} } @misc{cve202130632, author = {{MITRE Corporation}}, title = {{CVE-2021-30632} --- {JIT} type-confusion in {WebKit}; exploited in the wild}, year = {2021}, howpublished = {Online}, url = {https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30632} } @misc{lulu, author = {Wardle, Patrick}, title = {{LuLu} --- the free, open-source {macOS} firewall}, year = {2026}, howpublished = {Online; Objective-See Foundation}, url = {https://objective-see.org/products/lulu.html} } @misc{lulurepo, author = {{Objective-See Foundation}}, title = {{LuLu} source repository}, year = {2026}, howpublished = {Online; GitHub. License: {GNU} General Public License v3.0 ({GPL-3.0})}, url = {https://github.com/objective-see/LuLu} } @misc{wardlebio, author = {Wardle, Patrick}, title = {About --- Objective-See Foundation}, year = {2026}, howpublished = {Online}, url = {https://objective-see.org/about.html}, note = {Confirms prior NSA tenure} } @misc{malwarebytesstateofmalware, author = {{Malwarebytes}}, title = {State of Malware (annual report series)}, year = {2026}, howpublished = {Online}, url = {https://www.malwarebytes.com/resources/state-of-malware}, note = {Documents Mac-vs-Windows threat-detection volumes and the adware/PUP-dominated composition of Mac detections} } @misc{applesdp, author = {{Apple Inc.}}, title = {About Stolen Device Protection for {iPhone}}, year = {2024}, howpublished = {Online}, url = {https://support.apple.com/en-us/120340}, note = {Specifies the iOS 17.3 release, the Face ID/Touch ID biometric requirement with no passcode fallback, and the security-delay behavior away from familiar locations} } @misc{applelockdownmode, author = {{Apple Inc.}}, title = {About Lockdown Mode}, year = {2022}, howpublished = {Online}, url = {https://support.apple.com/en-us/105120}, note = {Specifies the iOS 16 / iPadOS 16 / macOS Ventura release and enumerates the restrictions imposed when Lockdown Mode is enabled} } @techreport{verizondbir, author = {{Verizon}}, title = {Data Breach Investigations Report ({DBIR})}, institution = {Verizon Business}, year = {2024}, url = {https://www.verizon.com/business/resources/reports/dbir/}, note = {Annual; repeatedly identifies the human element --- phishing, pretexting, and credential abuse --- as the dominant initial-access vector across breaches in scope} }