Juli Clover (Hacker News, Reddit):
The Digital Markets Act requires Apple to provide third-party accessories with the same capabilities and access to device features that Apple’s own products get. In iOS 26.3, EU wearable device makers can now test proximity pairing and improved notifications.
Here are the new capabilities that Apple is adding:
- Proximity pairing - Devices like earbuds will be able to pair with an iOS device in an AirPods-like way by bringing the accessory close to an iPhone or iPad to initiate a simple, one-tap pairing process. Pairing third-party devices will no longer require multiple steps.
- Notifications - Third-party accessories like smart watches will be able to receive notifications from the iPhone. Users will be able to view and react to incoming notifications, which is functionality normally limited to the Apple Watch.
I’m looking forward to Apple’s blog post about how easier Bluetooth pairing will put users at risk. The notification forwarding was previously announced, but I didn’t realize it also included support for reactions.
Steve Dent:
However, there’s no indication that it will allow seamless switching between devices as you can do with Apple’s [AirPods], for instance.
Previously:
AirPods Antitrust Bluetooth Digital Markets Act (DMA) European Union iOS iOS 26
Joe Rossignol:
Due to regulatory action, Apple has agreed to allow alternative app stores, third-party payment systems for in-app purchases, and in-app links to external offers on iOS in Brazil, according to legal news website MLex and Brazilian blog Tecnoblog.
Previously:
Antitrust App Marketplaces Brazil External iOS Payments iOS iOS 26 Legal
Juli Clover:
Apple and Google are teaming up to make it easier for users to switch between iPhone and Android smartphones, according to 9to5Google. There is a new Android Canary build available today that simplifies data transfer between two smartphones, and Apple is going to implement the functionality in an upcoming iOS 26 beta.
[…]
The collaboration will apparently add “more functionality” and support for transferring data types that are not available to transfer with the current tools.
This is good, but I don’t love that it seems to be a private arrangement between Apple and Google. We should all be able to get a dump of our own data.
Juli Clover:
The simplified smartphone switching Apple and Google are adopting is an example of how the Digital Markets Act (DMA) benefits users and developers, the European Commission said today. Apple and Google are making it easier for users to switch between iPhone and Android smartphones, adding an option to transfer data from another smartphone during the device setup process.
Apple and Google are implementing this functionality because the DMA requires services to offer effective data portability to avoid data lock-in to an operating system.
[…]
The DMA is also the reason why Apple and Google designed a simplified eSIM transfer solution earlier this year.
Previously:
Android Antitrust Digital Markets Act (DMA) European Union iOS iOS 26
Thijs Xhaflaire:
Jamf Threat Labs observed a signed and notarized stealer that did not follow the typical execution chains we have seen in the past. The sample in question looked highly similar to past variants of the increasingly active MacSync Stealer malware but was revamped in its design.
Unlike earlier MacSync Stealer variants that primarily rely on drag-to-terminal or ClickFix-style techniques, this sample adopts a more deceptive, hands-off approach. Delivered as a code-signed and notarized Swift application within a disk image named zk-call-messenger-installer-3.9.2-lts.dmg , distributed via https://zkcall.net/download, it removes the need for any direct terminal interaction. Instead, the dropper retrieves an encoded script from a remote server and executes it via a Swift-built helper executable.
Bill Toulas (Reddit):
The stealer emerged in April 2025 as Mac.C by a threat actor named ‘Mentalpositive’. It gained traction by July, joining the less crowded but still profitable space of macOS stealers alongside AMOS and Odyssey.
A previous analysis of Mac.C by MacPaw Moonlock indicates that it can steal iCloud keychain credentials, passwords stored on web browsers, system metadata, cryptocurrency wallet data, and files from the filesystem.
Jeff Johnson (Mastodon):
I hate to say I told you so but…who am I kidding, I love to say I told you so. In 2019 I wrote a prescient blog post, The true and false security benefits of Mac app notarization, in which I foretold such an attack, suggesting that notarization is security theater.
[…]
Many of the Mac malware “protections” that Apple has added over the years are merely punishments for Mac users and honest Mac developers, making their computing life more miserable while leaving gaping holes for malware to sneak through. (See my own Apple Security Credits, as a Mac developer, not a professional security researcher, and those are just issues that Apple fixed, not all of the issues I discovered.) Earlier this month 9to5Mac also reported, Apple security bounties slashed as Mac malware grows, a tacit admission by Apple of this hopeless situation.
Céline Didone:
it was always about creating fear around the well established practice of installing apps from outside the App Store.
Previously:
Mac macOS Tahoe 26 Malware Notarization
