Apple users are facing new threats from the Banshee Stealer malware, which has been updated to target macOS, and a sophisticated smishing attack that tricks iPhone users into disabling iMessage's phishing protection. The latest version of Banshee Stealer, first identified in mid-2024, uses a string encryption method from Apple's XProtect to evade detection, potentially remaining undetected for over two months. This malware targets sensitive data such as browser credentials and cryptocurrency wallets of 100 million users, according to Check Point. Meanwhile, cybercriminals are exploiting a loophole in iMessage's security feature that automatically disables links from unknown senders. By sending messages that prompt users to reply, attackers can reactivate these links, exposing users to phishing attempts. The smishing attacks often mimic notifications from trusted organizations like USPS or toll road authorities, urging users to respond with a simple 'Y' or 'N', which then enables the previously disabled links.