CVE-2025-0150 Zoom Workplace Apps for iOS - Incorrect Behavior Order

Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an authenticated user to conduct a denial of service via network access...

SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images

A new malware campaign dubbed SparkCat has leveraged a suit of bogus apps on both Apple's and Google's respective app stores to steal victims' mnemonic phrases associated with cryptocurrency wallets. The attacks leverage an optical character recognition OCR model to exfiltrate select images...

CVE-2025-24158

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing web content may lead to a denial-of-service...

CVE-2025-24104

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4. Restoring a maliciously crafted backup file may lead to modification of protected system files...

CVE-2025-24123

The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination...

PT-2025-3352 · Kugou · Kugou Music

Name of the Vulnerable Software and Affected Versions: KuGou Music iOS version 20.0.0 Description: The issue allows attackers to access sensitive user information via supplying a crafted link. Recommendations: For KuGou Music iOS version 20.0.0, update to a newer version that contains a fix for...

CVE-2024-56952

An issue in Beijing Baidu Netcom Science & Technology Co Ltd Baidu Lite app iOS version 6.40.0 allows attackers to access user information via supplying a crafted link...

CVE-2024-56952

CVE-2024-56952 affects Baidu Lite for iOS, version 6.40.0. The issue allows an attacker to access user information by supplying a crafted link. Public details in the connected documents confirm the affected product/version and the basic impact (exposure of user data) but do not provide a concrete...

CVE-2024-56953

An issue in Baidu China Co Ltd Baidu Input Method iOS version v12.6.13 allows attackers to access user information via supplying a crafted link...

KuGou Concept 安全漏洞

KuGou Concept is a music applet from the Chinese company Kugou KuGou. A security vulnerability exists in KuGou Concept iOS version 4.0.61, which originates from an attacker who can access sensitive user information by providing a carefully crafted link...

CVE-2024-44290

CVE-2024-44290 affects Apple platforms and is described as a location-privacy issue. The vulnerability is addressed in iOS 18.1, iPadOS 18.1, and watchOS 11.1; installing these updates resolves the issue. The public description indicates an app could determine a user’s current location. The CVSS ...

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 18.1 and Apple iPadOS version 18.1, which stems from the fact that...

Citrix Workspace App for IOS version 24.8.0 is crashing for users using MicroVPN

Post autoupdate of CWA for IOS 24.8.0, IOS user experiences CWA crash Issue is affecting customers with MicroVPN enabled...

CVE-2024-5739

The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS UXSS vulnerability. This vulnerability allows for cross-site scripting XSS where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app...

PT-2024-21898 · Toyoko Inn · Toyoko Inn Official App For Android +1

Name of the Vulnerable Software and Affected Versions: Toyoko Inn official App for iOS versions prior to 1.13.0 Toyoko Inn official App for Android versions prior to 1.3.14 Description: The issue arises from the improper verification of server certificates, allowing a man-in-the-middle attacker t...

PT-2024-13616 · Archibus · Archibus

Name of the Vulnerable Software and Affected Versions: Archibus app version 4.0.3 for iOS Description: An issue was discovered in the create work request feature of the maintenance module, via the description field. This allows an attacker to perform an action on behalf of the user, exfiltrate...

Apple iOS and iPadOS Security Vulnerabilities

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 17.1 and iPadOS version 17.1, which arises from the possibility that ...

CVE-2023-5758

When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting XSS attack. This vulnerability affects Firefox for iOS 119...

PT-2023-28201 · Apple · Ios +2

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 17 iPadOS versions prior to 17 macOS versions prior to Sonoma 14 Description: A permissions issue was addressed with additional restrictions. This issue allows an app to potentially bypass Privacy preferences...

CVE-2023-41061

A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited...