CVE-2026-28873

The CVE-2026-28873 issue stems from insufficient entitlement checks that could allow an app to bypass App Privacy Report logging. Affected products include Apple iOS and iPadOS, with fixes in iOS 18.7.9, iPadOS 18.7.9, iOS 26.4, and iPadOS 26.4. The underlying root cause is entitlement verificati...

Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages

Apple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for deletion on the device. The vulnerability, tracked as CVE-2026-28950 CVSS score: N/A, has been described as a logging issue that has been addressed with improved dat...

Apple expands “DarkSword” patches to iOS 18.7.7

Apple widened its latest iOS 18 security update to cover far more iPhones and iPads, specifically to stop real‑world DarkSword attacks that can compromise a device from a single website visit. After researchers published their findings about the DarkSword attacks and an exploit kit abusing the...

PT-2026-23506

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.10 Description A time-of-check-time-of-use TOCTOU issue exists in the validateScriptFileForShellBleed function. A TOCTOU issue is a software bug where a system checks a condition such as a security credential...

CVE-2026-20663

The issue was resolved by sanitizing logging. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An app may be able to enumerate a user's installed apps...

CVE-2026-20606

This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to bypass certain Privacy preferences...

CVE-2025-46292

This issue was addressed with additional entitlement checks. This issue is fixed in iOS 26.2 and iPadOS 26.2, iOS 18.7.3 and iPadOS 18.7.3. An app may be able to access user-sensitive data...

CVE-2025-43422

The issue was addressed by adding additional logic. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker with physical access to a device may be able to disable Stolen Device Protection...

EUVD-2022-35983

Malicious code in bioql PyPI...

CVE-2020-9934

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information...

A week in security (March 4 – March 10)

Last week on Malwarebytes Labs: Patch now! VMWare escape flaws are so serious even end-of-life software gets a fix Update now! JetBrains TeamCity vulnerability abused at scale PetSmart warns customers of credential stuffing attack Predator spyware vendor banned in US ALPHV ransomware gang fakes o...

CVE-2023-41992

The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, macOS Ventura 13.6. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS...

New video provides a behind-the-scenes look at Talos ransomware hunters

Welcome to this weeks edition of the Threat Source newsletter. AI-generated art is causing drama across the internet over the past few months, from Marvel TV show opening credits scenes to predatory YouTubers who claim YOU can make millions by having AI tools create childrens books for you. There...

SUSE CVE-2021-30666

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited...

Patch Now: Apple's iOS, iPadOS, macOS, and Safari Under Attack with New Zero-Day Flaw

Apple on Monday rolled out security updates for iOS, iPadOS, macOS, and Safari to address a zero-day flaw that it said has been actively exploited in the wild. Tracked as CVE-2023-23529 , the issue relates to a type confusion bug in the WebKit browser engine that could be activated when processin...

CVE-2022-42830

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13. An app with root privileges may be able to execute arbitrary code with kernel privileges...

CVE-2022-32816

The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may lead to UI spoofing...

Apple Releases iOS Patch Fixing Flaw That Led to Charlie Miller's Expulsion

Apple shipped an update to their IOS mobile platform on Thursday that included patches for a number of security vulnerabilities, including a resolution for a vulnerability that led to the expulsion of renowned security researcher, Charlie Miller, from Apple’s developer program. As reported by...