12 matches found
CVE-2026-20700
CVE-2026-20700 is a memory corruption issue in dyld that Apple fixed in macOS Tahoe 26.3, iOS 26.3/iPadOS 26.3, tvOS 26.3, visionOS 26.3, and watchOS 26.3. An attacker with memory write capability could potentially execute arbitrary code; this may have been exploited in a targeted attack on earli...
EUVD-2025-18428
Malicious code in bioql PyPI...
EUVD-2025-6302
Malicious code in bioql PyPI...
Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack
Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild. The vulnerability in question is CVE-2025-43300 CVSS score: 8.8, an out-of-bounds write issue in the ImageIO component that could result in memory corruption when processing a...
CVE-2025-31201
This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that...
CVE-2025-24201
An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.2 and iPadOS 18.3.2, iPadOS 17.7.6, macOS Sequoia 15.3.2, visionOS 2.3.2, watchOS 11.4...
CVE-2025-24200
An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report...
CVE-2025-24200
An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely...
CISA Releases Best Practice Guidance for Mobile Communications
Today, CISA released Mobile Communications Best Practice Guidance. The guidance was crafted in response to identified cyber espionage activity by People’s Republic of China PRC government-affiliated threat actors targeting commercial telecommunications infrastructure, specifically addressing...
What is commercial spyware?
Weve talked quite a bit about spyware recently, with very good reason. Recently, concerns have grown regarding the rapid growth of commercial spyware tools, and the way in which they are being used against their intended victims. This Need to Know article talk about the broader effects of spyware...
WhatsApp flaw lets hackers install spyware on iOS & Android devices
By Ryan De Souza It is unclear whether the WhatsApp vulnerability has been exploited or how many victims have been targeted. WhatsApp is used by roughly 1.5 billion people around the world, and the presence of a security hole that can be exploited for conducting spying on targeted individuals is...
New Timing Attack Could De-Anonymize Google Users
A new timing attack has been disclosed that could de-anonymize Google users under particular conditions. Google acknowledged the issue to researcher Andrew Cantino, the vice president of engineering at Mavenlink, but told him it would not address the issue because the risk is low. “I agree that...