Found 7 bookmarks
Newest
Apple fixes zero-day vulnerability exploited in "extremely sophisticated attack" (CVE-2025-43300)
Apple fixes zero-day vulnerability exploited in "extremely sophisticated attack" (CVE-2025-43300)
helpnetsecurity.com 20.08.2025 - Apple has fixed yet another vulnerability (CVE-2025-43300) that has apparently been exploited as a zero-day in targeted attacks. CVE-2025-43300 is an out-of-bounds write issue that could be triggered by a vulnerable device processing a malicious image file, leading to exploitable memory corruption. The vulnerability affects the Image I/O framework used by Apple’s iOS and macOS operating systems. Apple has fixed this flaw with improved bounds checking in: iOS 18.6.2 and iPadOS 18.6.2 iPadOS 17.7.10 macOS Sequoia 15.6.1 macOS Sonoma 14.7.8 macOS Ventura 13.7.8 With Apple claiming the discovery of the vulnerability, it’s unlikely that we will soon find out who is/was leveraging it and for what. But even though these attacks were apparently limited to targeting specific individuals – which likely means that the goal was to delivery spyware – all users would do well to upgrade their iDevices as soon as possible.
#helpnetsecurity.com#EN#2025#Apple#0-day#CVE-2025-43300#iOS18.6.2
·helpnetsecurity.com·
Apple fixes zero-day vulnerability exploited in "extremely sophisticated attack" (CVE-2025-43300)
Apple Drops Another WebKit Zero-Day Bug
Apple Drops Another WebKit Zero-Day Bug
For the third time in as many months, Apple has released an emergency patch to fix an already exploited zero-day vulnerability impacting a wide range of its products. The new vulnerability, identified as CVE-2025-24201, exists in Apple's WebKit open source browser engine for rendering Web pages in Safari and other apps across macOS, iOS, and iPadOS. WebKit is a frequent target for attackers because of how deeply integrated it is with Apple's ecosystem.
#darkreading#EN#2025#CVE-2025-24201spyware#Apple#vulnerability#0-day#WebKit
·darkreading.com·
Apple Drops Another WebKit Zero-Day Bug
New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware
New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware
The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023. "The targeting took place after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections," the Citizen Lab said, attributing the attack with high confidence to the Egyptian government owing to it being a known customer of the commercial spying tool.
#thehackernews#EN#2023#0-day#0-days#Predator#Egypt#Apple#CitizenLab#CVE-2023-41991#CVE-2023-41992#CVE-2023-41993
·thehackernews.com·
New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware
Project Zero: An Autopsy on a Zombie In-the-Wild 0-day
Project Zero: An Autopsy on a Zombie In-the-Wild 0-day
Whenever there’s a new in-the-wild 0-day disclosed, I’m very interested in understanding the root cause of the bug. This allows us to then understand if it was fully fixed, look for variants, and brainstorm new mitigations. This blog is the story of a “zombie” Safari 0-day and how it came back from the dead to be disclosed as exploited in-the-wild in 2022. CVE-2022-22620 was initially fixed in 2013, reintroduced in 2016, and then disclosed as exploited in-the-wild in 2022. If you’re interested in the full root cause analysis for CVE-2022-22620, we’ve published it here.
#googleprojectzero#EN#2022#0-day#Safari#CVE-2022-22620#Apple
·googleprojectzero.blogspot.com·
Project Zero: An Autopsy on a Zombie In-the-Wild 0-day
Project Zero: An Autopsy on a Zombie In-the-Wild 0-day
Project Zero: An Autopsy on a Zombie In-the-Wild 0-day
Whenever there’s a new in-the-wild 0-day disclosed, I’m very interested in understanding the root cause of the bug. This allows us to then understand if it was fully fixed, look for variants, and brainstorm new mitigations. This blog is the story of a “zombie” Safari 0-day and how it came back from the dead to be disclosed as exploited in-the-wild in 2022. CVE-2022-22620 was initially fixed in 2013, reintroduced in 2016, and then disclosed as exploited in-the-wild in 2022. If you’re interested in the full root cause analysis for CVE-2022-22620, we’ve published it here.
#googleprojectzero#EN#2022#0-day#Safari#CVE-2022-22620#Apple
·googleprojectzero.blogspot.com·
Project Zero: An Autopsy on a Zombie In-the-Wild 0-day
Project Zero: An Autopsy on a Zombie In-the-Wild 0-day
Project Zero: An Autopsy on a Zombie In-the-Wild 0-day
Whenever there’s a new in-the-wild 0-day disclosed, I’m very interested in understanding the root cause of the bug. This allows us to then understand if it was fully fixed, look for variants, and brainstorm new mitigations. This blog is the story of a “zombie” Safari 0-day and how it came back from the dead to be disclosed as exploited in-the-wild in 2022. CVE-2022-22620 was initially fixed in 2013, reintroduced in 2016, and then disclosed as exploited in-the-wild in 2022. If you’re interested in the full root cause analysis for CVE-2022-22620, we’ve published it here.
#googleprojectzero#EN#2022#0-day#Safari#CVE-2022-22620#Apple
·googleprojectzero.blogspot.com·
Project Zero: An Autopsy on a Zombie In-the-Wild 0-day