From Cybersecurity Help – Cyber Security Week in Review: April 4, 2025
In brief: New Ivanti zero-day exploited by Chinese hackers, police shut down the Kidflix CSAM platform, and more. Read More
Tag CVE-2025-24201
From The Hacker News – Apple Backports Critical Fixes for 3 Live Exploits Impacting iOS and macOS Legacy Devices
Apple on Monday backported fixes for three vulnerabilities that have come under active exploitation in the wild to older models and previous versions of the operating systems.
The vulnerabilities in question are listed below -
CVE-2025-24085 (CVSS score: 7.3) - A use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate
From Security Week – Apple Patches Recent Zero-Days in Older iPhones
[[{“value”:”Apple has released a hefty round of security updates for its desktop and mobile products, patching two recent zero-days in older iPhone models. The post Apple Patches Recent Zero-Days in Older iPhones appeared first on SecurityWeek.”}]] Read More
From Cyber Security News – Apple Warns of Three 0-Day Vulnerabilities Actively Exploited in Attacks
Apple has issued an urgent security advisory concerning three critical zero-day vulnerabilities CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085 that have been actively exploited in sophisticated attacks. These vulnerabilities affect a wide range of Apple devices, including iPhones, iPads, Macs, and other platforms.…
From Cybersecurity Help – Cyber Security Week in Review: March 14, 2025
In brief: Microsoft, Apple fix zero-days, LockBit ransomware dev extradited to the US, and more. Read More
From Cyber Security News – CISA Warns of Apple WebKit Out-of-Bounds Write Vulnerability Exploited in Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has warned about an actively exploited zero-day vulnerability in Apple’s WebKit browser engine, tracked as CVE-2025-24201. This vulnerability, an out-of-bounds write issue, could allow attackers to execute unauthorized code on vulnerable devices. The…
From Dark Reading – Apple Drops Another WebKit Zero-Day Bug
A threat actor leveraged the vulnerability in an “extremely sophisticated” attack on targeted iOS users, the company says. Read More
From Cybersecurity Help – Apple rolls out security patches to fix to exploited zero-day vulnerability in WebKit
The vulnerability could be exploited by attackers to break out of WebKit’s Web Content sandbox by using maliciously crafted web content. Read More
From Cyber Security News – Chinese Hackers New Malware Dubbed ‘Squidoor’ Attacking Global Organizations
.webp)
A sophisticated backdoor malware called “Squidoor” being deployed by suspected Chinese threat actors against organizations across South America and Southeast Asia. The malware, designed for exceptional stealth, offers attackers multiple methods to maintain persistent access to compromised networks while evading…
From Cyber Security News – Apple WebKit Zero-Day Vulnerability Actively Exploit in High Profile Cyber Attacks
Apple has released emergency security updates addressing a critical zero-day vulnerability in its WebKit browser engine, identified as CVE-2025-24201, which has been actively exploited in targeted attacks. The flaw, described as an out-of-bounds write issue, could enable attackers to craft…
From Security Week – Apple Ships iOS 18.3.2 to Fix Already-Exploited WebKit Flaw
[[{“value”:”Apple warns that the WebKIt bug “may have been exploited in an extremely sophisticated attack against specific targeted individuals.” The post Apple Ships iOS 18.3.2 to Fix Already-Exploited WebKit Flaw appeared first on SecurityWeek.”}]] Read More