CVE-2024-23225: A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey…

CVE-2024-23225 [HIGH] CVE-2024-23225: visionOS 1.1 Apple Security Update: About the security content of visionOS 1.1 Product: visionOS Version: 1.1 CVE: CVE-2024-23225 Component: CVE-2024-23225

CVE-2024-23201 [MEDIUM] CVE-2024-23201: macOS Ventura 13.6.5 Apple Security Update: About the security content of macOS Ventura 13.6.5 Product: macOS Ventura Version: 13.6.5 CVE: CVE-2024-23201 Component: CVE-2024-23225 Impact: An app may be able to cause a denial-of-service Description: A permissions issue was addressed with additional restrictions.

CVE-2024-23225 [HIGH] CVE-2024-23225: macOS Monterey 12.7.4 Apple Security Update: About the security content of macOS Monterey 12.7.4 Product: macOS Monterey Version: 12.7.4 CVE: CVE-2024-23225 Component: CVE-2024-23225 Impact: An app may be able to cause a denial-of-service Description: A permissions issue was addressed with additional restrictions.

CVE-2024-0258 [HIGH] CVE-2024-0258: watchOS 10.4 Apple Security Update: About the security content of watchOS 10.4 Product: watchOS Version: 10.4 CVE: CVE-2024-0258 Component: CVE-2024-23225 Impact: An app may be able to break out of its sandbox Description: The issue was addressed with improved checks.

CVE-2024-23278 [HIGH] CVE-2024-23278: macOS Ventura 13.6.5 Apple Security Update: About the security content of macOS Ventura 13.6.5 Product: macOS Ventura Version: 13.6.5 CVE: CVE-2024-23278 Component: CVE-2024-23225 Impact: An app may be able to cause a denial-of-service Description: A permissions issue was addressed with additional restrictions.

CVE-2024-23201 [MEDIUM] CVE-2024-23201: macOS Monterey 12.7.4 Apple Security Update: About the security content of macOS Monterey 12.7.4 Product: macOS Monterey Version: 12.7.4 CVE: CVE-2024-23201 Component: CVE-2024-23225 Impact: An app may be able to cause a denial-of-service Description: A permissions issue was addressed with additional restrictions.

CVE-2024-0258 [HIGH] CVE-2024-0258: macOS Sonoma 14.4 Apple Security Update: About the security content of macOS Sonoma 14.4 Product: macOS Sonoma Version: 14.4 CVE: CVE-2024-0258 Component: CVE-2024-23225 Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks.

CVE-2024-23225 [HIGH] CVE-2024-23225: macOS Sonoma 14.4 Apple Security Update: About the security content of macOS Sonoma 14.4 Product: macOS Sonoma Version: 14.4 CVE: CVE-2024-23225 Component: CVE-2024-23225 Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks.

CVE-2024-27853 [HIGH] CVE-2024-27853: macOS Sonoma 14.4 Apple Security Update: About the security content of macOS Sonoma 14.4 Product: macOS Sonoma Version: 14.4 CVE: CVE-2024-27853 Component: CVE-2024-23225 Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks.

CVE-2024-23278 [HIGH] CVE-2024-23278: macOS Sonoma 14.4 Apple Security Update: About the security content of macOS Sonoma 14.4 Product: macOS Sonoma Version: 14.4 CVE: CVE-2024-23278 Component: CVE-2024-23225 Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks.

CVE-2024-23225 [HIGH] CVE-2024-23225: tvOS 17.4 Apple Security Update: About the security content of tvOS 17.4 Product: tvOS Version: 17.4 CVE: CVE-2024-23225 Component: CVE-2024-23225 Impact: An app may be able to break out of its sandbox Description: The issue was addressed with improved checks.

CVE-2024-23278 [HIGH] CVE-2024-23278: watchOS 10.4 Apple Security Update: About the security content of watchOS 10.4 Product: watchOS Version: 10.4 CVE: CVE-2024-23278 Component: CVE-2024-23225 Impact: An app may be able to break out of its sandbox Description: The issue was addressed with improved checks.

CVE-2024-23225 [HIGH] CVE-2024-23225: watchOS 10.4 Apple Security Update: About the security content of watchOS 10.4 Product: watchOS Version: 10.4 CVE: CVE-2024-23225 Component: CVE-2024-23225 Impact: An app may be able to break out of its sandbox Description: The issue was addressed with improved checks.

CVE-2024-23278 [HIGH] CVE-2024-23278: tvOS 17.4 Apple Security Update: About the security content of tvOS 17.4 Product: tvOS Version: 17.4 CVE: CVE-2024-23278 Component: CVE-2024-23225 Impact: An app may be able to break out of its sandbox Description: The issue was addressed with improved checks.

CVE-2024-0258 [HIGH] CVE-2024-0258: tvOS 17.4 Apple Security Update: About the security content of tvOS 17.4 Product: tvOS Version: 17.4 CVE: CVE-2024-0258 Component: CVE-2024-23225 Impact: An app may be able to break out of its sandbox Description: The issue was addressed with improved checks.

CVE-2024-23225 [HIGH] CVE-2024-23225: macOS Ventura 13.6.5 Apple Security Update: About the security content of macOS Ventura 13.6.5 Product: macOS Ventura Version: 13.6.5 CVE: CVE-2024-23225 Component: CVE-2024-23225 Impact: An app may be able to cause a denial-of-service Description: A permissions issue was addressed with additional restrictions.

CVE-2024-23225 [HIGH] CWE-787 Apple Multiple Products Memory Corruption Vulnerability Vulnerability: Apple Multiple Products Memory Corruption Vulnerability Affected: Apple Multiple Products Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Notes: https://support.apple.com/en-us/HT214081, https://support.apple.com/en-us/HT214082, https://support.apple.com/en-us/HT214083, https://support.apple.com/en-us/HT214084, https://support.apple.com/en-us/HT214085, https://support.apple.com/en-us/HT214086, https://support.apple.com/en-us/HT214087, https://support.apple.com/en-us/HT214088 ; https://nvd

CVE-2024-23225 [HIGH] CVE-2024-23225: iOS 17.4 and iPadOS 17.4 Apple Security Update: About the security content of iOS 17.4 and iPadOS 17.4 Product: iOS 17.4 and iPadOS Version: 17.4 CVE: CVE-2024-23225 Component: CVE-2024-23225

CVE-2024-23225 [HIGH] CVE-2024-23225: iOS 16.7.6 and iPadOS 16.7.6 Apple Security Update: About the security content of iOS 16.7.6 and iPadOS 16.7.6 Product: iOS 16.7.6 and iPadOS Version: 16.7.6 CVE: CVE-2024-23225 Component: CVE-2024-23225

CVE-2024-23225 [HIGH] CWE-787 GHSA-7r4v-4jv2-pj5p: A memory corruption issue was addressed with improved validation A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.

CVE-2024-23225 [HIGH] CWE-787 Apple Multiple Products Memory Corruption Vulnerability Apple Multiple Products Memory Corruption Vulnerability Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. Affected: Apple Multiple Products Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://support.apple.com/en-us/HT214081; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://ti.qianxin.com/uploads/2024/08/19/2274f632f6a1d8acd2f1801c24887edb.pdf; https://securelist.com/ksb-apt-predictions-2025

Advanced threat predictions for 2025 Table of Contents Review of last year’s predictions The rise of creative exploits for mobile, wearables and smart devices Building new botnets with consumer and corporate software and appliances Barriers to kernel-level code execution increasingly evaded (kernel rootkits hot again) Growth in cyberattacks by state-sponsored actors Hacktivism in cyber-warfare: the new normal in geopolitical conflicts Supply chain attacks as a service: operators bulk-buying access Spear-phishing to expand with accessible generative AI Emergence of more groups offering hack-for-hire services MFT systems at the forefront of cyberthreats APT predictions for 2025 Hacktivist alliances to escalate in 2025 The IoT to become a growing attack vector for APTs in 2025 Increasing supply chain attacks on ope

[HIGH] Advanced threat predictions for 2025 Table of Contents - Review of last year’s predictions - APT predictions for 2025 Authors - Igor Kuznetsov - Giampaolo Dedola - Georgy Kucherin - Maher Yamout - Vasily Berdnikov - Isabel Manjarrez - Ilya Savelyev - Joao Godinho We at Kaspersky’s Global Research and Analysis Team monitor over 900 APT (advanced persistent threat) groups and operations. At the end of each year, we take a step back to assess the most complex and sophisticated attacks that have shaped the threat landscape. These insights enable us to anticipate emerging trends and build a clearer picture of what the APT landscape may look like in the year ahead. In this article in the KSB series, we review the trends of the past year, reflect on the predictions we made for 2024, and offer insights into what we can expect in

CVE-2024-23296 [MEDIUM] Apple backports fix for zero-day exploited in attacks to older iPhones ## Apple backports fix for zero-day exploited in attacks to older iPhones ## Sergiu Gatlan On March 5th, the company addressed the zero-day vulnerability (tracked as CVE-2024-23296) for newer iPhone, iPad, and Mac models. Today, Apple backported the March security updates to address this security flaw on iOS 16.7.8, iPadOS 16.7.8 , and macOS Ventura 13.6.7 with improved input validation. The list of devices patched today includes iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation. ## Three zero-days exploited in attacks patched in 2024 Apple has yet to disclose who disclosed the zero-day or whether it was discovered internally, and it has provided no information on the nature of the attacks exploiting it in the wild. Even

[HIGH] Patch Tuesday, March 2024 Edition Apple and Microsoft recently released software updates to fix dozens of security holes in their operating systems. Microsoft today patched at least 60 vulnerabilities in its Windows OS. Meanwhile, Apple’s new macOS Sonoma addresses at least 68 security weaknesses, and its latest update for iOS fixes two zero-day flaws. Last week, Apple pushed out an urgent software update to its flagship iOS platform, warning that there were at least two zero-day exploits for vulnerabilities being used in the wild (CVE-2024-23225 and CVE-2024-23296). The security updates are available in iOS 17.4, iPadOS 17.4, and iOS 16.7.6. Apple’s macOS Sonoma 14.4 Security Update addresses dozens of security issues. Jason Kitka, chief information security officer at Automox, said the vulnerabilities patched in this u

[HIGH] Patch Tuesday, March 2024 Edition Apple and Microsoft recently released software updates to fix dozens of security holes in their operating systems. Microsoft today patched at least 60 vulnerabilities in its Windows OS . Meanwhile, Apple’s new macOS Sonoma addresses at least 68 security weaknesses, and its latest update for iOS fixes two zero-day flaws. Last week, Apple pushed out an urgent software update to its flagship iOS platform, warning that there were at least two zero-day exploits for vulnerabilities being used in the wild (CVE-2024-23225 and CVE-2024-23296). The security updates are available in iOS 17.4 , iPadOS 17.4 , and iOS 16.7.6 . Apple’s macOS Sonoma 14.4 Security Update addresses dozens of security issues. Jason Kitka , chief information security officer at Automox , said the vulnerabilities patched in