CyberSecurity news

FlagThis - #apple

@The DefendOps Diaries //

Millions of Apple AirPlay Devices Hacked Remotely - Multiple critical vulnerabilities, named ‘AirBorne,’ have been discovered in Apple’s AirPlay protocol and SDK, impacting both Apple and third-party devices, allowing remote code execution and data theft; Apple has released patches, but third-party devices remain vulnerable.
Millions of Apple AirPlay-enabled devices are at risk due to the discovery of 23 critical vulnerabilities, collectively named "AirBorne." These vulnerabilities, found in Apple's AirPlay protocol and Software Development Kit (SDK), could allow attackers on the same Wi-Fi network to remotely execute code on vulnerable devices. This poses a significant threat, particularly to third-party devices that incorporate AirPlay, such as smart TVs, speakers, and CarPlay systems.

The vulnerabilities stem from flaws in Apple's implementation of the AirPlay protocol and SDK, which is used for streaming media between devices. A successful exploit could lead to zero-click or one-click remote code execution, bypassing access controls, and conducting man-in-the-middle attacks. This could enable attackers to take over devices, access sensitive files, and potentially steal data.

Apple has released patches to address the AirBorne vulnerabilities in its own products, including iPhones, iPads, MacBooks, Apple TVs, and the Vision Pro headset, however devices that use the software from third parties are still at risk. However, the potential for unpatched third-party devices to remain vulnerable for years is a major concern. Cybersecurity experts estimate that tens of millions of devices could be affected, highlighting the far-reaching impact of these newly discovered flaws.

Recommended read:
References :
  • CyberInsider: ‘AirBorne’ Flaws Expose Apple Devices to Zero-Click RCE Attacks
  • WIRED: Millions of Apple Airplay-Enabled Devices Can Be Hacked via Wi-Fi
  • BleepingComputer: Apple 'AirBorne' flaws can lead to zero-click AirPlay RCE attacks
  • www.bleepingcomputer.com: Apple 'AirBorne' flaws can lead to zero-click AirPlay RCE attacks
  • cyberinsider.com: ‘AirBorne’ Flaws Expose Apple Devices to Zero-Click RCE Attacks
  • bsky.app: Oligo security researchers have disclosed over two dozen vulnerabilities in the Apple AirPlay protocol and SDK. Collectively named AirBorne, the vulnerabilities can allow attackers on the same network to run malicious code on any Apple device that supports AirPlay.
  • BleepingComputer: A set of security vulnerabilities in Apple's AirPlay Protocol and AirPlay Software Development Kit (SDK) exposed unpatched third-party and Apple devices to various attacks, including remote code execution.
  • securityonline.info: AirBorne Exploits: Zero-Click Wormable RCE Hits Apple & IoT Devices
  • The DefendOps Diaries: Explore AirBorne vulnerabilities in Apple's AirPlay, posing zero-click RCE threats to devices, and learn about mitigation measures.
  • securityaffairs.com: AirBorne flaws can lead to fully hijack Apple devices
  • securityonline.info: AirBorne Exploits: Zero-Click Wormable RCE Hits Apple & IoT Devices
  • BleepingComputer: Mastodon mentions Flaws Expose Apple Devices to Zero-Click RCE Attacks
  • www.oligo.security: Oligo Security blog post on AirBorne vulnerability.
  • www.techradar.com: Millions of Apple AirPlay devices susceptible to 'AirBorne' zero-click RCE attacks, so patch now
  • PCMag UK security: 'AirBorne' Flaw Exposes AirPlay Devices to Hacking: How to Protect Yourself
  • Help Net Security: Vulnerabilities in Apple’s AirPlay Protocol, AirPlay Software Development Kits (SDKs), and the CarPlay Communication Plug-in could allow attackers to compromise AirPlay-enabled devices developed and sold by Apple and by other companies.
  • Blog: New Apple zero-days go ‘AirBorne’
  • bsky.app: Apple 'AirBorne' flaws can lead to zero-click AirPlay RCE attacks
  • www.helpnetsecurity.com: Airplay-enabled devices open to attack via “AirBorne†vulnerabilities
  • Blog: How to find Apple AirPlay devices on your network
  • Risky.Biz: In other news: Marks & Spencer sends staff home after ransomware attack; China accuses US of hacking cryptography provider; AirBorne vulnerabilities impact Apple's AirPlay.
  • Risky Business Media: The French government calls out Russian hacks for the first time, Marks & Spencer sends staff home after a ransomware attack, China accuses America of hacking a major cryptography provider, and AirBorne vulnerabilities impact Apple’s AirPlay.
  • Risky Business Media: Risky Business #789 -- Apple's AirPlay vulns are surprisingly awful
  • The Record: Millions of Apple Airplay-enabled devices can be hacked via Wi-Fi
  • securityaffairs.com: Vulnerabilities in Apple’s AirPlay protocol and SDK exposed Apple and third-party devices to attacks, including remote code execution. Oligo Security found serious flaws, collectively tracked as AirBorne, in Apple’s AirPlay protocol and SDK, affecting Apple and third-party devices. Attackers can exploit the vulnerabilities to perform zero-/one-click RCE, bypass ACLs, read local files, steal data, and […]
  • arstechnica.com: Millions of Apple AirPlay-Enabled Devices Can Be Hacked via Wi-Fi
  • www.scworld.com: Researchers reveal a collection of bugs known as AirBorne that would allow any hacker on the same Wi-Fi network as a third-party AirPlay-enabled device to surreptitiously run their own code on it.
  • securityaffairs.com: Vulnerabilities in Apple’s AirPlay protocol and SDK exposed Apple and third-party devices to attacks, including remote code execution. Oligo Security found serious flaws, collectively tracked as AirBorne, in Apple’s AirPlay protocol and SDK, affecting Apple and third-party devices. Attackers can exploit the vulnerabilities to perform zero-/one-click RCE, bypass ACLs, read local files, steal data, and […]
  • www.pcmag.com: Apple rolled out a fix with iOS 18.4, but third-party AirPlay-compatible devices remain exposed. Researchers at cybersecurity firm Oligo have found major vulnerabilities in Apple's AirPlay protocol that allow hackers to breach compatible devices on the same Wi-Fi network.
  • Malwarebytes: Apple AirPlay SDK devices at risk of takeover—make sure you update
  • hackread.com: Billions of Apple Devices at Risk from “AirBorne†AirPlay Vulnerabilities
  • PhoneArena - Articles: Millions of AirPlay-enabled devices are at risk of being attacked by "AirBorne" security threat
  • The Hacker News: Wormable AirPlay Flaws Enable Zero-Click RCE on Apple Devices via Public Wi-Fi
@www.bleepingcomputer.com //

Apple Patches Actively Exploited Zero-Day Vulnerabilities - Apple has patched two actively exploited zero-day vulnerabilities (CVE-2025-31200, CVE-2025-31201) in CoreAudio and RPAC, urging users to update iOS, iPadOS, macOS, tvOS, and visionOS; Google TAG reported CVE-2025-31200.
Apple has released emergency security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two zero-day vulnerabilities that have been actively exploited in "extremely sophisticated attacks." The vulnerabilities, CVE-2025-31200 and CVE-2025-31201, affect the CoreAudio and RPAC components respectively, posing significant risks to users. Apple is urging users to immediately update their devices to the latest versions to safeguard against these threats.

These vulnerabilities were actively exploited in the wild, prompting Apple to release iOS 18.4.1 and iPadOS 18.4.1. CVE-2025-31200, a memory corruption vulnerability in the CoreAudio framework, could allow code execution when processing a maliciously crafted media file. Apple addressed this with improved bounds checking. The second flaw, CVE-2025-31201, is a vulnerability in the RPAC component that could allow an attacker to bypass Pointer Authentication, and Apple resolved this by removing the vulnerable code.

The updates are available for a wide range of devices, including iPhone XS and later, iPad Pro 13-inch, iPad Pro 13.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later, as well as Macs running macOS Sequoia, Apple TV HD and Apple TV 4K (all models), and Apple Vision Pro. Apple credited both itself and Google Threat Analysis Group (TAG) for reporting CVE-2025-31200. This highlights the importance of prompt updates to mitigate potential risks.

Recommended read:
References :
  • gbhackers.com: Apple has urgently rolled out iOS 18.4.1 and iPadOS 18.4.1 to patch two zero-day vulnerabilities that were actively exploited in “extremely sophisticated†attacks aimed at specific iOS users.
  • securityaffairs.com: Apple released emergency updates to fix iOS, iPadOS & macOS vulnerabilities actively exploited in sophisticated attacks.
  • The Hacker News: Apple has released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under active exploitation in the wild.
  • www.csoonline.com: Apple is urging immediate patching of two zero-day vulnerabilities in its CoreAudio and RPAC components, citing their use in what the iPhone maker describes as “extremely sophisticated attacks.â€
  • Malwarebytes: Apple patches security vulnerabilities in iOS and iPadOS. Update now!
  • Rescana: Analysis of Apple Core Media and CoreAudio Zero-Day Vulnerabilities Impacting iOS and macOS Systems
  • Security | TechRepublic: Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks
Bill Mann@CyberInsider //

Apple Releases Security Updates Patching Zero Day Exploits - Apple released iOS 18.4, macOS Sequoia 15.4, and other updates addressing multiple vulnerabilities, including exploited zero-day flaws in WebKit and Accessibility.
References: bsky.app , CyberInsider , The Apple Post ...
Apple has released a series of critical security updates for its operating systems, including iOS 18.4 and macOS Sequoia 15.4. These updates address a total of 145 vulnerabilities, including several zero-day exploits that may have been actively exploited. Users of iOS, iPadOS, macOS, tvOS, visionOS, Safari, and Xcode are urged to update their devices immediately to safeguard against potential security threats. Notably, watchOS was missing from this patch lineup.

Apple pushed emergency updates targeting three zero-day vulnerabilities identified as CVE-2025-24200 (Accessibility) and CVE-2025-24201 (WebKit). These patches have been backported to older iOS and iPadOS versions, specifically 15.8.4 and 16.7.11, ensuring that users on older devices are also protected from these actively exploited flaws. The updates include fixes for bugs in WebKit, Siri, Safari, and libxpc, along with numerous other security enhancements, underscoring Apple's commitment to addressing security vulnerabilities across its product ecosystem.

Recommended read:
References :
  • bsky.app: EMERGENCY UPDATES Apple pushed additional updates for 3 zero-days that may have been actively exploited. CVE-2025-24200 (Accessibility) additional patches, CVE-2025-24201 (WebKit) additional patches: - iOS and iPadOS 15.8.4 - iOS and iPadOS 16.7.11
  • CyberInsider: Apple has issued a wide set of security updates, patching multiple zero-day vulnerabilities across its operating systems — including iOS, macOS, iPadOS, and Safari — and notably extended critical fixes to older software versions, addressing previously exploited flaws.
  • isc.sans.edu: Apple Patches Everything: March 31st 2025 Edition, (Mon, Mar 31st)
  • The Apple Post: Apple releases iOS 18.4 with Priority Notifications feature, Control Center updates, new emoji, more
  • bsky.app: NEW SECURITY CONTENT - macOS Sequoia 15.4 - 131 bugs fixed macOS Sonoma 14.7.5 - 91 bugs fixed macOS Ventura 13.7.5 - 85 bugs fixed iOS and iPadOS 18.4 - 62 bugs fixed visionOS 2.4 - 38 bugs fixed iPadOS 17.7.6 - 38 bugs fixed tvOS 18.4 - 36 bugs fixed
  • securityaffairs.com: Apple has backported fixes for three actively exploited vulnerabilities to older devices and OS versions. The three vulnerabilities are: Apple released the following updates: that are available for the following devices:
  • The Register - Security: Apple belatedly patches actively exploited bugs in older OSes
  • thecyberexpress.com: Apple Backports Zero-Day Patches to Older Devices in Latest Security Update
  • The Hacker News: Apple Backports Critical Fixes for 3 Live Exploits Impacting iOS and macOS Legacy Devices
Pierluigi Paganini@Security Affairs //

Apple Backports Fixes for Actively Exploited Zero Days - Apple released security updates with backported fixes for three actively exploited zero-day vulnerabilities, including one bypassing USB Restricted Mode and another affecting the WebKit engine.
Apple released a substantial set of security updates on March 31st, 2025, addressing a total of 145 vulnerabilities across its product ecosystem, including iOS, iPadOS, macOS, tvOS, visionOS, Safari, and Xcode. Notably absent from this update was watchOS. The updates included backported fixes for three actively exploited zero-day vulnerabilities, specifically targeting older iOS and iPadOS versions. These vulnerabilities had already been addressed in more recent versions a few weeks prior.

The most critical fix is for CVE-2025-24200, a vulnerability that allowed attackers to bypass USB Restricted Mode. This feature, introduced in 2018 to protect locked iDevices, could be disabled, potentially exposing user data. Another significant fix addresses CVE-2025-24201, a flaw in the WebKit engine that allowed malicious web content to escape Safari's sandbox. Additionally, macOS Ventura received a patch for CVE-2025-24085, a privilege escalation vulnerability in CoreMedia. These updates are now available for iOS versions 16.7.11 and 15.8.4, iPadOS versions 16.7.11 and 15.8.4, and macOS Ventura 13.7.5.

Recommended read:
References :
Pierluigi Paganini@Security Affairs //

Apple Patches Exploited Zero-Days for Older Devices - Apple released security updates for older iPhones and Macs, patching actively exploited zero-day vulnerabilities that could allow privilege elevation or arbitrary code execution.
Apple has released security updates to address actively exploited zero-day vulnerabilities impacting older iPhones and Macs. The patches aim to fix flaws that could allow malicious actors to elevate privileges or execute arbitrary code on affected devices. These updates address CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085, and are now available for iOS 15.8.4, iPadOS 15.8.4, iOS 16.7.11, iPadOS 16.7.11, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5.

The vulnerabilities include a use-after-free bug in the Core Media component (CVE-2025-24085), an authorization issue in the Accessibility component (CVE-2025-24200), and an out-of-bounds write issue in the WebKit component (CVE-2025-24201). Apple addressed the flaw in iOS 18.3.1, iPadOS 18.3.1, and 17.7.5, released on February 10, 2025. CVE-2025-24200 specifically allowed attackers with physical access to locked devices to disable USB Restricted Mode. Users of older devices, including iPhone 6s, iPhone 7, iPhone 8, iPhone X, iPad Air 2, and various iPad Pro models, are urged to update their systems to safeguard against potential threats.

Recommended read:
References :
MSSP Alert@MSSP feed for Latest //

Apple Addresses Critical Vulnerabilities - Apple released security updates for Safari, iOS, and macOS, addressing vulnerabilities, including an actively exploited WebKit flaw (CVE-2025-24201) that allowed attackers to bypass the Web Content sandbox, urging users to update their devices promptly.
Apple has issued critical security updates for iOS 18.3.2 and iPadOS 18.3.2, addressing a actively exploited WebKit vulnerability identified as CVE-2025-24201. This flaw allowed cybercriminals to use maliciously crafted web content to bypass the Web Content sandbox. The update is available for iPhone XS and later, multiple iPad Pro models, iPad Air (3rd generation and later) and iPad mini (5th generation and later).

Users are urged to update their devices promptly by navigating to Settings > General > Software Update. Security experts emphasize the importance of these patches, noting that failure to update leaves devices vulnerable to compromise. According to Adam Boynton, senior security strategy manager EMEIA at Jamf, keeping devices up to date is essential. He also stated that this particular flaw allowed attackers to access data in other parts of the operating system.

Recommended read:
References :
  • The DefendOps Diaries: Apple's Swift Response to WebKit Zero-Day Vulnerability: CVE-2025-24201
  • BleepingComputer: Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks
  • securityaffairs.com: Apple fixed the third actively exploited zero-day of 2025
  • CyberInsider: Apple Patches Zero-Day Flaw Used in Targeted iPhone Attacks
  • Threats | CyberScoop: Apple released emergency software patches Tuesday that address a newly identified zero-day vulnerability in the company’s WebKit web browser engine.  Tracked as CVE-2025-24201, an attacker can potentially escape the constraints of Webkit’s Web Content sandbox, potentially leading to unauthorized actions.
  • techcrunch.com: The flaw was in the browser engine WebKit, used by Safari and other apps.
  • bsky.app: Apple has released emergency security updates to patch a zero-day bug the company describes as exploited in "extremely sophisticated" attacks.
  • bsky.app: Apple has released emergency security updates to patch a zero-day bug the company describes as exploited in "extremely sophisticated" attacks.
  • infosec.exchange: NEW: Apple patched a zero-day in WebKit that “may have been exploited in an extremely sophisticated attack against specific targeted individuals.â€� This is second time, AFAICT, that Apple uses the "extremely sophisticated" phrase for a patched bug.
  • The Hacker News: Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks
  • www.csoonline.com: Apple patches zero-day bugs used in targeted iPhone attacks
  • Blog: FieldEffect blog post on apple-emergency-update-extremely-sophisticated-zero-day.
  • www.infosecurity-magazine.com: iOS 18.3.2 Patches Actively Exploited WebKit Vulnerability
  • MSSP feed for Latest: Apple Addresses Actively-Exploited Zero-Day In WebKit Browser Engine
  • Malwarebytes: Update your iPhone now: Apple patches vulnerability used in “extremely sophisticated attacksâ€�
  • SOC Prime Blog: CVE-2025-24201 Exploitation: Apple Fixes the WebKit Zero-Day Vulnerability Used in Sophisticated Attacks
  • bsky.app: Apple pushed additional updates for a zero-day that may have been actively exploited.
  • ApplSec: Apple pushed updates for a new zero-day that may have been actively exploited.
  • iThinkDifferent: iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, and visionOS 2.3.2 released with critical WebKit security fix
  • www.zdnet.com: Apple is patching a vulnerability in iPhones and iPads that could be exploited in "extremely sophisticated" attacks. The vulnerability, dubbed CVE-2025-24201, was found in , Apple's open-source framework that helps render pages in Safari, Mail, App Store, and other apps. It
  • bsky.app: 📣 EMERGENCY UPDATE 📣 Apple pushed updates for a new zero-day that may have been actively exploited. ğŸ�› CVE-2025-24201 (WebKit): - iOS and iPadOS 18.3.2 - macOS Sequoia 15.3.2 - visionOS 2.3.2 #apple #infosec
  • bsky.app: 📣 EMERGENCY UPDATE 📣 Apple pushed updates for a new zero-day that may have been actively exploited. ğŸ�› CVE-2025-24201 (WebKit): - iOS and iPadOS 18.3.2 - macOS Sequoia 15.3.2 - visionOS 2.3.2 #apple #infosec
  • Rescana: Apple Urgently Patches CVE-2025-24201 Zero-Day in iOS, iPadOS, macOS, visionOS, and Safari amid Attacks
  • PCMag UK security: Update Now: Apple Rolls Out Fix for 'Extremely Sophisticated' Zero-Day Bug
  • eWEEK: Apple addressed a zero-day vulnerability, tracked as CVE-2025-24201, that has been exploited in “extremely sophisticatedâ€� cyber attacks.
@cyberalerts.io //

New Attack Turns Apple Devices as Tracking Agents - George Mason University researchers discovered "nRootTag," an attack exploiting Apple's Find My network to track computers, smartphones, and IoT devices via Bluetooth.
References: cyberinsider.com , Dan Goodin ,
George Mason University researchers have revealed a novel attack, dubbed "nRootTag," that exploits Apple's Find My network to track computers, smartphones, and IoT devices. This method uses a device’s Bluetooth address to trick the Find My network into identifying the target device as a lost AirTag. This effectively transforms the targeted device into a covert tracking beacon, enabling hackers to monitor its location remotely.

This unauthorized "AirTag" silently transmits Bluetooth signals to nearby Apple devices, which then anonymously relay the device's location via Apple Cloud. According to the research, a stationary computer’s location could be pinpointed to within 10 feet, and a moving e-bike's route could be accurately tracked. The researchers informed Apple about the exploit in July 2024 and recommended that the company update its Find My network to better verify Bluetooth devices.

Recommended read:
References :
  • cyberinsider.com: Apple’s Find My Exploited in nRootTag Attacks for User Tracking
  • Dan Goodin: The new "nRootTag" attack that transforms phones, computers and IoT devices into AirTags that can be tracked over Apple Find My sounds newsworthy at first blush.
  • Techlore: : Researchers uncovered some nasty vulnerabilities in Apple's Find My network
@techcrunch.com //

Apple Disables iCloud End-to-End Encryption in UK - Apple stopped offering its Advanced Data Protection (ADP) feature for iCloud in the UK after the government demanded a backdoor for encrypted user data, raising concerns about user privacy.
Apple has ceased offering its Advanced Data Protection (ADP) feature for iCloud users in the United Kingdom. This decision follows a reported demand from the UK government for a backdoor that would grant authorities access to encrypted user data. ADP provided end-to-end encryption, ensuring that only the user could decrypt their data stored in iCloud. Apple confirmed that this security feature will no longer be available to new users, and existing UK users will eventually need to disable it.

Apple stated it was "gravely disappointed" that ADP protections would be unavailable in the UK, especially considering the increasing data breaches and threats to customer privacy. The company emphasized the growing need for enhanced cloud storage security with end-to-end encryption. This move highlights a conflict between government surveillance and user privacy, as security experts warn this demand could set a precedent for authoritarian countries. James Baker from Open Rights Group said, "The Home Office’s actions have deprived millions of Britons from accessing a security feature. As a result, British citizens will be at higher risk."

Recommended read:
References :
  • techcrunch.com: Apple has disabled its iCloud Advanced Data Protection feature for UK users after government demands for a backdoor.
  • securityaffairs.com: The article discusses Apple's decision to remove iCloud's Advanced Data Protection in the UK.
  • www.bleepingcomputer.com: This article discusses Apple's decision to disable the iCloud end-to-end encryption feature in the UK due to government pressure.
  • Deeplinks: The piece explains Apple's decision to disable the end-to-end encryption feature for iCloud in the UK due to the government demanding backdoor access.
  • Ars OpenForum: UK government wants access to all Apple user data worldwide
  • billatnapier.medium.com: Apple Steps Back Their Security
  • The Register - Security: Rather than add a backdoor, Apple decides to kill iCloud E2EE for UK peeps
  • The Verge: The UK will neither confirm nor deny that it’s killing encryption
info@thehackernews.com (The Hacker News)@The Hacker News //

New XCSSET Variant with Advanced Obfuscation Tactics - A new variant of XCSSET malware targeting macOS systems has been discovered, featuring enhanced obfuscation, updated persistence mechanisms, and new infection strategies.
Microsoft has uncovered a new variant of the XCSSET macOS malware, marking the first major revision since 2022. This latest version features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies. The malware is spread through infected Xcode projects, posing a significant risk to Apple developers.

The new XCSSET variant uses more randomized encoding methods, including Base64 in addition to xxd, and obfuscates module names to make analysis more difficult. The malware also employs a "dock method" where a fake Launchpad application is created, replacing the legitimate Launchpad's path in the dock, ensuring the malicious payload executes every time Launchpad is started. Microsoft advises users to inspect Xcode projects before using them and only install apps from trusted sources.

Recommended read:
References :
  • Talkback Resources: Talkback.sh article summarizing Microsoft's discovery of an advanced XCSSET malware variant for macOS.
  • The Hacker News: The Hacker News article about Microsoft uncovering a new XCSSET macOS malware variant with advanced obfuscation tactics.
  • www.bleepingcomputer.com: Microsoft spots XCSSET macOS malware variant used for crypto theft
  • Help Net Security: The XCSSET info-stealing malware is back, targeting macOS users and devs
  • securityonline.info: XCSSET Malware Returns with Enhanced Capabilities to Target macOS Users
  • www.helpnetsecurity.com: The XCSSET info-stealing malware is back, targeting macOS users and devs
  • ciso2ciso.com: Source: thehackernews.com – Author: . Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild.
  • The Register: XCSSET macOS malware returns with first new version since 2022 Known for popping zero-days of yesteryear, Microsoft puts Apple devs on high alert Microsoft says there's a new variant of XCSSET on the prowl for Mac users – the first new iteration of the malware since 2022.…
  • ciso2ciso.com: Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics – Source:thehackernews.com
  • go.theregister.com: XCSSET macOS malware returns with first new version since 2022 Known for popping zero-days of yesteryear, Microsoft puts Apple devs on high alert Microsoft says there's a new variant of XCSSET on the prowl for Mac users – the first new iteration of the malware since 2022.…
  • BleepingComputer: Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics
  • securityaffairs.com: New XCSSET macOS malware variant used in limited attacks
@Full Disclosure //

Apple Patches Actively Exploited Zero-Day Vulnerability - Apple released security updates (iOS 18.3.1 and iPadOS 18.3.1) to address a vulnerability that could allow a physical attack to disable USB Restricted Mode on a locked device.
Apple has released security updates, iOS 18.3.1 and iPadOS 18.3.1, to address a vulnerability in USB Restricted Mode. The company warns that this flaw "may have been exploited in an extremely sophisticated attack against specific targeted individuals." This unusually strong language from Apple suggests the seriousness of the threat, as they typically use more reserved terms when describing exploited vulnerabilities. Security researcher Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School reported the flaw.

The vulnerability, identified as CVE-2025-24200, allows a physical attack to disable USB Restricted Mode on a locked device. USB Restricted Mode is a security feature introduced in iOS 11.4.1 that prevents USB accessories from accessing a device's data if it hasn't been unlocked for an hour. The new updates patch this flaw, preventing attackers from turning off the security feature. Users are advised to update their devices to iOS 18.3.1, iPadOS 18.3.1 or iPadOS 17.7.5 to mitigate the risk.

Recommended read:
References :

Posts

Blogs

Research Tools