@Open Source Security
//
A heap buffer overflow vulnerability, identified as CVE-2024-56406, has been discovered in Perl versions 5.34, 5.36, 5.38, and 5.40. This flaw occurs when the "tr" operator transliterates non-ASCII bytes, potentially leading to denial-of-service (DoS) conditions or, in some cases, arbitrary code execution. The vulnerability was introduced in a commit affecting versions 5.33.1 to 5.41.10. The issue can be triggered by a specially crafted Perl command, potentially causing a segmentation fault and system crash.
The vulnerability, discovered by Nathan Mills, resides in the `S_do_trans_invmap()` function, which can overflow the destination pointer "d" when non-ASCII characters are present on the left-hand side of the "tr" operator. Exploitation of this flaw could allow attackers to crash Perl-based applications or systems, making it a potent denial of service vector. This is especially concerning for shared hosting environments, server-side Perl scripts handling untrusted input, and legacy systems with weak memory protection models.
To mitigate this vulnerability, users are strongly advised to update their Perl installations to versions 5.40.2 or 5.38.4, which contain the necessary patches. Ubuntu users can update their systems to the following package versions: perl-5.38.2-5ubuntu0.1 for Ubuntu 24.10, perl-5.38.2-3.2ubuntu0.1 for Ubuntu 24.04, and perl-5.34.0-3ubuntu1.4 for Ubuntu 22.04. The fix is essentially a revert of the commit that introduced the bug. A standard system update should address the issue for most users.
Recommended read:
References :
- Open Source Security: CVE-2024-56406: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes
- securityonline.info: CVE-2024-56406: Heap Overflow Vulnerability in Perl Threatens Denial of Service and Potential Code Execution
- securityonline.info: CVE-2024-56406: Heap Overflow Vulnerability in Perl Threatens Denial of Service and Potential Code Execution
- Ubuntu security notices: USN-7434-1: Perl vulnerability
Bill Mann@CyberInsider
//
Apple has released a series of critical security updates for its operating systems, including iOS 18.4 and macOS Sequoia 15.4. These updates address a total of 145 vulnerabilities, including several zero-day exploits that may have been actively exploited. Users of iOS, iPadOS, macOS, tvOS, visionOS, Safari, and Xcode are urged to update their devices immediately to safeguard against potential security threats. Notably, watchOS was missing from this patch lineup.
Apple pushed emergency updates targeting three zero-day vulnerabilities identified as CVE-2025-24200 (Accessibility) and CVE-2025-24201 (WebKit). These patches have been backported to older iOS and iPadOS versions, specifically 15.8.4 and 16.7.11, ensuring that users on older devices are also protected from these actively exploited flaws. The updates include fixes for bugs in WebKit, Siri, Safari, and libxpc, along with numerous other security enhancements, underscoring Apple's commitment to addressing security vulnerabilities across its product ecosystem.
Recommended read:
References :
- bsky.app: EMERGENCY UPDATES Apple pushed additional updates for 3 zero-days that may have been actively exploited. CVE-2025-24200 (Accessibility) additional patches, CVE-2025-24201 (WebKit) additional patches: - iOS and iPadOS 15.8.4 - iOS and iPadOS 16.7.11
- CyberInsider: Apple has issued a wide set of security updates, patching multiple zero-day vulnerabilities across its operating systems — including iOS, macOS, iPadOS, and Safari — and notably extended critical fixes to older software versions, addressing previously exploited flaws.
- isc.sans.edu: Apple Patches Everything: March 31st 2025 Edition, (Mon, Mar 31st)
- The Apple Post: Apple releases iOS 18.4 with Priority Notifications feature, Control Center updates, new emoji, more
- bsky.app: NEW SECURITY CONTENT - macOS Sequoia 15.4 - 131 bugs fixed macOS Sonoma 14.7.5 - 91 bugs fixed macOS Ventura 13.7.5 - 85 bugs fixed iOS and iPadOS 18.4 - 62 bugs fixed visionOS 2.4 - 38 bugs fixed iPadOS 17.7.6 - 38 bugs fixed tvOS 18.4 - 36 bugs fixed
- securityaffairs.com: Apple has backported fixes for three actively exploited vulnerabilities to older devices and OS versions. The three vulnerabilities are: Apple released the following updates: that are available for the following devices:
- The Register - Security: Apple belatedly patches actively exploited bugs in older OSes
- thecyberexpress.com: Apple Backports Zero-Day Patches to Older Devices in Latest Security Update
- The Hacker News: Apple Backports Critical Fixes for 3 Live Exploits Impacting iOS and macOS Legacy Devices
do son@Daily CyberSecurity
//
A use-after-free vulnerability, tracked as CVE-2025-30232, has been discovered in the Exim mail transfer agent (MTA), a popular choice for Unix systems. The vulnerability affects Exim versions 4.96 through 4.98.1 and could allow attackers with command-line access to escalate privileges on affected systems. This could potentially lead to unauthorized access to system resources and the execution of arbitrary commands with elevated privileges, compromising the entire server.
It's crucial that systems run one of the vulnerable versions (4.96, 4.97, 4.98, or 4.98.1) and that the attacker has command-line access for exploitation. The Exim project has already released a patch in version 4.98.2 to address this flaw. System administrators are strongly advised to update to this latest version as soon as possible. The vulnerability was reported to Exim on March 13, 2025, by Trend Micro, with a security release made available to distribution maintainers on March 21 and public notification on March 25.
Recommended read:
Sergiu Gatlan@BleepingComputer
//
Google has released a critical security update for its Chrome browser to address a high-severity zero-day vulnerability, identified as CVE-2025-2783. This vulnerability was actively exploited in a sophisticated espionage campaign targeting Russian organizations, specifically media companies, educational institutions, and government entities. According to Kaspersky, the vulnerability allowed attackers to bypass Chrome’s sandbox protections, gaining unauthorized access to affected systems without requiring further user interaction. This incident marks the first actively exploited Chrome zero-day since the start of the year, underscoring the persistent threat landscape faced by internet users.
Kaspersky's investigation, dubbed "Operation ForumTroll," revealed that the attacks were initiated through personalized phishing emails disguised as invitations to the "Primakov Readings" forum. Clicking the malicious link led victims to a compromised website that immediately exploited the zero-day vulnerability. The technical sophistication of the exploit chain points to a highly skilled Advanced Persistent Threat (APT) group. Google urges users to update their Chrome browsers immediately to version 134.0.6998.177/.178 for Windows to mitigate the risk.
Recommended read:
References :
- cyberinsider.com: Google has released a security update for Chrome to address a high-severity zero-day vulnerability that was actively exploited in a sophisticated espionage campaign targeting Russian organizations.
- thehackernews.com: Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
- securityaffairs.com: Google fixed the first actively exploited Chrome zero-day since the start of the year
- techcrunch.com: Google fixes Chrome zero-day security flaw used in hacking campaign targeting journalists
- thecyberexpress.com: Google has rolled out a new security update for Chrome users, following the discovery of a vulnerability, CVE-2025-2783, affecting the Windows version of the browser.
- The DefendOps Diaries: Google Chrome Vulnerability CVE-2025-2783: A Closer Look
- Cybernews: Google has patched a dangerous zero-day vulnerability that has already been exploited by sophisticated threat actors in the wild
- Zack Whittaker: New: Google has fixed a zero-day bug in Chrome that was being actively exploited as part of a hacking campaign. Kaspersky says the bug was exploited to target journalists and employees at educational institutions.
- Kaspersky official blog: Kaspersky’s GReAT experts have discovered the Operation ForumTroll APT attack, which used a zero-day vulnerability in Google Chrome.
- bsky.app: Google has fixed a high-severity Chrome zero-day vulnerability exploited to escape the browser's sandbox and deploy malware in espionage attacks targeting Russian organizations.
- Cyber Security News: Operation ForumTroll: APT Hackers Use Chrome Zero-Day to Evade Sandbox Protections.
- www.bleepingcomputer.com: Google has released out-of-band fixes to address a high-severity security flaw in Chrome browser for Windows that has been actively exploited.
- Help Net Security: Help Net Security: Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783)
- securityonline.info: CVE-2025-2783: Chrome Zero-Day Exploited in State-Sponsored Espionage Campaign
- MSSP feed for Latest: Google remediated the high-severity Chrome for Windows zero-day vulnerability.
- The Register - Security: After Chrome patches zero-day used to target Russians, Firefox splats similar bug
- thecyberexpress.com: CISA Issues Urgent Security Alerts: Critical Vulnerabilities in Schneider Electric, Chrome, and Sitecore
- PCMag UK security: Details about Firefox also being affected by Chrome zero-day flaw
- CyberInsider: Firefox Says It’s Vulnerable to Chrome’s Zero-Day Used in Espionage Attacks
- iHLS: Google Patches Dangerous Zero-Day Flaw in Chrome
- PCMag UK security: Time to Patch: Google Chrome Flaw Used to Spread Spyware
- MSPoweruser: Google patches a Chrome zero-day vulnerability used in espionage
- The Hacker News: Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day.
- Blog: Mozilla has released updates to fix a critical security flaw in its Firefox browser for Windows. The vulnerability, designated CVE-2025-2857, stems from improper handling within the browser's inter-process communication (IPC) code, which could allow a compromised child process to gain elevated privileges by manipulating the parent process into returning a powerful handle, potentially leading to sandbox escape.
- techcrunch.com: Mozilla patches Firefox bug ‘exploited in the wild,’ similar to bug attacking Chrome
- securityaffairs.com: Google addressed a critical vulnerability, tracked as CVE-2025-2783, impacting its Chrome browser for Windows.
- securityaffairs.com: U.S. CISA adds Google Chromium Mojo flaw to its Known Exploited Vulnerabilities catalog
- www.scworld.com: Mozilla Patches Firefox Bug Exploited in the Wild, Similar to Chrome Zero-Day
- OODAloop: Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia
- bsky.app: Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that has been exploited in the wild as part of attacks targeting organizations in Russia.
Bill Toulas@BleepingComputer
//
GitLab has released critical security updates for versions 17.9.2, 17.8.5, and 17.7.7 of both its Community Edition (CE) and Enterprise Edition (EE) to address multiple vulnerabilities. The updates are aimed at rectifying authentication bypass risks and a Remote Code Execution (RCE) threat. Users with self-managed GitLab installations are strongly encouraged to upgrade immediately to one of these patched versions to mitigate potential exploits. GitLab.com is already running the patched version, and GitLab Dedicated customers will be notified once their instances have been updated.
Patches address critical vulnerabilities, most notably authentication bypasses in the SAML single sign-on (SSO) authentication mechanism. Specifically, CVE-2025-25291 and CVE-2025-25292 involve authentication bypass issues in the SAML SSO mechanism due to discrepancies in XML parsing within the ruby-saml library. The vulnerability could allow an attacker with a valid signed SAML document to authenticate as another user. Mitigation includes enabling two-factor authentication, disabling SAML two-factor bypass, and mandating admin approval for new users. Another significant high-severity vulnerability, CVE-2025-27407, involves remote code execution via the Ruby graphql library when transferring a malicious project.
Recommended read:
References :
- Security Risk Advisors: GitLab Releases Critical Patches for Multiple Vulnerabilities in Versions 17.9.2, 17.8.5, and 17.7.7
- securityaffairs.com: GitLab addressed critical auth bypass flaws in CE and EE
- socradar.io: GitLab Security Update: Critical Authentication & RCE Flaws Demand Immediate Action
- BleepingComputer: GitLab patches critical authentication bypass vulnerabilities
- Rescana: Comprehensive Report on GitLab Security Updates: Critical Vulnerability Mitigations for Versions 17.9.2, 17.8.5, and 17.7.7
Bill Toulas@BleepingComputer
//
GitLab has released critical security updates to address multiple vulnerabilities in its Community Edition (CE) and Enterprise Edition (EE) platforms. The updates, included in versions 17.9.2, 17.8.5, and 17.7.7, fix nine vulnerabilities. Two of these are critical authentication bypass flaws (CVE-2025-25291 and CVE-2025-25292) within the ruby-saml library, used when SAML SSO authentication is enabled at the instance or group level. GitLab has already patched GitLab.com and will update GitLab Dedicated customers, but self-managed installations require immediate manual updates.
Exploitation of these flaws could allow attackers with access to a legitimate signed SAML document from an identity provider to impersonate any valid user, potentially leading to unauthorized access to sensitive repositories and data breaches. The issue stems from differences in XML parsing between REXML and Nokogiri. GitLab strongly advises all affected installations to upgrade to the latest versions as soon as possible to mitigate potential risks. Other vulnerabilities that were addressed are CVE-2025-27407, a high severity Ruby graphql vulnerability.
Recommended read:
References :
- Security Risk Advisors: GitLab Releases Critical Patches for Multiple Vulnerabilities in Versions 17.9.2, 17.8.5, and 17.7.7
- securityaffairs.com: SecurityAffairs article on GitLab addressed critical flaws in CE and EE
- socradar.io: SocRadar article on GitLab Security Update: Critical Authentication & RCE Flaws Demand Immediate Action
- The DefendOps Diaries: GitLab's Critical Vulnerability Fixes: What You Need to Know
- BleepingComputer: GitLab patches critical authentication bypass vulnerabilities
- Rescana: Rescana Cybersecurity Report on GitLab Security Updates: Critical Vulnerability Mitigations for Versions 17.9.2, 17.8.5, and 17.7.7
- securityonline.info: GitLab urgently patches critical authentication bypass flaws – CVE-2025-25291 & CVE-2025-25292
- www.scworld.com: Account hijacking possible with ruby-saml library bugs
- bsky.app: GitHub's security team has discovered a combo of two bugs in the Ruby-SAML library that can be used to bypass authentication in apps that use the library.
- gbhackers.com: Critical ruby-saml Vulnerabilities Allow Attackers to Bypass Authentication
MSSP Alert@MSSP feed for Latest
//
Apple has issued critical security updates for iOS 18.3.2 and iPadOS 18.3.2, addressing a actively exploited WebKit vulnerability identified as CVE-2025-24201. This flaw allowed cybercriminals to use maliciously crafted web content to bypass the Web Content sandbox. The update is available for iPhone XS and later, multiple iPad Pro models, iPad Air (3rd generation and later) and iPad mini (5th generation and later).
Users are urged to update their devices promptly by navigating to Settings > General > Software Update. Security experts emphasize the importance of these patches, noting that failure to update leaves devices vulnerable to compromise. According to Adam Boynton, senior security strategy manager EMEIA at Jamf, keeping devices up to date is essential. He also stated that this particular flaw allowed attackers to access data in other parts of the operating system.
Recommended read:
References :
- The DefendOps Diaries: Apple's Swift Response to WebKit Zero-Day Vulnerability: CVE-2025-24201
- BleepingComputer: Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks
- securityaffairs.com: Apple fixed the third actively exploited zero-day of 2025
- CyberInsider: Apple Patches Zero-Day Flaw Used in Targeted iPhone Attacks
- Threats | CyberScoop: Apple released emergency software patches Tuesday that address a newly identified zero-day vulnerability in the company’s WebKit web browser engine. Tracked as CVE-2025-24201, an attacker can potentially escape the constraints of Webkit’s Web Content sandbox, potentially leading to unauthorized actions.
- techcrunch.com: The flaw was in the browser engine WebKit, used by Safari and other apps.
- bsky.app: Apple has released emergency security updates to patch a zero-day bug the company describes as exploited in "extremely sophisticated" attacks.
- bsky.app: Apple has released emergency security updates to patch a zero-day bug the company describes as exploited in "extremely sophisticated" attacks.
- infosec.exchange: NEW: Apple patched a zero-day in WebKit that “may have been exploited in an extremely sophisticated attack against specific targeted individuals.� This is second time, AFAICT, that Apple uses the "extremely sophisticated" phrase for a patched bug.
- The Hacker News: Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks
- CSO Online: Apple patches zero-day bugs used in targeted iPhone attacks
- Blog: FieldEffect blog post on apple-emergency-update-extremely-sophisticated-zero-day.
- www.infosecurity-magazine.com: iOS 18.3.2 Patches Actively Exploited WebKit Vulnerability
- MSSP feed for Latest: Apple Addresses Actively-Exploited Zero-Day In WebKit Browser Engine
- Malwarebytes: Update your iPhone now: Apple patches vulnerability used in “extremely sophisticated attacks�
- SOC Prime Blog: CVE-2025-24201 Exploitation: Apple Fixes the WebKit Zero-Day Vulnerability Used in Sophisticated Attacks
- bsky.app: Apple pushed additional updates for a zero-day that may have been actively exploited.
- ApplSec: Apple pushed updates for a new zero-day that may have been actively exploited.
- iThinkDifferent: iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, and visionOS 2.3.2 released with critical WebKit security fix
- www.zdnet.com: Apple is patching a vulnerability in iPhones and iPads that could be exploited in "extremely sophisticated" attacks. The vulnerability, dubbed CVE-2025-24201, was found in , Apple's open-source framework that helps render pages in Safari, Mail, App Store, and other apps. It
- bsky.app: 📣 EMERGENCY UPDATE 📣 Apple pushed updates for a new zero-day that may have been actively exploited. � CVE-2025-24201 (WebKit): - iOS and iPadOS 18.3.2 - macOS Sequoia 15.3.2 - visionOS 2.3.2 #apple #infosec
- bsky.app: 📣 EMERGENCY UPDATE 📣 Apple pushed updates for a new zero-day that may have been actively exploited. � CVE-2025-24201 (WebKit): - iOS and iPadOS 18.3.2 - macOS Sequoia 15.3.2 - visionOS 2.3.2 #apple #infosec
- Rescana: Apple Urgently Patches CVE-2025-24201 Zero-Day in iOS, iPadOS, macOS, visionOS, and Safari amid Attacks
- PCMag UK security: Update Now: Apple Rolls Out Fix for 'Extremely Sophisticated' Zero-Day Bug
- eWEEK: Apple addressed a zero-day vulnerability, tracked as CVE-2025-24201, that has been exploited in “extremely sophisticated� cyber attacks.
@www.csoonline.com
//
Broadcom has issued urgent security patches to address three actively exploited vulnerabilities affecting VMware ESXi, Workstation, and Fusion products. These flaws, tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, could enable attackers to execute code and disclose sensitive information. VMware ESXi is under active exploitation in the wild, making timely patching crucial to prevent potential attacks. The vulnerabilities impact various versions of VMware ESXi 8.0, 7.0, Workstation 17.x, Fusion 13.x, Cloud Foundation 5.x and 4.x, and Telco Cloud Platform.
The most critical flaw, CVE-2025-22224, boasts a CVSS score of 9.3 and is a heap-overflow vulnerability leading to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine could exploit this to execute code as the virtual machine's VMX process running on the host. Broadcom credited Microsoft's MSTIC security team with discovering and reporting these vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added these zero-day vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal civilian agencies to patch them by March 25, 2025.
Recommended read:
References :
- bsky.app: Broadcom released security patches to patch an actively exploited zero-day in its VMware ESXi products. Broadcom credited Microsoft's MSTIC security team with spotting and reporting the attacks.
- The Hacker News: Broadcom Releases Urgent Patches
- The Register - Software: VMware splats guest-to-hypervisor escape bugs already exploited in wild
- : VMware ESXi gets critical patches for in-the-wild virtual machine escape attack
- securityaffairs.com: VMware fixed three actively exploited zero-days in ESX products
- Arctic Wolf: Three VMware Zero-Days Exploited in the Wild Patched by Broadcom
- bsky.app: BleepingComputer article on VMware zero-days.
- Vulnerability-Lookup: A new bundle, VMSA-2025-0004: VMware ESXi, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226), has been published on Vulnerability-Lookup:
- The Record: Three product lines from technology giant VMware — ESXI, Workstation and Fusion — have patches for vulnerabilities that the company and the federal government have said are being exploited by hackers
- securityaffairs.com: U.S. CISA adds Linux kernel and VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog
- borncity.com: 0-day vulnerabilities in VMWare ESXi, Workstation and Fusion
- socradar.io: VMware Security Alert: Active Exploitation of Zero-Day Vulnerabilities (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226)
- Arctic Wolf: Three VMware Zero-Days Exploited in the Wild Patched by Broadcom
- Blog: Multiple zero-days in VMware products actively exploited
- gbhackers.com: CISA Issues Alert on Actively Exploited VMware Vulnerabilities
- www.tenable.com: CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited
- Information Security Buzz: Broadcom warns VMware users of Critical Zero-Day Exploits
- www.cybersecuritydive.com: 37K+ VMware ESXi instances vulnerable to critical zero-day
- www.itpro.com: Broadcom issues urgent alert over three VMware zero-days
- Carly Page: Broadcom is warning that a trio of VMware vulnerabilities are being actively exploited by hackers to compromise the networks of its corporate customers
- techcrunch.com: Security experts warn of ‘huge impact’ of actively exploited hypervisor flaws that allow sandbox escape
- Security Risk Advisors: Three Critical VMware Vulnerabilities Exploited in Wild Targeting ESXi, Workstation, and Fusion
- www.cybersecuritydive.com: Broadcom urges customers to patch 3 zero-day VMware flaws
- MSSP feed for Latest: Broadcom: VMware Zero-Days Being Exploited in the Wild
- www.bleepingcomputer.com: Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild.
- research.kudelskisecurity.com: Critical VMware ESXi, Workstation, Fusion Vulnerabilities Seen Exploited in Wild
- cyble.com: Three VMware Zero-Days Under Active Exploitation – What You Need to Know
- Zack Whittaker: VMware emergency hypervisor escape bugs under attack
@ciso2ciso.com
//
Atlassian has released security patches to address 12 critical and high-severity vulnerabilities affecting multiple products, including Bamboo, Bitbucket, Confluence, Crowd, and Jira. The patches address five critical-severity issues in Confluence Data Center and Server and Crowd Data Center and Server that were discovered in third-party dependencies used within the two products.
Updates released for Confluence Data Center and Server address two critical flaws in Apache Tomcat, tracked as CVE-2024-50379 and CVE-2024-56337 (CVSS score of 9.8). These issues could be exploited by unauthenticated attackers to achieve remote code execution. Atlassian urges customers to update their installations as soon as possible.
Recommended read:
References :
- securityaffairs.com: Australian software firm Atlassian patched 12 critical and high-severity flaws in Bamboo, Bitbucket, Confluence, Crowd, and Jira.
- ciso2ciso.com: Atlassian Patches Critical Vulnerabilities in Confluence, Crowd – Source: www.securityweek.com
- heise online English: Security updates Atlassian: Attacks on Bamboo Data Center and Server possible Attackers can attack Atlassian's Bitbucket Data Center and Server with malicious code, among other things.
info@thehackernews.com (The Hacker News)@The Hacker News
//
Google has released the February 2025 Android security updates, patching a total of 48 vulnerabilities. Among these fixes is a critical zero-day kernel vulnerability, identified as CVE-2024-53104, which Google has confirmed is being actively exploited in the wild. This particular flaw is a privilege escalation issue found within the USB Video Class (UVC) driver, potentially allowing attackers to gain elevated permissions on affected devices.
The vulnerability, with a CVSS score of 7.8, stems from an out-of-bounds write condition within the "uvc_parse_format()" function of the "uvc_driver.c" program, specifically when parsing UVC_VS_UNDEFINED frames. This flaw, present since Linux kernel version 2.6.26 released in mid-2008, could lead to memory corruption, program crashes, or even arbitrary code execution. While the specific actors behind the exploitation remain unclear, the potential for "physical" privilege escalation raises concerns about misuse by forensic data extraction tools.
Recommended read:
References :
- cyberinsider.com: Google Fixes Zero-Day Flaw Exploited in Targeted Android Attacks
- BleepingComputer: The February 2025 Android security updates patch 48 vulnerabilities, including a zero-day kernel vulnerability tagged as exploited in the wild.
- securityaffairs.com: Google fixed actively exploited kernel zero-day flaw
- The Hacker News: Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104
- CyberInsider: Google Fixes Zero-Day Flaw Exploited in Targeted Android Attacks
- ciso2ciso.com: Google fixed actively exploited kernel zero-day flaw
- BleepingComputer: The February 2025 Android security updates patch 48 vulnerabilities, including a zero-day kernel vulnerability tagged as exploited in the wild.
- Pyrzout :vm:: Social post about google actively exploited kernel zero-day flaw.
- www.bleepingcomputer.com: The February 2025 Android security updates patch 48 vulnerabilities, including a zero-day kernel vulnerability tagged as exploited in the wild.
@securityonline.info
//
TeamViewer has released patches to address a high-severity privilege escalation vulnerability affecting its Windows client and host applications. The vulnerability, identified as CVE-2025-0065, has a CVSS score of 7.8, indicating a significant risk. The flaw stems from improper handling of argument delimiters in the "TeamViewer_service.exe" component. This could allow a local, unprivileged attacker to inject malicious arguments, thereby gaining elevated privileges on the compromised system potentially granting full control. The vulnerability affects TeamViewer clients for Windows prior to version 15.62.
While there is no evidence that this vulnerability is being exploited in the wild, TeamViewer is strongly urging all Windows users to update to the latest available versions of the client, specifically version 15.62 or later, to mitigate any potential risk. The vulnerability was discovered by an anonymous researcher working with Trend Micro Zero Day Initiative. TeamViewer has released updated packages for TeamViewer Remote and TeamViewer Tensor including versions 11.0.259318, 12.0.259319, 13.2.36226, 14.7.48799 and 15.62 for both full client and host versions, available for download on their website.
Recommended read:
References :
- securityaffairs.com: TeamViewer fixed a vulnerability in Windows client and host applications
- securityonline.info: CVE-2025-0065: TeamViewer Patches Privilege Escalation Vulnerability in Windows Clients
- securityonline.info: CVE-2025-0065: TeamViewer Patches Privilege Escalation Vulnerability in Windows Clients
- www.heise.de: Teamviewer: Rights expansion possible due to security vulnerability Teamviewer warns of a vulnerability in the Windows versions of the remote maintenance software that allows attackers to escalate rights.
- heise online English: Teamviewer: Rights expansion possible due to security vulnerability
|
|