CyberSecurity news

FlagThis - #securityupdates

Bill Mann@CyberInsider //

Google Patches Actively Exploited Android Zero-Day Vulnerabilities - Google released its April 2025 Android Security Bulletin, addressing 62 vulnerabilities, including two actively exploited zero-day vulnerabilities in the Linux kernel's USB sub-component.
Google has released its April 2025 Android security update, addressing a total of 62 vulnerabilities. This includes fixes for two actively exploited zero-day vulnerabilities. The security bulletin addresses vulnerabilities across system components, the Linux kernel, and third-party hardware drivers, highlighting the importance of applying updates promptly. The two high-severity zero-days were reportedly used in targeted surveillance operations.

The exploited vulnerabilities are identified as CVE-2024-53150 and CVE-2024-53197. CVE-2024-53150 is an Android Kernel information disclosure vulnerability caused by an out-of-bound read weakness, potentially allowing local attackers to access sensitive information. CVE-2024-53197 is a high-severity privilege escalation flaw in the Linux kernel’s USB-audio driver for ALSA devices.

The privilege escalation flaw, CVE-2024-53197, was reportedly exploited by Serbian authorities to unlock confiscated Android devices. This was part of a zero-day exploit chain developed by Cellebrite, an Israeli digital forensics company. The exploit chain also included CVE-2024-53104, patched in February 2025, and CVE-2024-50302, patched last month. With this latest update, all three vulnerabilities in that chain are now fixed. Users are advised to apply the updates as soon as they are released by Android original equipment manufacturers (OEMs).

Recommended read:
References :
  • CyberInsider: Google Patches Actively Exploited Android Zero-Day Vulnerabilities
  • discuss.privacyguides.net: Google just fixed two critical Android zero-days and 60 other flaws
  • The Hacker News: Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities
  • BleepingComputer: Google fixes Android zero-days exploited in attacks, 60 other flaws
  • securityaffairs.com: Google addressed 62 vulnerabilities with the release of Android ‘s April 2025 security update, including two actively exploited zero-days.
  • cyberinsider.com: Google’s April 2025 Android Security Bulletin addresses 60 vulnerabilities across system components, the Linux kernel, and third-party hardware drivers, including two high-severity zero-days that have been actively exploited in targeted surveillance operations.
  • Threats | CyberScoop: Google addresses 2 actively exploited vulnerabilities in security update
  • techcrunch.com: Google fixes two Android zero-day bugs actively exploited by hackers
  • Malwarebytes: Google fixes two actively exploited zero-day vulnerabilities in Android
  • cyberscoop.com: Google addresses 2 actively exploited vulnerabilities in security update
  • techcrunch.com: Google fixes two Android zero-day bugs actively exploited by hackers
  • MSSP feed for Latest: Google Patches Two Zero-Days in April 2025 Android Security Update
  • infosec.exchange: NEW: Google has pushed out patches for two zero-days that were being (and may still be) exploited in the wild. Amnesty previously found that one of them was being used against a student activist in Serbia, by Serbian authorities armed with Cellebrite.
  • Cyber Security News: Google addressed 62 vulnerabilities with the release of Android ‘s April 2025 security update, including two actively exploited zero-days.
Bill Mann@CyberInsider //

Apple Releases Security Updates Patching Zero Day Exploits - Apple released iOS 18.4, macOS Sequoia 15.4, and other updates addressing multiple vulnerabilities, including exploited zero-day flaws in WebKit and Accessibility.
References: bsky.app , CyberInsider , The Apple Post ...
Apple has released a series of critical security updates for its operating systems, including iOS 18.4 and macOS Sequoia 15.4. These updates address a total of 145 vulnerabilities, including several zero-day exploits that may have been actively exploited. Users of iOS, iPadOS, macOS, tvOS, visionOS, Safari, and Xcode are urged to update their devices immediately to safeguard against potential security threats. Notably, watchOS was missing from this patch lineup.

Apple pushed emergency updates targeting three zero-day vulnerabilities identified as CVE-2025-24200 (Accessibility) and CVE-2025-24201 (WebKit). These patches have been backported to older iOS and iPadOS versions, specifically 15.8.4 and 16.7.11, ensuring that users on older devices are also protected from these actively exploited flaws. The updates include fixes for bugs in WebKit, Siri, Safari, and libxpc, along with numerous other security enhancements, underscoring Apple's commitment to addressing security vulnerabilities across its product ecosystem.

Recommended read:
References :
  • bsky.app: EMERGENCY UPDATES Apple pushed additional updates for 3 zero-days that may have been actively exploited. CVE-2025-24200 (Accessibility) additional patches, CVE-2025-24201 (WebKit) additional patches: - iOS and iPadOS 15.8.4 - iOS and iPadOS 16.7.11
  • CyberInsider: Apple has issued a wide set of security updates, patching multiple zero-day vulnerabilities across its operating systems — including iOS, macOS, iPadOS, and Safari — and notably extended critical fixes to older software versions, addressing previously exploited flaws.
  • isc.sans.edu: Apple Patches Everything: March 31st 2025 Edition, (Mon, Mar 31st)
  • The Apple Post: Apple releases iOS 18.4 with Priority Notifications feature, Control Center updates, new emoji, more
  • bsky.app: NEW SECURITY CONTENT - macOS Sequoia 15.4 - 131 bugs fixed macOS Sonoma 14.7.5 - 91 bugs fixed macOS Ventura 13.7.5 - 85 bugs fixed iOS and iPadOS 18.4 - 62 bugs fixed visionOS 2.4 - 38 bugs fixed iPadOS 17.7.6 - 38 bugs fixed tvOS 18.4 - 36 bugs fixed
  • securityaffairs.com: Apple has backported fixes for three actively exploited vulnerabilities to older devices and OS versions. The three vulnerabilities are: Apple released the following updates: that are available for the following devices:
  • The Register - Security: Apple belatedly patches actively exploited bugs in older OSes
  • thecyberexpress.com: Apple Backports Zero-Day Patches to Older Devices in Latest Security Update
  • The Hacker News: Apple Backports Critical Fixes for 3 Live Exploits Impacting iOS and macOS Legacy Devices
Pierluigi Paganini@Security Affairs //

Apple Backports Fixes for Actively Exploited Zero Days - Apple released security updates with backported fixes for three actively exploited zero-day vulnerabilities, including one bypassing USB Restricted Mode and another affecting the WebKit engine.
Apple released a substantial set of security updates on March 31st, 2025, addressing a total of 145 vulnerabilities across its product ecosystem, including iOS, iPadOS, macOS, tvOS, visionOS, Safari, and Xcode. Notably absent from this update was watchOS. The updates included backported fixes for three actively exploited zero-day vulnerabilities, specifically targeting older iOS and iPadOS versions. These vulnerabilities had already been addressed in more recent versions a few weeks prior.

The most critical fix is for CVE-2025-24200, a vulnerability that allowed attackers to bypass USB Restricted Mode. This feature, introduced in 2018 to protect locked iDevices, could be disabled, potentially exposing user data. Another significant fix addresses CVE-2025-24201, a flaw in the WebKit engine that allowed malicious web content to escape Safari's sandbox. Additionally, macOS Ventura received a patch for CVE-2025-24085, a privilege escalation vulnerability in CoreMedia. These updates are now available for iOS versions 16.7.11 and 15.8.4, iPadOS versions 16.7.11 and 15.8.4, and macOS Ventura 13.7.5.

Recommended read:
References :
Pierluigi Paganini@Security Affairs //

Apple Patches Exploited Zero-Days for Older Devices - Apple released security updates for older iPhones and Macs, patching actively exploited zero-day vulnerabilities that could allow privilege elevation or arbitrary code execution.
Apple has released security updates to address actively exploited zero-day vulnerabilities impacting older iPhones and Macs. The patches aim to fix flaws that could allow malicious actors to elevate privileges or execute arbitrary code on affected devices. These updates address CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085, and are now available for iOS 15.8.4, iPadOS 15.8.4, iOS 16.7.11, iPadOS 16.7.11, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5.

The vulnerabilities include a use-after-free bug in the Core Media component (CVE-2025-24085), an authorization issue in the Accessibility component (CVE-2025-24200), and an out-of-bounds write issue in the WebKit component (CVE-2025-24201). Apple addressed the flaw in iOS 18.3.1, iPadOS 18.3.1, and 17.7.5, released on February 10, 2025. CVE-2025-24200 specifically allowed attackers with physical access to locked devices to disable USB Restricted Mode. Users of older devices, including iPhone 6s, iPhone 7, iPhone 8, iPhone X, iPad Air 2, and various iPad Pro models, are urged to update their systems to safeguard against potential threats.

Recommended read:
References :
MSSP Alert@MSSP feed for Latest //

Apple Addresses Critical Vulnerabilities - Apple released security updates for Safari, iOS, and macOS, addressing vulnerabilities, including an actively exploited WebKit flaw (CVE-2025-24201) that allowed attackers to bypass the Web Content sandbox, urging users to update their devices promptly.
Apple has issued critical security updates for iOS 18.3.2 and iPadOS 18.3.2, addressing a actively exploited WebKit vulnerability identified as CVE-2025-24201. This flaw allowed cybercriminals to use maliciously crafted web content to bypass the Web Content sandbox. The update is available for iPhone XS and later, multiple iPad Pro models, iPad Air (3rd generation and later) and iPad mini (5th generation and later).

Users are urged to update their devices promptly by navigating to Settings > General > Software Update. Security experts emphasize the importance of these patches, noting that failure to update leaves devices vulnerable to compromise. According to Adam Boynton, senior security strategy manager EMEIA at Jamf, keeping devices up to date is essential. He also stated that this particular flaw allowed attackers to access data in other parts of the operating system.

Recommended read:
References :
  • The DefendOps Diaries: Apple's Swift Response to WebKit Zero-Day Vulnerability: CVE-2025-24201
  • BleepingComputer: Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks
  • securityaffairs.com: Apple fixed the third actively exploited zero-day of 2025
  • CyberInsider: Apple Patches Zero-Day Flaw Used in Targeted iPhone Attacks
  • Threats | CyberScoop: Apple released emergency software patches Tuesday that address a newly identified zero-day vulnerability in the company’s WebKit web browser engine.  Tracked as CVE-2025-24201, an attacker can potentially escape the constraints of Webkit’s Web Content sandbox, potentially leading to unauthorized actions.
  • techcrunch.com: The flaw was in the browser engine WebKit, used by Safari and other apps.
  • bsky.app: Apple has released emergency security updates to patch a zero-day bug the company describes as exploited in "extremely sophisticated" attacks.
  • bsky.app: Apple has released emergency security updates to patch a zero-day bug the company describes as exploited in "extremely sophisticated" attacks.
  • infosec.exchange: NEW: Apple patched a zero-day in WebKit that “may have been exploited in an extremely sophisticated attack against specific targeted individuals.â€� This is second time, AFAICT, that Apple uses the "extremely sophisticated" phrase for a patched bug.
  • The Hacker News: Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks
  • www.csoonline.com: Apple patches zero-day bugs used in targeted iPhone attacks
  • Blog: FieldEffect blog post on apple-emergency-update-extremely-sophisticated-zero-day.
  • www.infosecurity-magazine.com: iOS 18.3.2 Patches Actively Exploited WebKit Vulnerability
  • MSSP feed for Latest: Apple Addresses Actively-Exploited Zero-Day In WebKit Browser Engine
  • Malwarebytes: Update your iPhone now: Apple patches vulnerability used in “extremely sophisticated attacksâ€�
  • SOC Prime Blog: CVE-2025-24201 Exploitation: Apple Fixes the WebKit Zero-Day Vulnerability Used in Sophisticated Attacks
  • bsky.app: Apple pushed additional updates for a zero-day that may have been actively exploited.
  • ApplSec: Apple pushed updates for a new zero-day that may have been actively exploited.
  • iThinkDifferent: iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, and visionOS 2.3.2 released with critical WebKit security fix
  • www.zdnet.com: Apple is patching a vulnerability in iPhones and iPads that could be exploited in "extremely sophisticated" attacks. The vulnerability, dubbed CVE-2025-24201, was found in , Apple's open-source framework that helps render pages in Safari, Mail, App Store, and other apps. It
  • bsky.app: 📣 EMERGENCY UPDATE 📣 Apple pushed updates for a new zero-day that may have been actively exploited. ğŸ�› CVE-2025-24201 (WebKit): - iOS and iPadOS 18.3.2 - macOS Sequoia 15.3.2 - visionOS 2.3.2 #apple #infosec
  • bsky.app: 📣 EMERGENCY UPDATE 📣 Apple pushed updates for a new zero-day that may have been actively exploited. ğŸ�› CVE-2025-24201 (WebKit): - iOS and iPadOS 18.3.2 - macOS Sequoia 15.3.2 - visionOS 2.3.2 #apple #infosec
  • Rescana: Apple Urgently Patches CVE-2025-24201 Zero-Day in iOS, iPadOS, macOS, visionOS, and Safari amid Attacks
  • PCMag UK security: Update Now: Apple Rolls Out Fix for 'Extremely Sophisticated' Zero-Day Bug
  • eWEEK: Apple addressed a zero-day vulnerability, tracked as CVE-2025-24201, that has been exploited in “extremely sophisticatedâ€� cyber attacks.
@csoonline.com //

VMware ESXi Patches Address Actively Exploited Flaws - Broadcom released urgent security patches for VMware ESXi, Workstation, and Fusion products due to actively exploited vulnerabilities allowing code execution and information disclosure.
Broadcom has issued urgent security patches to address three actively exploited vulnerabilities affecting VMware ESXi, Workstation, and Fusion products. These flaws, tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, could enable attackers to execute code and disclose sensitive information. VMware ESXi is under active exploitation in the wild, making timely patching crucial to prevent potential attacks. The vulnerabilities impact various versions of VMware ESXi 8.0, 7.0, Workstation 17.x, Fusion 13.x, Cloud Foundation 5.x and 4.x, and Telco Cloud Platform.

The most critical flaw, CVE-2025-22224, boasts a CVSS score of 9.3 and is a heap-overflow vulnerability leading to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine could exploit this to execute code as the virtual machine's VMX process running on the host. Broadcom credited Microsoft's MSTIC security team with discovering and reporting these vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added these zero-day vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal civilian agencies to patch them by March 25, 2025.

Recommended read:
References :
  • bsky.app: Broadcom released security patches to patch an actively exploited zero-day in its VMware ESXi products. Broadcom credited Microsoft's MSTIC security team with spotting and reporting the attacks.
  • The Hacker News: Broadcom Releases Urgent Patches
  • The Register - Software: VMware splats guest-to-hypervisor escape bugs already exploited in wild
  • www.csoonline.com: VMware ESXi gets critical patches for in-the-wild virtual machine escape attack
  • securityaffairs.com: VMware fixed three actively exploited zero-days in ESX products
  • Arctic Wolf: Three VMware Zero-Days Exploited in the Wild Patched by Broadcom
  • bsky.app: BleepingComputer article on VMware zero-days.
  • Vulnerability-Lookup: A new bundle, VMSA-2025-0004: VMware ESXi, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226), has been published on Vulnerability-Lookup:
  • The Record: Three product lines from technology giant VMware — ESXI, Workstation and Fusion — have patches for vulnerabilities that the company and the federal government have said are being exploited by hackers
  • securityaffairs.com: U.S. CISA adds Linux kernel and VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog
  • borncity.com: 0-day vulnerabilities in VMWare ESXi, Workstation and Fusion
  • socradar.io: VMware Security Alert: Active Exploitation of Zero-Day Vulnerabilities (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226)
  • Arctic Wolf: Three VMware Zero-Days Exploited in the Wild Patched by Broadcom
  • Blog: Multiple zero-days in VMware products actively exploited
  • gbhackers.com: CISA Issues Alert on Actively Exploited VMware Vulnerabilities
  • www.tenable.com: CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited
  • Information Security Buzz: Broadcom warns VMware users of Critical Zero-Day Exploits
  • www.cybersecuritydive.com: 37K+ VMware ESXi instances vulnerable to critical zero-day
  • www.itpro.com: Broadcom issues urgent alert over three VMware zero-days
  • Carly Page: Broadcom is warning that a trio of VMware vulnerabilities are being actively exploited by hackers to compromise the networks of its corporate customers
  • techcrunch.com: Security experts warn of ‘huge impact’ of actively exploited hypervisor flaws that allow sandbox escape
  • Security Risk Advisors: Three Critical VMware Vulnerabilities Exploited in Wild Targeting ESXi, Workstation, and Fusion
  • www.cybersecuritydive.com: Broadcom urges customers to patch 3 zero-day VMware flaws
  • MSSP feed for Latest: Broadcom: VMware Zero-Days Being Exploited in the Wild
  • www.bleepingcomputer.com: Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild.
  • research.kudelskisecurity.com: Critical VMware ESXi, Workstation, Fusion Vulnerabilities Seen Exploited in Wild
  • cyble.com: Three VMware Zero-Days Under Active Exploitation – What You Need to Know
  • Zack Whittaker: VMware emergency hypervisor escape bugs under attack

Posts

Blogs

Research Tools