U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Apple released security updates to fix multiple flaws in iOS and macOS

Apple released security updates to address easily exploitable vulnerabilities impacting iOS and macOS devices. Apple released urgent iOS and macOS security updates to patch critical flaws that could allow attackers to execute malicious code just by opening a crafted image, video, or website: Apple’s iOS 18.5 update addressed multiple critical flaws in AppleJPEG, CoreMedia, and […]

Apple Signal

Apple released security updates to address easily exploitable vulnerabilities impacting iOS and macOS devices.

Apple released urgent iOS and macOS security updates to patch critical flaws that could allow attackers to execute malicious code just by opening a crafted image, video, or website:

  • AppleJPEG CVE-2025-31251 – Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory;
  • CoreMedia CVE-2025-31233 – Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory
  • ImageIO CVE-2025-31226 – Processing a maliciously crafted image may lead to a denial-of-service
  • WebKit CVE-2025-31223 – Processing maliciously crafted web content may lead to memory corruption
  • Webkit CVE-2025-24223 – Processing maliciously crafted web content may lead to memory corruption
  • Webkit CVE-2025-31217 – Processing maliciously crafted web content may lead to an unexpected Safari crash
  • Webkit CVE-2025-31215 – Processing maliciously crafted web content may lead to an unexpected process crash
  • Webkit CVE-2025-31206 – Processing maliciously crafted web content may lead to an unexpected Safari crash
  • Webkit CVE-2025-31257 – Processing maliciously crafted web content may lead to an unexpected Safari crash

Apple’s iOS 18.5 update addressed multiple critical flaws in AppleJPEG, CoreMedia, and other components that could let attackers run code or leak data via malicious media files.

The company patched severe file-parsing flaws in CoreAudio, CoreGraphics, and ImageIO that could lead to unexpected app termination or corrupt process memory, or leak data when opening malicious content.

Some bugs could trigger a denial-of-service condition or lead to memory corruption.

One of the issues, tracked as CVE-2025-31217, can be triggered by processing maliciously crafted web content, leading to an unexpected Safari crash.

Processing maliciously crafted web content may lead to an unexpected Safari crash.

Apple’s also addressed a Baseband flaw, tracked as CVE-2025-31214, that can be exploited by an attacker to intercept traffic on iPhone 16e.

The IT giant also fixed a mDNSResponder privilege escalation bug, tracked as CVE-2025-31222, a Notes issue leaking data from locked screens, and other security gaps in FrontBoard, iCloud Document Sharing, and Mail Addressing.

iOS 18.5 is now available for iPhone XS and newer models, while the accompanying iPadOS update supports iPad Pro (2018 and later), iPad Air 3rd generation, iPad 7th generation, iPad mini 5, and subsequent devices.

Apple also released updates for macOS Sequoia, macOS Sonoma, macOS Ventura, as well as for watchOS, tvOS, and visionOS.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, iOS)