Apple News Articles

CVE-2025-31244 Impact, Exploitability, and Mitigation Steps | Wiz

Understand the critical aspects of CVE-2025-31244 with a detailed vulnerability assessment, exploitation potential, affected technologies, and remediation guidance.

2 weeks ago

CVE - CVE-2025-24203

The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.

2 weeks ago

PoC Exploit Published for macOS Sandbox Escape Vulnerability (CVE-2025-31258)

Security researchers have disclosed a new macOS sandbox escape vulnerability, accompanied by a proof-of-concept (PoC) exploit.

3 weeks ago

PoC Exploit Released for macOS CVE-2025-31258 Vulnerability Bypassing Sandbox Security

A PoC exploit has been released for a recently patched vulnerability in Apple's macOS operating system tracked as CVE-2025-31258.

3 weeks ago

Developers use Ian Beer's CVE-2025-24203 write-up to bring MacDirtyCow-like tweaks to newer firmware

Another kernel exploit called CVE-2025-24203 is making MacDirtyCow-like hacks possible on modern non-jailbreakable firmware.

3 weeks ago

CVE-2025-24203 Impact, Exploitability, and Mitigation Steps | Wiz

Understand the critical aspects of CVE-2025-24203 with a detailed vulnerability assessment, exploitation potential, affected technologies, and remediation guidance.

3 weeks ago

Researchers Uncover Remote Code Execution Flaw in macOS - CVE-2024-44236

Security researchers Nikolai Skliarenko and Yazhi Wang of Trend Micro’s Research Team have disclosed critical details about CVE-2024-44236.

3 weeks ago

Researchers Details macOS Remote Code Execution Vulnerability - CVE-2024-44236

A critical remote code execution vulnerability identified in Apple's macOS operating system, tracked as CVE-2024-44236.

3 weeks ago

Zero Day Initiative — CVE-2024-44236: Remote Code Execution vulnerability in Apple macOS

In this excerpt of a Trend Vulnerability Research Service vulnerability report, Nikolai Skliarenko and Yazhi Wang of the Trend™ Research Team detail a recently patched code execution vulnerability in the Apple macOS operating system. This bug was originally discovered by Hossein Lotfi of the Trend™&

3 weeks ago

Billions of Apple Devices at Risk from “AirBorne” AirPlay Vulnerabilities - Update Now!

AirBorne flaws in Apple AirPlay expose billions of devices to remote attacks, RCE, data theft. Update iPhones, Macs, CarPlay and 3rd-party devices.

1 month ago

Analyzing CVE-2025-31191: A macOS security-scoped bookmarks-based sandbox escape | Microsoft Security Blog

Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared our findings with Apple and a fix was released for this vulnerability, now identified as CVE-2025-31191. We encourage macOS users to apply sec...

1 month ago

Apple AirPlay SDK devices at risk of takeover—make sure you update

Researchers found a set of vulnerabilities that puts all devices leveraging Apple's AirPlay at risk.

1 month ago

CISA Adds Three Known Exploited Vulnerabilities to Catalog | CISA

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-44308(link is external) Apple Multiple Products Code Execution...

AirPlay Vulnerabilities Expose Apple Devices to Zero-Click Takeover

Vulnerabilities in Apple’s AirPlay protocol could have allowed attackers to execute code remotely without user interaction.

CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-24200(link is external) Apple iOS and iPadOS Incorrect Authorization...

CISA Adds Three Known Exploited Vulnerabilities to Catalog | CISA

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation

Apple fixes two critical flaws in CoreAudio and RPAC in emergency patch

The attacks were aimed at 'specific targeted individuals,' according to Apple. On April 16, 2025, Apple issued out-of-band security updates to repair two zero-day flaws

Apple Zero Days Under 'Sophisticated Attack,' but Details Lacking

The technology giant said two zero-day vulnerabilities were used in attacks on iOS devices against "specific targeted individuals," which suggests spyware or nation-state threat activity.

Week in review: LLM package hallucinations harm supply chains, Nagios Log Server flaws fixed - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Apple plugs zero-day holes used in targeted iPhone

CISA Issues Alert on Actively Exploited Apple 0-Day Vulnerabilities

CISA has issued a high-priority warning regarding two critical zero-day vulnerabilities impacting a wide range of Apple devices.

Apple Fixes Two Zero-Day Flaws; Check Which Models Need Software Updates

Apple released security updates on Wednesday for two zero-day vulnerabilities. The tech giants updates patched the security flaws in iOS 18.4.1, tvOS 18.4.1, iPadOS 18.4.1, visionOS 2.4.1 and macOS Sequoia 15.4.1. According to Apples security bulletin, the vulnerabilities may have been used in an ex...

Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) - Help Net Security

Apple has released emergency security updates to fix two actively exploited zero-day vulnerabilities (CVE-2025-31200, CVE-2025-31201).

Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks

Apple fixed 2 exploited flaws in iOS 18.4.1, one flagged by Google TAG, urging urgent updates.

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation, as confirmed by Fortinet. CVE-2025-24085(link is external) Apple Multiple...

Apple issues fixes for vulnerabilities in both old and new OS versions

The company released a host of security patches Monday, including ones that address two zero-day vulnerabilities.

Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices

Apple patched 3 live exploits—CVE-2025-24085, -24200, -24201—across legacy iOS/macOS devices to block escalation attacks.

Apple Warns of Three 0-Day Vulnerabilities Actively Exploited in Attacks

Apple has issued an urgent security advisory concerning three critical zero-day vulnerabilities that have been actively exploited.

CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation

iOS 18.3.2—Update Now Warning Issued To All iPhone Users

Apple has released iOS 18.3.2, an emergency update fixing a single iPhone security issue already being used in real-life attacks. Here's what you need to know.

Apple Issues Emergency Security Patch For iPhone, iPad And Mac Users To Fix Critical Vulnerabilities

Apple releases urgent update to fix critical security vulnerabilities.

Apple Drops Another WebKit Zero-Day Bug

A threat actor leveraged the vulnerability in an "extremely sophisticated" attack on targeted iOS users, the company says.

Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks

Apple patches WebKit zero-day CVE-2025-24201, exploited in sophisticated attacks before iOS 17.2. Update secures iOS, macOS, Safari, and Vision Pro.

Apple fixed the third actively exploited zero-day of 2025

Apple addressed a zero-day vulnerability, tracked as CVE-2025-24201, that has been exploited in "extremely sophisticated" cyber attacks.

Apple Urgently Patches Zero-day Flaw Exploited in the Wild

Apple has released an emergency security update for patching two actively exploited zero-day vulnerabilities on iOS.

iPhone Security Alert: Apple releases emergency iOS update to fix data leak vulnerability

Apple has released an urgent iOS and iPadOS update (18.3.1) to patch a critical security vulnerability (CVE-2025-24200) that allows attackers with physical access to bypass USB Restricted Mode on locked devices. Discovered by The Citizen Lab, the flaw has been exploited in highly targeted attacks. S...

Apple Patches Critical IOS Zero-Day CVE-2025-24200

Apple releases emergency updates for iOS and iPadOS to fix CVE-2025-24200, a zero-day vulnerability exploited to bypass USB security on locked devices.

Apple Patches Critical IOS Zero-Day CVE-2025-24200

Apple releases emergency updates for iOS and iPadOS to fix CVE-2025-24200, a zero-day vulnerability exploited to bypass USB security on locked devices.

Apple zero day used in 'extremely sophisticated attack' | TechTarget

Apple announced on Monday it patched a zero-day flaw in iPads and iPhones that could enable an attacker to disable the USB Restricted Mode security feature.

Apple fixes zero-day flaw exploited in "extremely sophisticated" attack (CVE-2025-24200) - Help Net Security

iPhone/iPad users: implement updates to fix a security feature bypass vulnerability (CVE-2025-24200) exploited in a sophisticated attack.

iOS 18.3 and macOS Sequoia 15.3 patch first Apple zero-day of 2025 - The Mac Security Blog

Apple released critically urgent security updates this week for macOS, iOS, iPadOS, visionOS, and tvOS to address a bug that was actively exploited in the wild.

Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update

Apple released an emergency iOS update to fix CVE-2025-24200, a zero-day flaw exploited to bypass USB Restricted Mode on locked devices in sophisticat

Apple iOS 0-day Vulnerability Exploited Wild in Extremely Sophisticated Attack

Apple has released emergency security updates to address a zero-day vulnerability, CVE-2025-24200, that has been actively exploited in targeted attacks against iPhone and iPad users.

New Apple Warning For Millions—Update Now To Fix Critical Flaw

A critical flaw in millions of Apple products including Macs and iPads could allow attackers to execute code. Here's what you need to know.

Apple's macOS Kernel Vulnerability Let Attackers Escalate Privileges - PoC Released

A critical vulnerability in Apple's macOS kernel (XNU), tracked as CVE-2025-24118, has been disclosed, potentially allowing attackers to escalate privileges, corrupt memory, and even execute kernel-level code. 

Apple's macOS Vulnerability (CVE-2025-24118) Exposes Users to Privilege Escalation Attacks

A critical privilege escalation vulnerability in Apple's macOS kernel has been revealed, posing a significant risk to users.

The Good, the Bad and the Ugly in Cybersecurity - Week 5

Officials seize two major hacking forums, zero-day bug found in multiple Apple products, and APTs abuse Gemini AI to bolster cyber operations.

Week in review: Apple 0-day used to target iPhones, DeepSeek’s popularity exploited by scammers - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Apple zero-day vulnerability exploited to target iPhone

U.S. CISA adds Apple products' flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products' flaw to its Known Exploited Vulnerabilities catalog.

iOS 18.3—Update Now Warning Issued To All iPhone Users

Apple has issued iOS 18.3, fixing 29 flaws, one of which is already being used in real-life attacks on iPhones. Here's what you need to know.