Apple News Articles

New macOS TCC Bypass Vulnerability Allows Attackers to Access Sensitive User Data

By exploiting a private API within the ScreenReader.framework ,a core component of the VoiceOver accessibility feature malicious actors can gain unauthorized access to sensitive user data.

4 weeks ago

CISA Warns of Apple WebKit Vulnerability Actively Exploited in Attacks

CISA issued an urgent warning about a critical Apple WebKit zero-day vulnerability actively exploited in attacks.

Zero‑Day Vulnerabilities in Apple WebKit

Apple has released security updates to address two zero‑day vulnerabilities in WebKit that have been exploited in attacks. Users and administrators of affected Apple devices are strongly advised to update to the latest software versions immediately.

U.S. CISA adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Apple and Gladinet CentreStack and Triofox vulnerabilities to its Known Exploited Vulnerabilities catalog.

Apple Zero-Day Exploits Used in Targeted iPhone Spyware Attacks | eSecurity Planet

Apple confirmed two WebKit zero-days exploited in targeted iPhone spyware attacks.

Apple Confirms Zero-Day Exploitation in Targeted Attacks on iPhone Users

Apple has issued critical security patches addressing two actively exploited zero-day vulnerabilities affecting iPhone and iPad devices.

'Landfall' Malware Targeted Samsung Galaxy Users

The tool let its operators secretly record conversations, track device locations, capture photos, and perform other surveillance on compromised devices.

Apple fixes critical font processing bug. Update now!

Apple has released a security update for macOS, iOS, iPadOS, and visionOS to patch a serious bug (CVE-2025-43400) in how devices handle fonts.

Apple backports zero-day patches to older iPhones and iPads

​Apple has released security updates to backport patches released last month to older iPhones and iPads, addressing a zero-day bug that was exploited in

Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack

Apple patches CVE-2025-43300 exploited with WhatsApp CVE-2025-55177, protecting under 200 targeted users.

Apple CarPlay RCE Exploit Left Unaddressed in Most Cars

Even when a vulnerability is serious and a fix is available, actually securing cars is more difficult than one would hope.

WhatsApp fixes vulnerability used in zero-click attacks

WhatsApp has patched a vulnerability that was used in conjunction with an Apple vulnerability in zero-click attacks.

Apple Fixes Zero Day Used in 'Sophisticated' Attack

CVE-2025-43300 is the latest zero-day flaw used in cyberattacks against "targeted individuals," which could signify spyware or nation-state hacking.

All Apple users should update after company patches zero-day vulnerability in all platforms

Apple has released security updates to patch a zero-day vulnerability tracked as CVE-2025-43300 for all platforms

Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks

Apple patches CVE-2025-43300 zero-day in iOS, iPadOS, and macOS after active exploitation reports.

CVE-2025-43199 Impact, Exploitability, and Mitigation Steps | Wiz

Understand the critical aspects of CVE-2025-43199 with a detailed vulnerability assessment, exploitation potential, affected technologies, and remediation guidance.

Microsoft uncovered a security flaw affecting macOS’s Spotlight.

The vulnerability (CVE-2025-31199), which Apple patched in a March 31st update, could give bad actors access to files inside a device’s Downloads folder and data cached by Apple Intelligence. That includes geolocation data, media metadata, and facial recognition info, according to a report from Micr...

The Hidden Cost of Mac Vulnerabilities: Why Endpoint Security is a Strategic Investment in 2025

The Hidden Cost of Mac Vulnerabilities: Why Endpoint Security is a Strategic Investment in 2025

Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability | Microsoft Security Blog

Microsoft Threat Intelligence has discovered a macOS vulnerability, tracked as CVE-2025-31199, that could allow attackers to steal private data of files normally protected by Transparency, Consent, and Control (TCC), including the ability to extract and leak sensitive information cached by Apple Int...

CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA

CISA has added two new vulnerabilities to its KEV Catalog, based on evidence of active exploitation

CVE-2025-31244 Impact, Exploitability, and Mitigation Steps | Wiz

Understand the critical aspects of CVE-2025-31244 with a detailed vulnerability assessment, exploitation potential, affected technologies, and remediation guidance.

CVE - CVE-2025-24203

The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.

PoC Exploit Published for macOS Sandbox Escape Vulnerability (CVE-2025-31258)

Security researchers have disclosed a new macOS sandbox escape vulnerability, accompanied by a proof-of-concept (PoC) exploit.

PoC Exploit Released for macOS CVE-2025-31258 Vulnerability Bypassing Sandbox Security

A PoC exploit has been released for a recently patched vulnerability in Apple's macOS operating system tracked as CVE-2025-31258.

Developers use Ian Beer's CVE-2025-24203 write-up to bring MacDirtyCow-like tweaks to newer firmware

Another kernel exploit called CVE-2025-24203 is making MacDirtyCow-like hacks possible on modern non-jailbreakable firmware.