Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > alt.comp.os.windows-10 > #187246
| From | Tom Elam <thomas.e.elam@gmail.com> |
|---|---|
| Newsgroups | alt.comp.os.windows-10, alt.comp.os.windows-11, comp.sys.mac.advocacy, misc.phone.mobile.iphone, talk.politics.guns |
| Subject | Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks |
| Date | 2025-09-04 14:12 -0400 |
| Organization | A noiseless patient Spider |
| Message-ID | <109ckpk$1u39b$1@dont-email.me> (permalink) |
| References | <d9131ade72cf3bb031b5a471d45b25f9@dizum.com> |
Cross-posted to 5 groups.
On 8/28/2025 4:25 AM, Symon wrote: > Use Apple products at your own risk. Don't fall for the Verizon free > iPhone on us offer. It's junk. > > Apple has released security updates to address a security flaw impacting > iOS, iPadOS, and macOS that it said has come under active exploitation in > the wild. > > The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300 > (CVSS score: 8.8), resides in the ImageIO framework and could result in > memory corruption when processing a malicious image. > > "Apple is aware of a report that this issue may have been exploited in an > extremely sophisticated attack against specific targeted individuals," the > company said in an advisory. > > The iPhone maker said the bug was internally discovered and that it was > addressed with improved bounds checking. The following versions address > the security defect - > > iOS 18.6.2 and iPadOS 18.6.2 - iPhone XS and later, iPad Pro 13-inch, iPad > Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation > and later, iPad Air 3rd generation and later, iPad 7th generation and > later, and iPad mini 5th generation and later > iPadOS 17.7.10 - iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, > and iPad 6th generation > macOS Ventura 13.7.8 - Macs running macOS Ventura > macOS Sonoma 14.7.8 - Macs running macOS Sonoma > macOS Sequoia 15.6.1 - Macs running macOS Sequoia > It's currently not known who is behind the attacks and who may have been > targeted, but it's likely that the vulnerability has been weaponised as > part of highly targeted attacks. > > With the latest update, Apple has so far fixed a total of seven zero-days > that have been abused in real-world attacks since the start of the year: > CVE-2025-24085, CVE-2025-24200, CVE-2025-24201, CVE-2025-31200, CVE-2025- > 31201, and CVE-2025-43200. > > Last month, the company also issued patches for a Safari vulnerability > residing in an open-source component (CVE-2025-6558) that Google reported > as having been exploited as a zero-day in the Chrome web browser. > > https://thehackernews.com/2025/08/apple-patches-cve-2025-43300-zero- > day.html > You are living in an Android glass house and throwing stones at iOS: "Google patches two Android zero-days, 120 defects total in September security update. The critical, actively exploited zero-day vulnerabilities affect the Linux kernel and Android runtime." That is just one update! https://cyberscoop.com/android-security-update-september-2025/
Back to alt.comp.os.windows-10 | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Symon <symon@notice.org> - 2025-08-28 10:25 +0200
Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks "Carlos E.R." <robin_listas@es.invalid> - 2025-08-28 14:38 +0200
Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks WolfFan <akwolffan@zoho.com> - 2025-09-05 17:58 -0400
Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Hank Rogers <Hank@nospam.invalid> - 2025-09-05 19:03 -0500
Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Alan <nuh-uh@nope.com> - 2025-08-28 10:20 -0400
Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Hank Rogers <Hank@nospam.invalid> - 2025-08-28 12:44 -0500
Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Tom Elam <thomas.e.elam@gmail.com> - 2025-09-04 14:12 -0400
Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Jolly Roger <jollyroger@pobox.com> - 2025-09-04 20:26 +0000
Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Hank Rogers <Hank@nospam.invalid> - 2025-09-04 15:55 -0500
Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Jolly Roger <jollyroger@pobox.com> - 2025-09-05 16:46 +0000
Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Tom Elam <thomas.e.elam@gmail.com> - 2025-09-09 19:52 -0400
Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Jolly Roger <jollyroger@pobox.com> - 2025-09-10 15:44 +0000
csiph-web