Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Apple Warns of New Zero Day Vulnerabilities

April 1, 2025
Reading Time: 2 mins read
in Alerts
Apple Warns of New Zero Day Vulnerabilities

Apple has issued an urgent security advisory regarding three critical zero-day vulnerabilities, which have been actively exploited in sophisticated attacks. These vulnerabilities, CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085, affect a broad range of Apple devices, including iPhones, iPads, Macs, and other platforms. Apple strongly advises users to update their devices immediately to mitigate the risk of exploitation and enhance their security posture. These vulnerabilities, being actively exploited, underscore the growing sophistication of cyberattacks targeting Apple’s ecosystem.

The first vulnerability, CVE-2025-24200, relates to an authorization flaw that can be exploited in a cyber-physical attack to bypass USB Restricted Mode on locked devices. This feature, designed to block unauthorized access by forensic tools, can be circumvented if an attacker has physical access to the device. Discovered by Bill Marczak of The Citizen Lab, this flaw has reportedly been used in highly targeted attacks against specific individuals.

It highlights the increasing threat of physical device compromise alongside remote attacks.

The second vulnerability, CVE-2025-24201, affects WebKit, the browser engine behind Safari and other iOS applications. This out-of-bounds write vulnerability enables maliciously crafted web content to break out of the Web Content sandbox, potentially allowing attackers to execute unauthorized actions on the device. Apple describes this vulnerability as an extension of a previously blocked attack in iOS 17.2, but older versions remain vulnerable.

It is a high-risk flaw, as it does not require physical access to exploit, making it a more significant threat to a wider range of users.

The third vulnerability, CVE-2025-24085, is a use-after-free flaw in the CoreMedia component, which handles audio and video playback across Apple platforms. This vulnerability allows malicious applications to escalate privileges and gain unauthorized access to sensitive system areas. Affected devices include iPhones, iPads, Macs, and other Apple systems running older versions of iOS and macOS before the patch was applied. Apple has responded swiftly by releasing patches for all three vulnerabilities, urging users to update their devices as soon as possible to avoid potential attacks.

Reference:
  • RESURGE Malware Exploits Ivanti Vulnerability for Remote Access and Data Theft
Tags: April 2025Cyber AlertsCyber Alerts 2025CyberattackCybersecurity
ADVERTISEMENT

Related Posts

Fake Firms Push Malware on Crypto Users

Fake Sites Push Investment Scams

July 11, 2025
Fake Firms Push Malware on Crypto Users

Severe WordPress Flaw 200K Sites at Risk

July 11, 2025
Fake Firms Push Malware on Crypto Users

Fake Firms Push Malware on Crypto Users

July 11, 2025
Hackers Revive SEO Poisoning

Hackers Revive SEO Poisoning

July 10, 2025
Hackers Revive SEO Poisoning

RondoDox Botnet Exploits Router Flaws

July 10, 2025
Hackers Revive SEO Poisoning

ServiceNow Data Exposure via ACLs

July 10, 2025

Latest Alerts

Fake Sites Push Investment Scams

Fake Firms Push Malware on Crypto Users

Severe WordPress Flaw 200K Sites at Risk

RondoDox Botnet Exploits Router Flaws

ServiceNow Data Exposure via ACLs

Hackers Revive SEO Poisoning

Subscribe to our newsletter

    Latest Incidents

    Microsoft’s Outlook Long Outage

    Avantic Lab Affected By Ransomware

    $40M+ Stolen from GMX Crypto Platform

    Bitcoin Depot Breach Exposes Data

    McDonald’s AI Hiring Bot Exposes Data

    Nippon Steel Solutions Data Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial