On Monday, Apple released updates for its mobile operating systems for iOS and iPadOS, which fixed a flaw that the company said “may have been exploited in an extremely sophisticated attack against specific targeted individuals.”
In the release notes for iOS 18.3.1 and iPadOS 18.3.1, the company said the vulnerability allowed the disabling of USB Restricted Mode “on a locked device.” Introduced in 2018, USB Restricted Mode is a security feature that blocks the ability for an iPhone or iPad to send data over a USB connection if the device isn’t unlocked for seven days.
Read more…
Source: TechCrunch News
Related:
- Security Updates Released for Ingress NGINX Controller for Kubernetes
March 25, 2025
Five vulnerabilities have been discovered within the Ingress NGINX Controller for Kubernetes. NGINX Ingress Controller is a tool used in Kubernetes environments to manage and route external traffic to services within the cluster. Ingress Controller acts as a reverse proxy and load balancer, supporting various protocols like WebSocket, gRPC, TCP, and UDP, and also provides features ...
- Broadcom Releases Security Advisory for VMware Tools for Windows
March 25, 2025
Broadcom has released a security advisory addressing a high severity vulnerability in VMware Tools for Windows. VMware Tools is a suite of utilities that enhances the performance of VMware virtual machines and provides extra functionality. CVE-2025-22230 is an authentication bypass due to improper access control vulnerability with a CVSSv3 score of 7.8. If exploited, an attacker ...
- Notable vulnerabilities in Next.js (CVE-2025-29927) and CrushFTP
March 25, 2025
Rapid7 is warning customers of notable vulnerabilities in Next.js, a React framework for building web applications, and CrushFTP, a file transfer technology that has previously been targeted by adversaries. CVE-2025-29927 is a critical improper authorization vulnerability in Next.js middleware that could (theoretically) allow an attacker to bypass authorization checks in a Next.js application, if the authorization ...
- Oracle Cloud says it’s not true someone broke into its login servers and stole data
March 23, 2025
Oracle has straight up denied claims by a miscreant that its public cloud offering has been compromised and information stolen. A crook late last week advertised on an online cyber-crime forum what was alleged to be Oracle Cloud customer security keys and other sensitive data swiped from the IT giant. This material was said to have ...
- Russian zero-day seller is offering up to $4 million for Telegram exploits
March 21, 2025
Operation Zero, a company that acquires and sells zero-days exclusively to the Russian government and local Russian companies, announced on Thursday that it’s looking for exploits for the popular messaging app Telegram, and is willing to offer up to $4 million for them. The exploit broker is offering up to $500,000 for a “one-click” remote code ...
- Critical Veeam Backup & Replication CVE-2025-23120
March 19, 2025
On Wednesday, March 19, 2025, backup and recovery software provider Veeam published a security advisory for a critical remote code execution vulnerability tracked as CVE-2025-23120. The vulnerability affects Backup & Replication systems that are domain joined. Veeam explicitly mentions that domain-joined backup servers are against security and compliance best practices, but in reality, we believe this ...