Apple released a security update for iOS and iPadOS to patch multiple vulnerabilities, including one that could leak sensitive information when visiting a malicious website and one that allows an attacker to display false information in the address bar.
In total, 29 vulnerabilities were patched, most of them in WebKit, Apple’s web rendering engine that powers Safari and renders webpages in other apps. The update is available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Multiple vulnerabilities in SonicWall SMA 100 series (FIXED)
May 7, 2025
In April of 2025, Rapid7 discovered and disclosed three new vulnerabilities affecting SonicWall Secure Mobile Access (“SMA”) 100 series appliances (SMA 200, 210, 400, 410, 500v). These vulnerabilities are tracked as CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821. An attacker with access to an SMA SSLVPN user account can chain these vulnerabilities to make a sensitive system directory writable, ...
- Proof-of-Concept Released for SysAid On-Premise
May 7, 2025
In March 2025, SysAid released updates addressing XML (extensible markup language) external entity vulnerabilities and an OS command injection vulnerability in its on-premise platform. SysAid is an IT service management platform. Cyber Security firm watchTowr Labs has released proof-of-concept exploit code for four vulnerabilities, which were addressed in SysAid’s March 2025 release. The first two vulnerabilities, ...
- Android fixes 47 vulnerabilities, including one zero-day – update as soon as you can!
May 6, 2025
Google has patched 47 vulnerabilities in Android, including one actively exploited zero-day vulnerability in its May 2025 Android Security Bulletin. Zero-days are vulnerabilities that are exploited before vendors have a chance to patch them—often before they even know about them. The May updates are available for Android 13, 14, and 15. Android vendors are notified of ...
- MicroDicom Releases DICOM Viewer Software Update
May 6, 2025
The US Cybersecurity and Infrastructure Security Agency (CISA) released an Industrial Control Systems (ICS) Medical Advisory for a vulnerability found in MicroDicom DICOM Viewer. DICOM Viewer is an application for primary processing and preservation of medical images in DICOM format. CVE-2025-35975 has a CVSSv3 base score of 8.8 and is an ‘out-of-bounds write’ vulnerability, which means ...
- Hundreds of top ecommerce sites under attack following Magento supply chain flaw
May 5, 2025
Hundreds of ecommerce websites, including at least one major player, behemoth, have been compromised after poisoned Magento extensions woke up from a six-year slumber. Cybersecurity researchers Sansec discovered the supply chain attack after one of its clients was targeted, ultimately finding 21 backdoored Magento extensions, belonging to three companies: Tigren, Meetanshi, and MSG. The company says ...
- TeleMessage, a modified Signal clone used by US government officials, has been hacked
May 5, 2025
A hacker has exploited a vulnerability in TeleMessage, which provides modded versions of encrypted messaging apps such as Signal, Telegram, and WhatsApp, to extract archived messages and other data relating to U.S. government officials and companies who used the tool, 404 Media reported. TeleMessage came into the spotlight last week after it was reported that former ...