Apple Patches Critical Vulnerabilities in iOS 15 and 16

Apple Patches Critical Vulnerabilities in iOS 15 and 16

Image: ink drop/Adobe Stock On Monday, Apple issued critical security updates that retroactively address three actively exploited zero-day vulnerabilities affecting legacy versions of its operating systems. CVE-2025-24200 The first vulnerability, designated CVE-2025-24200, was patched in iOS 16.7.11, iPadOS 16.7.11, iOS 15.8.4, and iPadOS 15.8.4. CVE-2025-24200 allows a physical attacker to disable USB Restricted Mode on an Apple device. This is a security feature designed to block unauthorised data access through the USB port when the…

Read More

Update VMware Tools for Windows NOW: High-Severity Flaw Lets Hackers Bypass Authentication

Update VMware Tools for Windows NOW: High-Severity Flaw Lets Hackers Bypass Authentication

Image: Ferran Rodenas/Flickr/Creative Commons If you use VMware Tools for Windows, it is critical to update to the latest version. Broadcom, which acquired VMware for $69 billion in 2023, has issued a patch for a high-severity vulnerability that is actively being exploited by cybercriminals. The vulnerability affects VMware Tools for Windows versions 11.x.x and 12.x.x, but has been patched in version 12.5.1. Broadcom confirmed that no workarounds are available, so affected users should update immediately….

Read More

Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters

Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters

Image: cynoclub/Envato Elements Apache Tomcat is under attack as cybercriminals actively exploit a recently disclosed vulnerability, enabling remote code execution (RCE). With simple HTTP requests, attackers can trigger the deserialisation of malicious data and gain control over affected systems. The vulnerability, CVE-2025-24813, was disclosed by Apache on March 10, with the first proof of concept being released on GitHub about 30 hours later, posted by user iSee857. Soon after, security firm Wallarm later saw that…

Read More

Update Your iPhone Now to Fix Safari Security Flaw

Update Your iPhone Now to Fix Safari Security Flaw

Image: Apple’s Official YouTube Page Apple has released iOS 18.3.2, an operating system update that fixes a vulnerability in WebKit, the browser engine used by Safari to render web pages. The flaw allowed malicious code running inside the Web Content sandbox, an isolated environment for web processes designed to limit security risks, to impact other parts of the device. Apple previously fixed this vulnerability, CVE-2025-24201, with the release of iOS 17.2 back in late 2023,…

Read More

Patch Tuesday: Microsoft’s January 2025 Security Update Patches Exploited Elevation of Privilege Attacks

Patch Tuesday: Microsoft’s January 2025 Security Update Patches Exploited Elevation of Privilege Attacks

Microsoft’s latest batch of security patches includes an expanded blacklist for certain Windows Kernel Vulnerable Drivers and fixes for several elevations of privilege vulnerabilities. The January 2025 Security Update addressed 159 vulnerabilities. Security patches should be applied to keep software up-to-date. However, early versions of patches may be unreliable and should be cautiously approached and deployed in test environments first. 1 Pipedrive CRM Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999),…

Read More

Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others

Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others

December brought a relatively mild Patch Tuesday, with one vulnerability having been actively exploited. Of all 70 vulnerabilities fixed, 16 were classified as critical. “This year, cybersecurity professionals must be on Santa’s nice list, or, at the very least, Microsoft’s,” Tyler Reguly, associate director of security R&D at cybersecurity software and services company Fortra, told TechRepublic in an email. Microsoft patches leaky CLFS CVE-2024-49138 is an elevation of privilege vulnerability in the Windows Common Log…

Read More

US Sanctions Chinese Cybersecurity Firm for Ransomware Attack

US Sanctions Chinese Cybersecurity Firm for Ransomware Attack

The U.S. has sanctioned Sichuan Silence, a Chinese cybersecurity firm involved in ransomware attacks targeting critical infrastructure in 2020. One of its employees, Guan Tianfeng, has also been charged individually. Guan, a security researcher, discovered a zero-day vulnerability in a firewall product developed by U.K.-based security firm Sophos. He exploited the vulnerability, designated CVE 2020-12271, using a SQL injection attack that retrieved and remotely executed a script from a malicious server. Guan and his co-conspirators…

Read More

Products Of The Year 2024: The Finalists

Products Of The Year 2024: The Finalists

CRN staff compiled the top partner-friendly products that launched or were significantly updated over the last year. Now it’s up to solution providers to choose the winners. Application Performance and Observability As more applications run in hybrid-cloud and multi-cloud environments, maintaining application performance has becoming a more complex task. Application performance management and observability tools help IT organizations maintain the health, performance and user experience of business applications, according to market researcher Gartner. Such tools…

Read More

Three Quarters of Dependency Vulnerability Patches Lead to Breakages, Report Finds

Three Quarters of Dependency Vulnerability Patches Lead to Breakages, Report Finds

Patches deployed for dependency vulnerabilities cause breakages 75% of the time, a new report has revealed. Minor updates were found to break clients 94% of the time, and for version upgrades this was 95%. Software dependencies — the external code or libraries that a project requires to function properly — are notoriously difficult to manage during application development. Remediating vulnerabilities in dependencies requires a major version update 24% of the time. “Seemingly the most straight-forward…

Read More

OpenAI's GPT-4 Can Autonomously Exploit 87% of One-Day Vulnerabilities

OpenAI's GPT-4 Can Autonomously Exploit 87% of One-Day Vulnerabilities

The GPT-4 large language model from OpenAI can exploit real-world vulnerabilities without human intervention, a new study by University of Illinois Urbana-Champaign researchers has found. Other open-source models, including GPT-3.5 and vulnerability scanners, are not able to do this. A large language model agent — an advanced system based on an LLM that can take actions via tools, reason, self-reflect and more — running on GPT-4 successfully exploited 87% of “one-day” vulnerabilities when provided with…

Read More
1 2 3 4