FreshRSS

๐Ÿ”’
โŒ Secure Planet Training Courses Updated For 2019 - Click Here
There are new available articles, click to refresh the page.
Today โ€” October 26th 2025Full Disclosure

[REVIVE-SA-2025-002] Revive Adserver Vulnerability

Posted by Matteo Beccati on Oct 25

========================================================================
Revive Adserver Security Advisory REVIVE-SA-2025-002
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2025-002
------------------------------------------------------------------------
Date: 2025-10-24
Risk Level: High
Applications affected: Revive...

[REVIVE-SA-2025-001] Revive Adserver Vulnerability

Posted by Matteo Beccati on Oct 25

========================================================================
Revive Adserver Security Advisory REVIVE-SA-2025-001
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2025-001
------------------------------------------------------------------------
CVE-ID: CVE-2025-27208
Date: 2025-10-22
Risk Level:...
Before yesterdayFull Disclosure

SEC Consult SA-20251021-0 :: Multiple Vulnerabilities in EfficientLab WorkExaminer Professional (CVE-2025-10639, CVE-2025-10640, CVE-2025-10641)

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Oct 21

SEC Consult Vulnerability Lab Security Advisory < 20251021-0 >
=======================================================================
title: Multiple Vulnerabilities
product: EfficientLab WorkExaminer Professional
vulnerable version: <= 4.0.0.52001
fixed version: -
CVE number: CVE-2025-10639, CVE-2025-10640, CVE-2025-10641
impact: Critical
homepage:...

[SYSS-2025-017]: Verbatim Store 'n' Go Secure Portable HDD (security update v1.0.0.6) - Offline brute-force attack

Posted by Matthias Deeg via Fulldisclosure on Oct 21

Advisory ID: SYSS-2025-017
Product: Store 'n' Go Secure Portable HDD
Manufacturer: Verbatim
Affected Version(s): Part Number #53401 (GD25LK01-3637-C VER4.0)
Tested Version(s): Part Number #53401 (GD25LK01-3637-C VER4.0)
Vulnerability Type: Use of a Cryptographic Primitive with a Risky
Implementation (CWE-1240)
Risk Level: High...

[SYSS-2025-016]: Verbatim Store 'n' Go Secure Portable SSD (security update v1.0.0.6) - Offline brute-force attack

Posted by Matthias Deeg via Fulldisclosure on Oct 21

Advisory ID: SYSS-2025-016
Product: Store 'n' Go Secure Portable SSD
Manufacturer: Verbatim
Affected Version(s): Part Number #53402 (GDMSLK02 C-INIC3637-V1.1)
Tested Version(s): Part Number #53402 (GDMSLK02 C-INIC3637-V1.1)
Vulnerability Type: Use of a Cryptographic Primitive with a Risky
Implementation (CWE-1240)
Risk Level:...

[SYSS-2025-015]: Verbatim Keypad Secure (security update v1.0.0.6) - Offline brute-force attack

Posted by Matthias Deeg via Fulldisclosure on Oct 21

Advisory ID: SYSS-2025-015
Product: Keypad Secure USB 3.2 Gen 1 Drive
Manufacturer: Verbatim
Affected Version(s): Part Number #49427 (GDMSLK03A-IN3637 VER1.0)
Part Number #49428 (GDMSLK03A-IN3637 VER1.0)
Tested Version(s): Part Number #49427 (GDMSLK03A-IN3637 VER1.0)
Part Number #49428 (GDMSLK03A-IN3637 VER1.0)
Vulnerability Type:...

Malvuln - MISP compatible malware vulnerability intelligence feed now live

Posted by malvuln on Oct 21

Greetings, I created a MISP-compatible feed for Malvuln that provides
malware-vulnerability intelligence; vulnerability types are normalized
and mapped to the MITRE ATT&CK framework to improve tagging,
correlation and threat analysis.

https://intel.malvuln.com

Track vulnerable malware, for researchers or anyone building CTI
pipelines Existing data live now โ€” new entries soon Feedback welcome.

Thank you
malvuln

BSidesSF 2026 CFP still open until October 28th

Posted by BSidesSF CFP via Fulldisclosure on Oct 21

BSidesSF is still soliciting submissions for the annual BSidesSF
conference on March 21-22, 2026. Call for participation is currently
open for both Informational/Collaborative Tracks. Our theme for 2026
is "BSidesSF: The Musical". Deadline for submissions is OCTOBER 28,
2025. https://bsidessf.org/cfp

BSidesSF (bsidessf.org) is a non-profit organization designed to
advance the body of Information Security knowledge, by providing an...

Google Firebase hosting suspension / "malware distribution" bypass

Posted by Security Explorations on Oct 21

Dear All,

We have recently experienced "an outage" / unavailability of our website
[1] due to Google suspending our Firebase project (the root for our website
hosting).

On Oct 16, 2025 (23:20 PM CET) we received a message [2] from Google Cloud
Compliance, which indicated our hosting project was potentially violating
Google Policies / TOS due to "hosting, distributing, or facilitating the
distribution of malware, unwanted...

CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS

Posted by Thomas Weber | CyberDanube via Fulldisclosure on Oct 18

CyberDanube Security Research 20251014-0
-------------------------------------------------------------------------------
title| Multiple Vulnerabilities
product| QUINT4-UPS
vulnerable version| VC:00<VC:07
fixed version| VC:07 (partially)
CVE number| CVE-2025-41703, CVE-2025-41704, CVE-2025-41705,
| CVE-2025-41706, CVE-2025-41707
impact| High...

apis.google.com - Insecure redirect via __lu parameter (exploited in the wild)

Posted by Patrick via Fulldisclosure on Oct 18

----------------------------------------------------------------------------
Summary
----------------------------------------------------------------------------
A CWE-601 (Open Redirect) vulnerability has been identified in the additnow
functionality of apis.google.com. The vulnerability has been actively exploited
in targeted phishing attacks since at least September 15, 2025....

Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a

Posted by cve on Oct 18

The critical vulnerabilities discovered within Mercku routers,
specifically the M6a model, that could pose serious security threats to
home networks. These issues allow remote code execution with minimal
effort, tested against version 2.1.0 of the official firmware.

I have also submitted a CVE request in June 2024 (CVE Request 1744791)

CSRF Vulnerability: Attackers can force a password reset without
the user's consent,...

Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)

Posted by Gynvael Coldwind on Oct 15

Vendor Response Pattern

Hi Christopher,

Vendor is correct with this one. The problem isn't the vendor's site โ€“ it's
that the browser is already pwned with the malicious browser extension
(this is site-agnostic).
You've mentioned "No user interaction required beyond normal application
usage.", but having "Malicious browser extension" installed is anything but
normal application usage.

This is not a...

Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)

Posted by Christopher Dickinson via Fulldisclosure on Oct 13

Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com

CVE Identifiers

* CVE-2025-[PENDING] - Excessive Data Exposure / JWT Token Leakage
* CVE-2025-[PENDING] - Broken Object Level Authorization (IDOR)
* CVE-2025-[PENDING] - Unrestricted Resource Consumption (DoS)

Executive Summary
This security advisory details three significant vulnerabilities discovered in the Suno.com web application and API
infrastructure on October 9,...

[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal

Posted by SBA Research Security Advisory via Fulldisclosure on Oct 13

# Checkmk Path Traversal #

Link: https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250730-01_Checkmk_Path_Traversal

## Vulnerability Overview ##

Checkmk in versions before 2.4.0p13, 2.3.0p38 and 2.2.0p46, as well as since
version 2.1.0b1 is prone to a path traversal vulnerability in the report
scheduler. Due to an insufficient validation of a file name input, users can
store reports in arbitrary locations on the server.

*...

[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files

Posted by SBA Research Security Advisory via Fulldisclosure on Oct 13

# Checkmk Agent Privilege Escalation via Insecure Temporary Files #

Link:
https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20250724-01_Checkmk_Agent_Privilege_Escalation_via_Insecure_Temporary_Files

## Vulnerability Overview ##

The `win_license` plugin as included in Checkmk agent for Windows versions
before 2.4.0p13, 2.3.0p38 and 2.2.0p46, as well as since version 2.1.0b2 and
2.0.0p28 allows low privileged users to escalate...

CVE-2025-59397 - Open Web Analytics SQL Injection

Posted by Seralys Research Team via Fulldisclosure on Oct 08

Seralys Security Advisory | https://www.seralys.com/research
======================================================================
Title: SQL Injection Vulnerability
Product: Open Web Analytics (OWA)
Affected: Confirmed on 1.8.0 (older versions likely affected)
Fixed in: 1.8.1
Vendor: Open Web Analytics (open-source)
Discovered: August 2025
Severity: HIGH
CWE: CWE-89: SQL Injection
CVE: CVE-2025-59397...

Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFER whitelisting goes black on Windows 11

Posted by Stefan Kanthak via Fulldisclosure on Oct 07

On a fresh installation of the just released Windows 11 25H2 the former file
%SystemRoot%\System32\SecurityHealth\10.0.27840.1000-0\SecurityHealthHost.exe
is %SystemRoot%\System32\SecurityHealthHost.exe now, but the BUG persists:

| svchost.exe (PID = 9876) identified \\?\C:\Windows\System32\SecurityHealthHost.exe
| as Disallowed using default rule, Guid = {11015445-d282-4f86-96a2-9e485f593302}

stay tuned, and far away from bug-riddled Windows...

Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib

Posted by Ron E on Sep 30

A denial-of-service vulnerability exists in Samtools and the underlying
HTSlib when processing BED files containing extremely large interval
values. The bed_index_core() function in bedidx.c uses the interval end
coordinate to calculate allocation size without sufficient validation. By
supplying a BED record with a crafted end coordinate (e.g., near 2^61), an
attacker can trigger uncontrolled memory allocation requests via
hts_resize_array_()....

Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow

Posted by Ron E on Sep 30

In the samtools coverage subcommand, the -w / --n-bins option allows the
user to specify how many โ€œbinsโ€ to produce in the coverage histogram. The
code computes: stats[tid].bin_width = (stats[tid].end - stats[tid].beg) /
n_bins; When the number of bins (n_bins) is extremely large relative to the
region length (end - beg), this integer division can yield zero, or lead to
unexpected behavior in subsequent arithmetic. Later in print_hist(),...

libgeotiff 1.7.4 Heap Buffer Overflow in geotifcp (libgeotiff) During 8-to-4 Bit Downsample with Odd Image Width

Posted by Ron E on Sep 30

A heap buffer overflow vulnerability exists in the geotifcp utility,
distributed as part of libgeotiff. The flaw occurs in the function
cpContig2ContigByRow_8_to_4 when processing TIFF images with an odd
ImageWidth and using the -d option (downsampling from 8-bit to 4-bit).
During conversion, the function iterates over pixels in pairs and always
accesses buf_in[i_in+1]. When the width is odd, the last iteration
dereferences one byte past the...

APPLE-SA-09-29-2025-6 visionOS 26.0.1

Posted by Apple Product Security via Fulldisclosure on Sep 30

APPLE-SA-09-29-2025-6 visionOS 26.0.1

visionOS 26.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125338.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

FontParser
Available for: Apple Vision Pro
Impact: Processing a maliciously crafted font may lead to unexpected app
termination...

APPLE-SA-09-29-2025-5 macOS Sonoma 14.8.1

Posted by Apple Product Security via Fulldisclosure on Sep 30

APPLE-SA-09-29-2025-5 macOS Sonoma 14.8.1

macOS Sonoma 14.8.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125330.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

FontParser
Available for: macOS Sonoma
Impact: Processing a maliciously crafted font may lead to unexpected app...

APPLE-SA-09-29-2025-4 macOS Sequoia 15.7.1

Posted by Apple Product Security via Fulldisclosure on Sep 30

APPLE-SA-09-29-2025-4 macOS Sequoia 15.7.1

macOS Sequoia 15.7.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125329.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

FontParser
Available for: macOS Sequoia
Impact: Processing a maliciously crafted font may lead to unexpected app...

APPLE-SA-09-29-2025-3 macOS Tahoe 26.0.1

Posted by Apple Product Security via Fulldisclosure on Sep 30

APPLE-SA-09-29-2025-3 macOS Tahoe 26.0.1

macOS Tahoe 26.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125328.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

FontParser
Available for: macOS Tahoe
Impact: Processing a maliciously crafted font may lead to unexpected app
termination...

APPLE-SA-09-29-2025-2 iOS 18.7.1 and iPadOS 18.7.1

Posted by Apple Product Security via Fulldisclosure on Sep 30

APPLE-SA-09-29-2025-2 iOS 18.7.1 and iPadOS 18.7.1

iOS 18.7.1 and iPadOS 18.7.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125327.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

FontParser
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and...

APPLE-SA-09-29-2025-1 iOS 26.0.1 and iPadOS 26.0.1

Posted by Apple Product Security via Fulldisclosure on Sep 30

APPLE-SA-09-29-2025-1 iOS 26.0.1 and iPadOS 26.0.1

iOS 26.0.1 and iPadOS 26.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125326.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

FontParser
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation
and later, iPad Pro...

SEC Consult SA-20250925-0 :: Multiple Vulnerabilities in iMonitorSoft EAM employee monitoring #CVE-2025-10540 #CVE-2025-10541 #CVE-2025-10542

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Sep 25

SEC Consult Vulnerability Lab Security Advisory < 20250925-0 >
=======================================================================
title: Multiple Vulnerabilities
product: iMonitorSoft EAM
vulnerable version: iMonitor EAM 9.6394
fixed version: -
CVE number: CVE-2025-10540, CVE-2025-10541, CVE-2025-10542
impact: Critical
homepage:...

SEC Consult SA-20250923-0 :: Missing Certificate Validation leading to RCE in CleverControl employee monitoring software #CVE-2025-10548

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Sep 25

SEC Consult Vulnerability Lab Security Advisory < 20250923-0 >
=======================================================================
title: Missing Certificate Validation leading to RCE
product: CleverControl employee monitoring software
vulnerable version: 11.5.1041.6
fixed version: -
CVE number: CVE-2025-10548
impact: high
homepage: https://clevercontrol.com...

CyberDanube Security Research 20250919-0 | Multiple Vulnerabilities in Novakon P series

Posted by Thomas Weber | CyberDanube via Fulldisclosure on Sep 25

CyberDanube Security Research 20250919-0
-------------------------------------------------------------------------------
title| Multiple Vulnerabilities in Novakon HMI Series
product| Novakon Touch Screen HMI P Series
vulnerable version| P - V2001.A.c518o2
fixed version| -
CVE number| CVE-2025-9962, CVE-2025-9963, CVE-2025-9964,
| CVE-2025-9965, CVE-2025-9966...

CyberDanube Security Research 20250909-0 | Cross-Site Scripting in Schneider ATV 630

Posted by Thomas Weber | CyberDanube via Fulldisclosure on Sep 25

CyberDanube Security Research 20250909-0
-------------------------------------------------------------------------------
title| Reflected XSS
product| ATV 630
vulnerable version| "see Vulnerable versions"
fixed version| none
CVE number| CVE-2025-7746
impact| Medium
homepage| https://www.se.com/
found| 2025-03-11
by| T....

xpra server information disclosure

Posted by Antoine Martin via Fulldisclosure on Sep 25

1) About Xpra
Xpra is known as "screen for X11".
https://xpra.org/
"Xpra forwards and synchronizes many extra desktop features, which
allows remote applications to integrate transparently into the client's
desktop environment: audio input and output, printers, clipboard, system
trays, notifications, webcams, etc."

2) Vulnerability
Using the server's "control" subsystem, a client can enable sensitive...

Defense in depth -- the Microsoft way (part 94): BACKDOOR planted in AppLocker

Posted by Stefan Kanthak via Fulldisclosure on Sep 22

Hi @ll,

since several years Microsoft installs the DLLs domain_actions.dll
and well_known_domains.dll as part of their Edge browser as well as
Windows' WebView component into each and every user profile,
UNPROTECTED against tampering.

On Windows 11 24H2 their paths are currently
"%LOCALAPPDATA%\Microsoft\Edge\User Data\Domain Actions\3.0.0.16\domain_actions.dll"
"%LOCALAPPDATA%\Microsoft\Edge\User Data\Domain...

Defense in depth -- the Microsoft way (part 94): BACKDOOR planted in AppLocker

Posted by Stefan Kanthak via Fulldisclosure on Sep 22

Hi @ll,

since several years Microsoft installs the DLLs domain_actions.dll
and well_known_domains.dll as part of their Edge browser as well as
Windows' WebView component into each and every user profile,
UNPROTECTED against tampering.

On Windows 11 24H2 their paths are currently
"%LOCALAPPDATA%\Microsoft\Edge\User Data\Domain Actions\3.0.0.16\domain_actions.dll"
"%LOCALAPPDATA%\Microsoft\Edge\User Data\Domain...

Defense in depth -- the Microsoft way (part 93): SRP/SAFER whitelisting goes black on Windows 11

Posted by Stefan Kanthak via Fulldisclosure on Sep 22

Hi @ll,

more than 2.5 years ago I posted "Defense in depth -- the Microsoft way
(part 82): INVALID/BOGUS AppLocker rules disable SAFER on Windows 11 22H2"
<https://seclists.org/fulldisclosure/2023/Feb/13>

In "SRP on Windows 11" <https://seclists.org/fulldisclosure/2023/Mar/1>
Andy Ful presented a persistent correction some days later.

Since several months now (unfortunately I can't tell the exact time)...

libelf 0.8.12 Stack-based buffer overflow in gmo2msg (libelf) via unbounded sprintf of lang argument

Posted by Ron E on Sep 22

gmo2msg in libelf contains a stack-based buffer overflow in po/gmo2msg.c
when constructing filenames from the first program argument (lang). The
program uses a fixed-size local buffer (char buf[1024]) and writes into it
using sprintf(buf, "%s.gmo", lang) and sprintf(buf, "%s.msg", lang) without
validating the length of lang. Supplying a sufficiently long lang argument
(e.g., ~1200 bytes) causes sprintf to write past the end of...

Stored HTML Injection - flatpressv1.4.1

Posted by Andrey Stoykov on Sep 22

# Exploit Title: Stored HTML Injection - flatpressv1.4.1
# Date: 09/2025
# Exploit Author: Andrey Stoykov
# Version: 1.4.1
# Tested on: Debian 12
# Blog:
https://msecureltd.blogspot.com/2025/09/friday-fun-pentest-series-41-stored.html

Stored HTML Injection:

Steps to Reproduce:

- Login with admin user and visit "Main" > "New Entry" > "Write Entry" and
in the description enter the payload "[html]<div...

Current Password not Required When Changing Password - flatpressv1.4.1

Posted by Andrey Stoykov on Sep 22

# Exploit Title: Current Password not Required When Changing Password -
flatpressv1.4.1
# Date: 09/2025
# Exploit Author: Andrey Stoykov
# Version: 1.4.1
# Tested on: Debian 12
# Blog:
https://msecureltd.blogspot.com/2025/09/friday-fun-pentest-series-42-current.html

Current Password not Required When Changing Password:

Steps to Reproduce:

- Login with admin user and visit "Main" > "Configuration" > "General...

[CFP] Burning River Cyber Con '25 - Cleveland, OH

Posted by Burning River Cyber Con via Fulldisclosure on Sep 22

Burning River CyberCon is seeking submissions for our 2025 conference. We're looking for presentations on all things
infosec, from vulnerability research and exploit development to red teaming and security automation.

Key Details:

-

CFP Link: https://burningrivercybercon.com/call-for-papers

-

CFP Closes: October 1, 2025

-

Conference Date: November 15, 2025

Submit your talk today.

APPLE-SA-09-15-2025-12 Xcode 26

Posted by Apple Product Security via Fulldisclosure on Sep 15

APPLE-SA-09-15-2025-12 Xcode 26

Xcode 26 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125117.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Dev Tools
Available for: macOS Sequoia 15.6 and later
Impact: Processing an overly large path value may crash a process
Description: A path...

APPLE-SA-09-15-2025-11 Safari 26

Posted by Apple Product Security via Fulldisclosure on Sep 15

APPLE-SA-09-15-2025-11 Safari 26

Safari 26 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125113.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Safari
Available for: macOS Sonoma and macOS Sequoia
Impact: Visiting a malicious website may lead to address bar spoofing
Description: The...

APPLE-SA-09-15-2025-10 visionOS 26

Posted by Apple Product Security via Fulldisclosure on Sep 15

APPLE-SA-09-15-2025-10 visionOS 26

visionOS 26 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125115.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AppleMobileFileIntegrity
Available for: Apple Vision Pro
Impact: An app may be able to access sensitive user data
Description: A...

APPLE-SA-09-15-2025-9 watchOS 26

Posted by Apple Product Security via Fulldisclosure on Sep 15

APPLE-SA-09-15-2025-9 watchOS 26

watchOS 26 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125116.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Apple Neural Engine
Available for: Apple Watch Series 9 and later, Apple Watch SE 2nd
generation, Apple Watch Ultra (all models)
Impact:...

APPLE-SA-09-15-2025-8 tvOS 26

Posted by Apple Product Security via Fulldisclosure on Sep 15

APPLE-SA-09-15-2025-8 tvOS 26

tvOS 26 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125114.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Apple Neural Engine
Available for: Apple TV 4K (2nd generation and later)
Impact: An app may be able to cause unexpected system termination...

APPLE-SA-09-15-2025-7 macOS Sonoma 14.8

Posted by Apple Product Security via Fulldisclosure on Sep 15

APPLE-SA-09-15-2025-7 macOS Sonoma 14.8

macOS Sonoma 14.8 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125112.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AMD
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination
Description: A buffer...

APPLE-SA-09-15-2025-6 macOS Sequoia 15.7

Posted by Apple Product Security via Fulldisclosure on Sep 15

APPLE-SA-09-15-2025-6 macOS Sequoia 15.7

macOS Sequoia 15.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125111.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

AMD
Available for: macOS Sequoia
Impact: An app may be able to cause unexpected system termination
Description: A buffer...

APPLE-SA-09-15-2025-5 macOS Tahoe 26

Posted by Apple Product Security via Fulldisclosure on Sep 15

APPLE-SA-09-15-2025-5 macOS Tahoe 26

macOS Tahoe 26 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125110.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Airport
Available for: Mac Studio (2022 and later), iMac (2020 and later), Mac
Pro (2019 and later), Mac mini (2020 and later),...

APPLE-SA-09-15-2025-4 iOS 15.8.5 and iPadOS 15.8.5

Posted by Apple Product Security via Fulldisclosure on Sep 15

APPLE-SA-09-15-2025-4 iOS 15.8.5 and iPadOS 15.8.5

iOS 15.8.5 and iPadOS 15.8.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125142.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

ImageIO
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE
(1st generation), iPad...

APPLE-SA-09-15-2025-3 iOS 16.7.12 and iPadOS 16.7.12

Posted by Apple Product Security via Fulldisclosure on Sep 15

APPLE-SA-09-15-2025-3 iOS 16.7.12 and iPadOS 16.7.12

iOS 16.7.12 and iPadOS 16.7.12 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125141.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

ImageIO
Available for: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation,
iPad Pro 9.7-inch,...

APPLE-SA-09-15-2025-2 iOS 18.7 and iPadOS 18.7

Posted by Apple Product Security via Fulldisclosure on Sep 15

APPLE-SA-09-15-2025-2 iOS 18.7 and iPadOS 18.7

iOS 18.7 and iPadOS 18.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125109.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Audio
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and later, iPad...

APPLE-SA-09-15-2025-1 iOS 26 and iPadOS 26

Posted by Apple Product Security via Fulldisclosure on Sep 15

APPLE-SA-09-15-2025-1 iOS 26 and iPadOS 26

iOS 26 and iPadOS 26 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125108.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Apple Neural Engine
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation
and later, iPad Pro 11-inch...

libwmf v0.2.13 Integer Overflow in libwmf Left-Shift Operations (wmf.c, fig.c, svg.c)

Posted by Ron E on Sep 15

libwmf is vulnerable to an integer overflow / undefined behavior condition
in multiple code paths. The affected source files (wmf.c, fig.c, svg.c) use
left-shift operations on signed integers that shift into the sign bit
(e.g., 1 << 31). According to the C standard, shifting a signed integer
into the sign bit is undefined behavior and may lead to incorrect values or
unexpected execution paths. When a crafted WMF file is processed with tools...

CHMLib 0.40a Integer Overflow in _unmarshal_int32 / _unmarshal_uint32 During CHM Header Parsing

Posted by Ron E on Sep 15

A vulnerability exists in CHMLib (latest release 0.40) when parsing
malformed CHM (Compiled HTML Help) files. The functions _unmarshal_int32
and _unmarshal_uint32 reconstruct 32-bit values using left shifts on signed
integers without proper type casting: *dest = (*pData)[0] | (*pData)[1]<<8
| (*pData)[2]<<16 | (*pData)[3]<<24; If an attacker supplies crafted input
such that the most significant byte is 0xFF, this triggers a left...

CHMLIB 0.40a Integer Overflow in LZX Decompression of CHMLib

Posted by Ron E on Sep 15

An integer overflow vulnerability exists in the LZX decompression routines
of CHMLib (tested in version 0.40, latest release as of 2025). The issue
occurs within lzx.c during bitstream parsing (lzx_read_lens and
LZXdecompress), where crafted CHM files can supply values that cause
left-shift operations to exceed the representable range of 32-bit signed
integers. When processing malformed compressed blocks, operations such as:
leaf = pos >>...

libvips v8.18.0 Function Pointer Type Confusion in libvips Callback Dispatch

Posted by Ron E on Sep 15

Multiple functions in libvips invoke callbacks through incorrectly cast
function pointers, resulting in Undefined Behavior (UB). During
runtime, callbacks
such as search_package, vips_class_map_all, vips_foreign_find_load_sub,
vips_object_real_postbuild, and vips_area_free_cb are called through
function pointer types that do not match their actual signatures. This is
benign on x86-64, where calling conventions tolerate mismatches, but on
stricter...

gbsplay 0.0.100-18 Heap Buffer Overflow in update_status_on_subsong_change in gbsplay

Posted by Ron E on Sep 15

A heap buffer overflow vulnerability exists in gbsplay 0.0.100-18-g50352f3
(latest development snapshot at the time of testing). When opening a
crafted GBS file with inconsistent subsong metadata, the function
update_status_on_subsong_change (gbs.c:501) reads past the bounds of a
heap-allocated structure. The bug is triggered during subsong status update
when the reported total_songs or subsong indices are malformed.
AddressSanitizer (ASan)...
โŒ