Sign-up

VARIoT news about IoT security

Analyzing CVE-2025-31191: A macOS security-scoped bookmarks-based sandbox escape - ThreatsHub Cybersecurity News

Related entries in the VARIoT vulnerabilities database: VAR-202208-1613, VAR-202205-1302, VAR-202108-2070

Trust: 4.75

Fetched: May 2, 2025, 9:18 a.m., Published: May 1, 2025, 5 p.m.
 Vulnerabilities: script execution
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2022-26696, CVE-2022-26706, CVE-2021-30864, CVE-2025-31191

Your Apple devices are exposed to hackers until you install these updates | KnowTechie

Trust: 3.5

Fetched: May 2, 2025, 9:14 a.m., Published: May 1, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macbook
vendor: apple model: iphone
vendor: apple model: apple tv

Critical Revolution Pi Security Flaws: How to Protect Industrial IoT Devices from Exploitation | Windows Forum

Trust: 4.5

Fetched: May 2, 2025, 9:13 a.m., Published: May 2, 2025, midnight
 Vulnerabilities: authentication bypass, path traversal, cross-site scripting...
Affected productsExternal IDs
db: NVD ids: CVE-2025-24522, CVE-2025-32011, CVE-2025-35996, CVE-2025-36558

Apple AirPlay SDK devices at risk of takeover-make sure you update | Malwarebytes

Trust: 5.5

Fetched: May 2, 2025, 9:12 a.m., Published: May 1, 2025, 12:14 p.m.
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: ipad
vendor: apple model: software update
vendor: apple model: apple tv
db: NVD ids: CVE-2025-24206, CVE-2025-24252, CVE-2025-24132

Zero Click AirPlay Exploit Puts Apple Devices at Risk: Learn How to Protect Your Organization

Trust: 4.5

Fetched: May 2, 2025, 9:12 a.m., Published: May 17, 2025, midnight
 Vulnerabilities: code execution, buffer overflow, use after free
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: macbook
db: NVD ids: CVE-2025-24271, CVE-2025-24137, CVE-2025-24206, CVE-2025-24132, CVE-2025-24252

2 Apple iPhone Zero-Day Vulnerabilities Actively Exploited in Extremely Sophisticated Attacks

Trust: 4.5

Fetched: May 2, 2025, 9:11 a.m., Published: April 16, 2025, 9:57 p.m.
 Vulnerabilities: memory corruption, code execution
Affected productsExternal IDs
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: ipad
vendor: apple model: software update
db: NVD ids: CVE-2025-31201, CVE-2025-31200

Millions of Apple AirPlay devices susceptible to 'AirBorne' zero-click RCE attacks, so patch now | TechRadar

Trust: 5.5

Fetched: May 2, 2025, 9:11 a.m., Published: April 30, 2025, 11:30 a.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
vendor: apple model: macbook
vendor: apple model: macos
vendor: apple model: ipad
vendor: apple model: iphone
db: NVD ids: CVE-2025-24206, CVE-2025-24252, CVE-2025-24132

Vulnerabilities in Apple's AirPlay protocol make billions of devices vulnerable - Techzine Global

Trust: 5.75

Fetched: May 2, 2025, 9:09 a.m., Published: May 2, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: iphone
vendor: apple model: ipad
vendor: apple model: webkit
vendor: apple model: safari
db: NVD ids: CVE-2025-24206, CVE-2025-24252, CVE-2025-24132

Urgent Apple AirPlay Security Alert Sounds For Billions Of Devices | HotHardware

Trust: 4.25

Fetched: May 2, 2025, 9:08 a.m., Published: May 1, 2025, 10:24 a.m.
 Vulnerabilities: code execution, use after free
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: apple model: macos
vendor: apple model: iphone
vendor: apple model: watchos
vendor: apple model: ipad

Critical Industrial Device Vulnerability: Protecting OT Systems Against JTAG Exploits | Windows Forum

Trust: 4.25

Fetched: May 2, 2025, 9:07 a.m., Published: May 2, 2025, midnight
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
vendor: rockwell model: powermonitor 1000
vendor: rockwell automation model: powermonitor 1000
vendor: stmicroelectronics model: stm32l4
db: NVD ids: CVE-2020-27212

CVE-2025-32433: Maximum Severity Unauthenticated RCE Vulnerability in Erlang/OTP SSH - Arctic Wolf

Related entries in the VARIoT vulnerabilities database: VAR-202504-1178

Trust: 5.0

Fetched: April 30, 2025, 9:34 a.m., Published: April 21, 2025, 7:14 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: routers
db: NVD ids: CVE-2025-32433

CVE-2025-22900: Stack Overflow Vulnerability in Totolink N600R Leading to Potential System Compromise - Cybersecurity Exploit Tracker by Ameeba

Related entries in the VARIoT vulnerabilities database: VAR-202504-1797

Trust: 3.0

Fetched: April 30, 2025, 9:34 a.m., Published: April 22, 2025, 1:38 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-22900

17,000+ Fortinet Devices Compromised in Massive Hack via Symbolic Link Exploit

Trust: 3.5

Fetched: April 30, 2025, 9:27 a.m., Published: April 18, 2025, 3:47 a.m.
 Vulnerabilities: symbolic link attack
Affected productsExternal IDs
vendor: fortigate model: fortios
vendor: trend model: security

This newly discovered iOS flaw could completely brick your iPhone with a single line of code | Tom's Guide

Trust: 3.75

Fetched: April 30, 2025, 9:14 a.m., Published: April 28, 2025, 3:15 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: apple model: iphone

7 Proactive Steps to Better IoT Security - Blue Goat Cyber

Trust: 3.75

Fetched: April 30, 2025, 9:14 a.m., Published: Jan. 29, 2024, 11:31 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home

Brocade Fabric OS flaw could allow code injection attacks | CSO Online

Trust: 6.0

Fetched: April 30, 2025, 9:13 a.m., Published: April 29, 2025, midnight
 Vulnerabilities: code injection
Affected productsExternal IDs
vendor: brocade model: brocade fabric os
vendor: brocade model: fabric os
db: NVD ids: CVE-2025-1976

IT Vulnerability Report: Fortinet Devices Vulnerable to Exploit

Related entries in the VARIoT vulnerabilities database: VAR-202212-1132, VAR-202504-1837

Trust: 5.5

Fetched: April 30, 2025, 9:13 a.m., Published: April 21, 2025, 12:46 p.m.
 Vulnerabilities: buffer overflow, authentication bypass, privilege escalation...
Affected productsExternal IDs
vendor: alsa model: alsa
db: NVD ids: CVE-2025-24071, CVE-2025-3102, CVE-2023-27997, CVE-2024-21762, CVE-2022-42475, CVE-2025-30065, CVE-2025-31334, CVE-2024-53197, CVE-2025-23120, CVE-2025-2005, CVE-2024-48887, CVE-2025-22457

WinZip MotW Bypass Vulnerability Let Hackers Execute Malicious Code Silently

Trust: 4.25

Fetched: April 30, 2025, 9:12 a.m., Published: April 22, 2025, 2:37 a.m.
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
vendor: trend model: antivirus
vendor: trend model: security
db: NVD ids: CVE-2025-0411, CVE-2024-8811, CVE-2025-31334, CVE-2025-33028

Critical Craft CMS RCE 0-Day Vulnerability Exploited in Attacks to Steal Data

Trust: 4.75

Fetched: April 30, 2025, 9:11 a.m., Published: April 26, 2025, 4:07 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-58136, CVE-2025-32432, CVE-2025-23209

Hackers Attacking Network Edge Devices to Compromise SMB Organizations

Trust: 3.5

Fetched: April 30, 2025, 9:11 a.m., Published: April 22, 2025, 1:20 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: citrix model: gateway
vendor: citrix model: netscaler gateway
vendor: citrix model: netscaler
db: NVD ids: CVE-2024-40711