Sign-up

VARIoT news about IoT security

Apple Patches 2025’s First Zero-Day Vulnerability Exploited in iPhone Attacks | Black Hat Ethical Hacking

Related entries in the VARIoT vulnerabilities database: VAR-202501-3666

Trust: 6.0

Fetched: Jan. 29, 2025, 9:33 a.m., Published: Jan. 28, 2025, 9:58 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: apple model: apple tv
vendor: apple model: macos
vendor: apple model: watch
vendor: apple model: ipad
vendor: apple model: ipad air
vendor: apple model: iphone
db: NVD ids: CVE-2025-24085

Update Your IPhone, IPad, And Mac Immediately To Address These Security Vulnerabilities | Digital Market News

Related entries in the VARIoT vulnerabilities database: VAR-202501-3666

Trust: 5.25

Fetched: Jan. 29, 2025, 9:31 a.m., Published: Jan. 27, 2025, 7:32 p.m.
 Vulnerabilities: pointer dereference issue, command injection, buffer overflow...
Affected productsExternal IDs
vendor: trend micro model: security
vendor: apple model: watch
vendor: apple model: ipad
vendor: apple model: icloud
vendor: apple model: safari
vendor: apple model: tvos
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: ipad air
vendor: apple model: macos
vendor: trend model: security
db: NVD ids: CVE-2025-24116, CVE-2025-24154, CVE-2025-24096, CVE-2025-24149, CVE-2025-24145, CVE-2025-24108, CVE-2025-24113, CVE-2025-24121, CVE-2025-24146, CVE-2025-24100, CVE-2025-24102, CVE-2025-24128, CVE-2025-24085, CVE-2025-24150, CVE-2025-24143, CVE-2025-24158, CVE-2025-24177, CVE-2025-24112, CVE-2025-24101, CVE-2025-24139, CVE-2025-24106, CVE-2025-24117, CVE-2025-24136, CVE-2025-24086, CVE-2025-24140, CVE-2025-24129, CVE-2025-24159, CVE-2025-24114, CVE-2025-24162, CVE-2025-24131, CVE-2025-24151, CVE-2025-24141, CVE-2025-24104, CVE-2025-24137, CVE-2025-24087, CVE-2025-24118, CVE-2025-24109, CVE-2025-24138, CVE-2025-24130, CVE-2025-24160, CVE-2025-24115, CVE-2025-24152, CVE-2025-24163, CVE-2025-24161, CVE-2025-24169, CVE-2025-24092, CVE-2025-24127, CVE-2025-24153, CVE-2025-24134, CVE-2025-24166, CVE-2025-24124, CVE-2025-24103, CVE-2025-24123, CVE-2025-24176, CVE-2025-24122, CVE-2025-24094, CVE-2025-24174, CVE-2025-24126, CVE-2025-24135, CVE-2024-9956, CVE-2025-24107

Cybersecurity Threat Advisory: Apple iOS zero-day vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-202501-3666

Trust: 4.75

Fetched: Jan. 29, 2025, 9:30 a.m., Published: Jan. 28, 2025, 8:59 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: barracuda model: barracuda
vendor: apple model: macos
db: NVD ids: CVE-2025-24085

Update Canonical Ubuntu Desktop: USN-7223-1: OpenJPEG vulnerabilities

Trust: 6.25

Fetched: Jan. 29, 2025, 9:30 a.m., Published: Jan. 29, 7223, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2024-56827, CVE-2024-56826

Critical MediaTek Processor Vulnerability Exposes Millions of Devices

Trust: 6.0

Fetched: Jan. 29, 2025, 9:29 a.m., Published: Jan. 3, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: home
db: NVD ids: CVE-2024-20154

Fortinet Authentication Vulnerability Exploited to Gain Super-Admin Access

Trust: 4.5

Fetched: Jan. 29, 2025, 9:29 a.m., Published: Jan. 28, 2025, 10:04 a.m.
 Vulnerabilities: authentication bypass, authentication vulnerability, privilege escalation
Affected productsExternal IDs
vendor: fortigate model: fortios
vendor: node.js model: node.js
db: NVD ids: CVE-2024-55591

Apple zero-day vulnerability under attack on iOS devices | TechTarget

Related entries in the VARIoT vulnerabilities database: VAR-202501-3666

Trust: 3.75

Fetched: Jan. 29, 2025, 9:28 a.m., Published: Jan. 28, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: tvos
vendor: apple model: watchos
db: NVD ids: CVE-2024-44309, CVE-2025-24085, CVE-2024-44308

Netgear DGN Devices - Command Execution - Vulnerability & Exploit Database

Trust: 4.0

Fetched: Jan. 29, 2025, 9:27 a.m., Published: Jan. 27, 2025, midnight
 Vulnerabilities: command execution
Affected productsExternal IDs

Critical vulnerabilities found in Apple devices, users should update immediately

Trust: 3.0

Fetched: Jan. 29, 2025, 9:26 a.m., Published: Jan. 29, 2025, 11:25 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos

Hackers Actively Exploiting Zyxel 0-day Vulnerability to Execute Arbitrary Commands

Trust: 5.0

Fetched: Jan. 29, 2025, 9:25 a.m., Published: Jan. 29, 2025, 8:33 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-40891, CVE-2024-40890

Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) - Help Net Security

Related entries in the VARIoT vulnerabilities database: VAR-202501-3666

Trust: 5.0

Fetched: Jan. 29, 2025, 9:25 a.m., Published: Jan. 28, 2025, 11:10 a.m.
 Vulnerabilities: use after free
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: tvos
vendor: apple model: watchos
vendor: apple model: iphone
db: NVD ids: CVE-2025-24085

Apple Urges Immediate Updates to Fix Zero-Day Vulnerability in iPhones and Macs - MashViral

Related entries in the VARIoT vulnerabilities database: VAR-202501-3666

Trust: 4.5

Fetched: Jan. 29, 2025, 9:24 a.m., Published: Jan. 28, 2025, 5:30 p.m.
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
vendor: apple model: watch
vendor: apple model: ipad
vendor: apple model: software update
vendor: apple model: safari
vendor: apple model: apple tv
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: ipad air
vendor: apple model: macos
vendor: apple model: watchos
db: NVD ids: CVE-2025-24085

iOS Zero-Day Vulnerability Exploited: Apple Issues Emergency Patch for iPhones and iPads

Trust: 4.75

Fetched: Jan. 29, 2025, 9:24 a.m., Published: Jan. 28, 2025, 6:30 p.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: software update
vendor: apple model: safari
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: ipad air
db: NVD ids: CVE-2025-0001

CERT-In flags vulnerabilities in Apple devices - The Hindu BusinessLine

Trust: 5.0

Fetched: Jan. 29, 2025, 9:23 a.m., Published: Jan. 29, 2025, 3:24 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: apple model: macos

CVE-2024-34733 : Arbitrary Code Execution Vulnerability in Device Memory Server by Android | SecurityVulnerability.io

Trust: 3.25

Fetched: Jan. 29, 2025, 9:23 a.m., Published: Jan. 28, 2025, 7:13 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-34733

CISA flags hardware vulnerabilities in ICS and medical devices; affects B&R, Schneider Electric, Rockwell, BD Systems - Industrial Cyber

Trust: 5.25

Fetched: Jan. 29, 2025, 9:22 a.m., Published: Jan. 29, 2025, 8:15 a.m.
 Vulnerabilities: command injection, path traversal, use after free...
Affected productsExternal IDs
vendor: rockwell automation model: automation factorytalk
vendor: rockwell automation model: automation factorytalk view se
vendor: rockwell automation model: factorytalk view se
vendor: rockwell automation model: factorytalk view
vendor: rockwell automation model: factorytalk
vendor: schneider electric model: monitor
vendor: schneider electric model: modbus
vendor: schneider electric model: scadapack
vendor: rockwell model: automation factorytalk
vendor: rockwell model: automation factorytalk view se
vendor: rockwell model: factorytalk view se
vendor: rockwell model: factorytalk view
vendor: rockwell model: factorytalk
vendor: schneider model: monitor
vendor: schneider model: modbus
vendor: schneider model: scadapack
db: NVD ids: CVE-2024-10497, CVE-2024-8603, CVE-2024-11932, CVE-2025-24480, CVE-2025-0659, CVE-2025-24479, CVE-2025-24482, CVE-2020-11656, CVE-2024-10476, CVE-2025-24481, CVE-2024-12703, CVE-2024-10498

CVE-2024-34748 : Use-After-Free Vulnerability in Device Memory Management of Android by Google | SecurityVulnerability.io

Trust: 4.25

Fetched: Jan. 29, 2025, 9:21 a.m., Published: Jan. 28, 2025, 7:13 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-34748

Apple users: Update your devices now to patch zero-day vulnerability | Malwarebytes

Related entries in the VARIoT vulnerabilities database: VAR-202501-3666

Trust: 4.75

Fetched: Jan. 29, 2025, 9:20 a.m., Published: Jan. 28, 2025, 1:18 p.m.
 Vulnerabilities: use after free
Affected productsExternal IDs
vendor: apple model: watch
vendor: apple model: ipad
vendor: apple model: software update
vendor: apple model: apple tv
vendor: apple model: iphone
vendor: apple model: ipad air
vendor: apple model: macos
db: NVD ids: CVE-2025-24085

Unauthorized modification of iOS - Apple Support

Trust: 3.0

Fetched: Jan. 29, 2025, 9:14 a.m., Published: Jan. 18, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

Apple Devices Under Siege: Urgent Security Update Needed to Patch Actively Exploited Zero-Day Vulnerability

Trust: 4.75

Fetched: Jan. 29, 2025, 9:13 a.m., Published: Jan. 28, 2025, 9:55 p.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: watch
vendor: apple model: ipad
vendor: apple model: software update
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: ipad air
vendor: apple model: macos
vendor: apple model: watchos
db: NVD ids: CVE-2023-1234