InfoSecBulletin Cybersecurity for mankind
Apple has released iOS 18, the latest update for iPhones and iPads. Along with new features, it mainly focuses on fixing security vulnerabilities.
Apple’s iOS 18 has addressed 33 major security vulnerabilities that could have endangered millions of iPhone users. Without these fixes, hackers could have accessed personal data, controlled device functions, or stolen important information.
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
CVE-2025-29824
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day
Hacker exploited Samsung MagicINFO 9 Server RCE flaw
CISA adds Langflow flaw to its KEV catalog
Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
UAP hosted “UAP Cyber Siege 2025”, A national level cybersecurity competition
xAI Dev Leaks API Key for Private SpaceX, Tesla & Tweeter
Key Vulnerabilities Fixed in iOS 18:
Apple’s security bulletin reveals various vulnerabilities in iOS 18, affecting system apps, features, and services. Here are the key points:
Accessibility Flaws: Four serious accessibility-related vulnerabilities were identified. One flaw (CVE-2024-40840) lets an attacker with physical access use Siri to reach sensitive data on a locked iPhone. Another vulnerability (CVE-2024-44171) permits an attacker to control nearby devices through accessibility features, bypassing the lock screen security.
Bluetooth Exploit: A Bluetooth vulnerability (CVE-2024-44124) could let a malicious device, like a hacked keyboard, bypass pairing and connect to users’ devices. This is particularly risky since Bluetooth devices are usually trusted, exposing users to potential breaches.
Kernel Flaw: A serious vulnerability (CVE-2024-44165) may cause VPN traffic to leak outside a secure tunnel, compromising user privacy and the purpose of VPNs. This is particularly alarming for users who count on VPNs for safe internet access, as it could allow hackers to intercept sensitive data.
Mail App Flaw: A flaw in the Mail app (CVE-2024-40791) let apps access contact information without permission, risking exposure of details that could result in phishing or other fraud.
Siri Vulnerabilities: Besides the accessibility issue, two other Siri vulnerabilities were fixed. One (CVE-2024-44139 and CVE-2024-44180) allowed attackers with physical access to access contacts from the lock screen. The other (CVE-2024-44170) let apps obtain sensitive data through Siri without user permission.
Webkit Flaws: Webkit vulnerabilities (CVE-2024-44187) could have enabled harmful web content to exploit cross-site scripting attacks or steal cross-origin data. As Webkit powers Safari, this issue posed serious risks to user privacy while browsing online.
Wi-Fi Disconnection Attack: A flaw (CVE-2024-40856) in iOS 18’s Wi-Fi system could let hackers disconnect an iPhone from a secure network, making users vulnerable if they later reconnect to an insecure one.
