InfoSecBulletin Cybersecurity for mankind
Apple has released iOS 18, the latest update for iPhones and iPads. Along with new features, it mainly focuses on fixing security vulnerabilities.
Apple’s iOS 18 has addressed 33 major security vulnerabilities that could have endangered millions of iPhone users. Without these fixes, hackers could have accessed personal data, controlled device functions, or stolen important information.
Check Point said BreachForum post old data
Apple Warns of 3 Zero Day Vulns Actively Exploited
24,000 unique IP attempted to access Palo Alto GlobalProtect portals
CVE-2025-1268
Patch urgently! Canon Fixes Critical Printer Driver Flaw
Within Minute, RamiGPT To Escalate Privilege Gaining Root Access
Australian fintech database exposed in 27000 records
Over 200 Million Info Leaked Online Allegedly Belonging to X
FBI investigating cyberattack at Oracle, Bloomberg News reports
OpenAI Offering $100K Bounties for Critical Vulns
Splunk Alert User RCE and Data Leak Vulns
Key Vulnerabilities Fixed in iOS 18:
Apple’s security bulletin reveals various vulnerabilities in iOS 18, affecting system apps, features, and services. Here are the key points:
Accessibility Flaws: Four serious accessibility-related vulnerabilities were identified. One flaw (CVE-2024-40840) lets an attacker with physical access use Siri to reach sensitive data on a locked iPhone. Another vulnerability (CVE-2024-44171) permits an attacker to control nearby devices through accessibility features, bypassing the lock screen security.
Bluetooth Exploit: A Bluetooth vulnerability (CVE-2024-44124) could let a malicious device, like a hacked keyboard, bypass pairing and connect to users’ devices. This is particularly risky since Bluetooth devices are usually trusted, exposing users to potential breaches.
Kernel Flaw: A serious vulnerability (CVE-2024-44165) may cause VPN traffic to leak outside a secure tunnel, compromising user privacy and the purpose of VPNs. This is particularly alarming for users who count on VPNs for safe internet access, as it could allow hackers to intercept sensitive data.
Mail App Flaw: A flaw in the Mail app (CVE-2024-40791) let apps access contact information without permission, risking exposure of details that could result in phishing or other fraud.
Siri Vulnerabilities: Besides the accessibility issue, two other Siri vulnerabilities were fixed. One (CVE-2024-44139 and CVE-2024-44180) allowed attackers with physical access to access contacts from the lock screen. The other (CVE-2024-44170) let apps obtain sensitive data through Siri without user permission.
Webkit Flaws: Webkit vulnerabilities (CVE-2024-44187) could have enabled harmful web content to exploit cross-site scripting attacks or steal cross-origin data. As Webkit powers Safari, this issue posed serious risks to user privacy while browsing online.
Wi-Fi Disconnection Attack: A flaw (CVE-2024-40856) in iOS 18’s Wi-Fi system could let hackers disconnect an iPhone from a secure network, making users vulnerable if they later reconnect to an insecure one.
