InfoSecBulletin Cybersecurity for mankind
Apple has released iOS 18, the latest update for iPhones and iPads. Along with new features, it mainly focuses on fixing security vulnerabilities.
Apple’s iOS 18 has addressed 33 major security vulnerabilities that could have endangered millions of iPhone users. Without these fixes, hackers could have accessed personal data, controlled device functions, or stolen important information.
Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack
Daily Security Update Dated: 21.01.2025
126 Linux kernel Vulns Allow Attackers Exploit 78 Linux Sub-Systems
CERT-UA alerts about “security audit” requests through AnyDesk
Oracle Critical Pre-Release update addressed 320 flaw
OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025
Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS
Intel holds 22 employees from one Bangladeshi University
VPN Surge 1500% in USA after TikTok Shut Down
MITRE Launches D3FEND 1.0; The Milestone for Cybersecurity Ontology
Key Vulnerabilities Fixed in iOS 18:
Apple’s security bulletin reveals various vulnerabilities in iOS 18, affecting system apps, features, and services. Here are the key points:
Accessibility Flaws: Four serious accessibility-related vulnerabilities were identified. One flaw (CVE-2024-40840) lets an attacker with physical access use Siri to reach sensitive data on a locked iPhone. Another vulnerability (CVE-2024-44171) permits an attacker to control nearby devices through accessibility features, bypassing the lock screen security.
Bluetooth Exploit: A Bluetooth vulnerability (CVE-2024-44124) could let a malicious device, like a hacked keyboard, bypass pairing and connect to users’ devices. This is particularly risky since Bluetooth devices are usually trusted, exposing users to potential breaches.
Kernel Flaw: A serious vulnerability (CVE-2024-44165) may cause VPN traffic to leak outside a secure tunnel, compromising user privacy and the purpose of VPNs. This is particularly alarming for users who count on VPNs for safe internet access, as it could allow hackers to intercept sensitive data.
Mail App Flaw: A flaw in the Mail app (CVE-2024-40791) let apps access contact information without permission, risking exposure of details that could result in phishing or other fraud.
Siri Vulnerabilities: Besides the accessibility issue, two other Siri vulnerabilities were fixed. One (CVE-2024-44139 and CVE-2024-44180) allowed attackers with physical access to access contacts from the lock screen. The other (CVE-2024-44170) let apps obtain sensitive data through Siri without user permission.
Webkit Flaws: Webkit vulnerabilities (CVE-2024-44187) could have enabled harmful web content to exploit cross-site scripting attacks or steal cross-origin data. As Webkit powers Safari, this issue posed serious risks to user privacy while browsing online.
Wi-Fi Disconnection Attack: A flaw (CVE-2024-40856) in iOS 18’s Wi-Fi system could let hackers disconnect an iPhone from a secure network, making users vulnerable if they later reconnect to an insecure one.
