visionOS | Breaking Cybersecurity News | The Hacker News

Apple on Tuesday released security updates for its entire software portfolio, including a fix for a vulnerability that Google said was exploited as a zero-day in the Chrome web browser earlier this month. The vulnerability, tracked as CVE-2025-6558 (CVSS score: 8.8), is an incorrect validation of untrusted input in the browser's ANGLE and GPU components that could result in a sandbox escape via a crafted HTML page. While there are no details on how the issue has been weaponized by threat actors, Google acknowledged that an "exploit for CVE-2025-6558 exists in the wild." Clément Lecigne and Vlad Stolyarov of Google's Threat Analysis Group (TAG) have been credited with discovering and reporting the shortcoming. The iPhone maker, in its latest round of software updates, also included patches for CVE-2025-6558, stating the vulnerability impacts the WebKit browser engine that powers its Safari browser. "This is a vulnerability in open-source code and Apple Sof...

Apple has released software updates to address several security flaws across its portfolio, including a zero-day vulnerability that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-24085 (CVSS scores: 7.3/7.8), has been described as a use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate privileges. "Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2," the company said in a terse advisory. The issue has been addressed with improved memory management in the following devices and operating system versions - iOS 18.3 and iPadOS 18.3 - iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later macOS Sequoia 15.3 - Macs running mac...