Multiple WordPress Plugins Vulnerabilities

April 7, 2025

LokiBot Malware – Active IOCs

April 8, 2025

Multiple Apple Products Vulnerabilities

April 7, 2025

Severity

High

Analysis Summary

CVE-2025-24279 CVSS:9.8

This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access contacts.

CVE-2025-24243 CVSS:7.8

Apple macOS Sonoma could allow a remote attacker to execute arbitrary code on the system, caused by an error in the Audio component when opening a specially crafted file.

CVE-2025-24234 CVSS:7.8

Apple macOS Sonoma could allow a local attacker to gain root privileges in the AccountPolicy component, caused by an error when using a specially crafted application.

CVE-2025-24263 CVSS:9.8

A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15.4. An app may be able to observe unprotected user data.

CVE-2025-24170 CVSS:7.8

Apple macOS Sonoma could allow a local attacker to gain root privileges in the CoreServices component, caused by an error when using a specially crafted application.

Impact

Code Execution
Privilege Escalation
Gain Access

Indicators of Compromise

CVE

CVE-2025-24279
CVE-2025-24243
CVE-2025-24234
CVE-2025-24263
CVE-2025-24170

Affected Vendors

Apple

Affected Products

Apple macOS - unspecified
Apple macOS Sonoma - 14.7.4

Remediation

Refer to the Apple security document for patch, upgrade, or suggested workaround information.

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

ICS: Multiple Rockwell Automation ThinManager Vulnerabilities

CoinMiner Malware – Active IOCs

Multiple Zoom Products Vulnerabilities

Threat Insights

About Us

Our Leadership

CSR

Connect with Us