Device security

Security Advisory

Apple Releases iOS & iPadOS 26.1 Update, Fixed Multiple Security Vulnerabilities 

Summary: Apple released iOS 26.1 and iPadOS 26, addressed multiple security vulnerabilities across core system components including WebKit, Kernel, Accessibility, Apple Neural Engine, CloudKit etc.

OEM Apple 
Severity High 
CVEs CVE-2025-43438, CVE-2025-43429, CVE-2025-43442, CVE-2025-43455, CVE-2025-43398 & others 
POC Available No 
Actively Exploited No 
Exploited in Wild No 
Advisory Version 1.0 

Overview: 

These vulnerabilities could enable malicious apps to escape sandboxes, access sensitive user data, execute arbitrary code via web content, monitor keystrokes or disable theft protection mechanisms. Affected devices include iPhone 11 & later and iPad models from 3rd gen onward etc. Immediate update is strongly recommended to prevent any breaches, system crashes. 

                Vulnerability Name CVE ID Product Affected Fixed Version 
WebKit Use-After-Free (Safari Crash/RCE) CVE-2025-43438 iOS, iPadOS iOS/iPadOS 26.1 
WebKit Buffer Overflow (RCE Risk)  CVE-2025-43429 iOS, iPadOS iOS/iPadOS 26.1 
App Installed Detection via Accessibility  CVE-2025-43442 iOS, iPadOS iOS/iPadOS 26.1 
Sensitive Screenshot in Embedded Views CVE-2025-43455 iOS, iPadOS iOS/iPadOS 26.1 
Kernel Memory Corruption / DoS  CVE-2025-43398 iOS, iPadOS iOS/iPadOS 26.1 

Technical Summary: 

The iOS/iPadOS 26.1 update fixes major security issues in sandbox protection, memory handling, privacy settings, and the WebKit browser engine. These critical vulnerabilities could allow apps or websites to access restricted data or execute malicious code. Key impact issues mentioned below.

CVE ID Component Affected  Vulnerability Details Impact 
 CVE-2025-43438 WebKit Use-after-free in Safari triggers crash or code execution via malicious web content  Remote Code Execution, System Compromise 
 CVE-2025-43429 WebKit Buffer overflow in content processing allows arbitrary code execution Remote Code Execution, Service Compromise 
CVE-2025-43442 Accessibility Permissions flaw allows apps to detect installed apps (fingerprinting) Privacy Violation, User Tracking 
CVE-2025-43455 Apple Account Malicious apps can screenshot sensitive embedded UI (login views) Credential, PII Exposure 
CVE-2025-43398 Kernel Memory mishandling leads to system termination or kernel corruption Denial of Service, Potential Privilege Escalation 

Additionally, there are multiple high & medium vulnerabilities have been disclosed that enable sandbox escapes, data leaks, and web-based attacks with significant impact potential. Here are some cves in the below table 

Vulnerability Name CVE ID Affected Component 
Sandbox Escape via Assets CVE-2025-43407 Assets 
Sandbox Escape via CloudKit Symlink CVE-2025-43448 CloudKit 
Stolen Device Protection Bypass CVE-2025-43422 Stolen Device Protection 
Cross-Origin Data Exfiltration CVE-2025-43480 WebKit 
Keystroke Monitoring via WebKit CVE-2025-43495 WebKit 
Apple Neural Engine Kernel Corruption CVE-2025-43447, CVE-2025-43462 Apple Neural Engine 
Canvas Cross-Origin Image Theft CVE-2025-43392 WebKit Canvas 
Contacts Data Leak in Logs CVE-2025-43426 Contacts 
Lock Screen Content Leak CVE-2025-43350 Control Center 
Address Bar Spoofing CVE-2025-43493 Safari 
UI Spoofing in Safari CVE-2025-43503 Safari 

Recommendations: 

Update all eligible devices immediately (Settings > General > Software Update products) to the following fixed versions as soon as possible and check the updated version from the Apple security website

Patches are available and should be applied immediately.  

For environments where immediate patching is not immediately feasible, you can also follow the recommendations below. 

  • Enable Stolen Device Protection and Lockdown Mode (where applicable) 
  • Restrict app installations to trusted sources. 
  • Avoid visiting untrusted websites from browser 
  • Use VPN and enable Advanced Data Protection for iCloud 
  • Monitor for anomalous app behavior or battery drain  

Conclusion: 
The iOS/iPadOS 26.1 update fixes several security vulnerabilities that could affect user privacy, device stability, and system protection.

Organizations and Individual using Apple devices must prioritize deployment of this update to mitigate risks of data exfiltration, spyware and other attack vectors. Timely patching remains the most effective control against zero-day exploitation on new vulnerabilities in digital ecosystems. 

References

Blogs

Firmware Vulnerabilities affecting Dell Laptops Could allow attackers to achieve persistent access 

A set of vulnerabilities affecting millions of Dell laptops used by government agencies, cybersecurity professionals, and enterprises worldwide. The vulnerability known as “ReVault,” mainly target the Broadcom BCM5820X security chip embedded in Dell’s ControlVault3 firmware.

This subsequently create opportunities for attackers to steal passwords, biometric data, and maintain persistent access to compromised systems.

How does the vulnerability work

Most of the flaws reside in the firmware for ControlVault3 and ControlVault3+, which are hardware security components that store passwords, biometric templates, and security codes.

The lists includes:

  • Two out-of-bounds vulnerabilities (CVE-2025-24311, CVE-2025-25050)
  • An arbitrary free (CVE-2025-25215) flaw
  • A stack-overflow bug (CVE-2025-24922)
  • An unsafe-deserialization flaw (CVE-2025-24919)

According to the researchers, the vulnerabilities can be exploited in so-called ReVault attacks by:

  • Attackers who have achieved non-administrative access/privileges on a vulnerable target laptop. The vulnerabilities may allow them to interact with the ControlVault firmware and leak key material that would allow them to permanently modify the firmware (i.e., effectively creating a potential backdoor into the system)
  • Attackers that have physical access to the laptop. They could pry the device open, use a custom connector to access the Unified Security Hub board (which runs ControlVault) over USB, and exploit those vulnerabilities – all without having to log into the system beforehand or having knowledge of the full-disk encryption password.

“Another interesting consequence of this scenario is that if a system is configured to be unlocked with the user’s fingerprint, it is also possible to tamper with the CV firmware to accept any fingerprint,” as per researchers.

Technical details have not been publicly shared, but they have, of course, been privately reported to Dell and Broadcom.

These are 5 critical vulnerabilities of ReVault found by Cisco Talos researcher

ReVault Attack – Five Critical Vulnerabilities

ControlVault3 and ControlVault3+ systems:

  • CVE-2025-24311: An out-of-bounds read vulnerability that enables information leakage
  • CVE-2025-25050: An out-of-bounds write flaw allowing code execution
  • CVE-2025-25215: An arbitrary memory free vulnerability
  • CVE-2025-24922: A stack-based buffer overflow enabling arbitrary code execution
  • CVE-2025-24919: An unsafe deserialization flaw in ControlVault’s Windows APIs

Importance of device security posture/Endpoint security

The incident highlight how device posture check is designed to evaluate threat that a device poses to an organization and its systems.

The persistent nature of these attacks represents a significant escalation in firmware-based threats, as the malicious code resides below the operating system level.

Here traditional antivirus solutions cannot detect or remove it. Now sophistication of cyber threats means that organizations need to become more proactive in terms of defense.

The identification and mitigation of a threat early on, via an effective and clearly defined security posture, reduces costs, lessens downtime, and minimizes reputational damage.

Periodic security audits are essential to have a complete check on all the security features of the organization. Such audits identify vulnerabilities in the current security controls and allow for ensuring things align properly with industry standards. 

Importance of Endpoint security

End point security detect and prevent security threats like file-based malware attacks among other malicious activities. It also provides investigation and remediation capabilities needed to respond to dynamic security incidents and alerts.

Conclusion:

Protecting against endpoint attacks is challenging for organisation because endpoints exist where humans and machines intersect. With the increasing number of adversaries trying to breach organizations using sophisticated cyberattacks, quickly detecting potential threats will help speed the remediation process and keep data protected.

(Source: https://www.helpnetsecurity.com/2025/08/05/dell-laptops-firmware-vulnerabilities-revault-attacks/)

Security Advisory

RCE Risk in D-Link Routers due to Hardcoded Telnet Credentials

Summary A significant security flaw (CVE-2025-46176) has exposed thousands of D-Link routers to remote code execution attacks through hardcoded Telnet credentials embedded in firmware. This is affecting its DIR-605L and DIR-816L routers.

If successful exploitation happens this will enables attackers to modify router configurations, deploy malware, or pivot into internal networks.

OEMD-link
SeverityMedium
CVSS Score6.5
CVEsCVE-2025-46176
Actively ExploitedNo
Exploited in WildNo
Advisory Version1.0

Overview

The flaw exposes devices to remote command execution (RCE) through hardcoded Telnet credentials.

The vulnerability has been rated medium in severity (CVSS 6.5), with no official firmware patch available as of May 2025.

Vulnerability NameCVE IDProduct AffectedSeverityFixed Version
Hardcoded Telnet Credentials vulnerability  CVE-2025-46176D-Link Router  MediumNo official fix available

Technical Summary

The vulnerability arises from hardcoded Telnet credentials in the router firmware, which allows unauthenticated remote attackers to execute arbitrary commands.

Firmware analysis revealed embedded credentials in configuration files used during Telnet service initialization.

Security experts recommended retiring these EOL devices due to absence of security support and the impossibility of removing hardcoded credentials through configuration changes.

CVE IDSystem AffectedVulnerability DetailsImpact
    CVE-2025-46176D-Link DIR-605L v2.13B01, DIR-816L v2.06B01Telnet service (/usr/sbin/telnetd -l /bin/sh -u Alphanetworks:$image_sign) uses hardcoded credentials from image_sign file, exposing plaintext passwords.      RCE

Recommendations:

As of May 2025, no firmware updates are available to fix the vulnerability. Recommended temporary mitigations include :

  • Disable Telnet access via the router’s web interface.
  • Block Telnet port (23) using firewall rules:

“iptables -A INPUT -p tcp –dport 23 -j DROP”

  • Restrict WAN access to management interfaces.
  • Monitor D-Link’s official support page for firmware updates.

Conclusion:
Security researchers discovered the flaw through firmware analysis, revealing that both router models contain default Telnet credentials that cannot be changed by users. 

While exploitation likelihood is currently assessed as low, vulnerability enables unauthenticated attackers to gain control of the routers, affecting confidentiality, integrity and availability.

Immediate mitigation is advised, especially for publicly exposed devices and Security experts strongly recommend retiring these EOL devices due to the absence of security support and the impossibility of removing hardcoded credentials through configuration changes.

Threat from Legacy Devices:

The vulnerability in Telnet revealed security risks that legacy networking equipment carry with them and is embedded hardcoded credentials in IoT devices.

Inadequate security, harboring multiple unpatched vulnerabilities and relying on inadequate security controls that fail to address underlying risks. This poses a threat not only to device itself, but also to the network and connected critical assets.

References:

Scroll to top