Vulnerability intelligence

CVE-2023-41991 is a certificate validation vulnerability that affects macOS, iOS, and iPadOS. A malicious application could exploit this vulnerability to bypass signature validation. Apple has addressed this issue in macOS Ventura 13.6, iOS 16.7, and iPadOS 16.7. Apple is aware of reports indicating that this vulnerability may have been actively exploited against versions of iOS before 16.7. It was observed being exploited in an exploit chain, along with CVE-2023-41992 and CVE-2023-41993, to deploy Predator spyware on a target's mobile device.

CVE-2025-31200 is a memory corruption vulnerability that exists in Apple's CoreAudio framework. This vulnerability can be triggered when processing an audio stream within a maliciously crafted media file. Successful exploitation of this vulnerability could allow for arbitrary code execution on the affected device. Apple has addressed this issue with improved bounds checking in tvOS 18.4.1, visionOS 2.4.1, iOS and iPadOS 18.4.1, and macOS Sequoia 15.4.1. It was reported that this vulnerability may have been exploited in targeted attacks against specific individuals.

CVE-2025-30401 is a spoofing vulnerability that affects WhatsApp for Windows versions prior to 2.2450.6. The vulnerability lies in how WhatsApp handles file attachments. The application displays attachments according to their MIME type but selects the file opening handler based on the attachment's filename extension. This discrepancy could allow attackers to craft malicious files that appear harmless but, when manually opened by the user, could execute arbitrary code. A maliciously crafted attachment with a misleading filename and MIME type could trick the user into opening a file that contains arbitrary code.

CVE-2023-0386 is a flaw found in the Linux kernel's OverlayFS subsystem. It involves unauthorized access to the execution of a setuid file with capabilities. Specifically, the vulnerability lies in how a user copies a capable file from a nosuid mount into another mount. This "uid mapping bug" allows a local user to escalate their privileges on the system. The kernel fails to check if the user/group owning a file copied from the overlay file system to the 'upper' directory is mapped in the current user namespace. This can be exploited to create a SUID binary owned by root, allowing an unprivileged user to gain elevated privileges.

CVE-2023-33538 is a command injection vulnerability found in TP-Link routers, specifically the TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 models. The vulnerability exists within the `/userRpm/WlanNetworkRpm` component. This vulnerability allows an attacker to inject arbitrary commands into the system by manipulating an unknown input. Successful exploitation could lead to a compromise of confidentiality, integrity, and availability of the affected device. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, indicating active exploitation in the wild.

CVE-2025-43200 is a vulnerability related to how Apple devices process maliciously crafted photos or videos shared via iCloud Link. A logic issue existed that could be exploited through a zero-click attack, meaning it could be triggered without any user interaction. Apple has acknowledged that this vulnerability may have been used in targeted attacks against specific individuals. The vulnerability was addressed with improved checks in iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, watchOS 11.3.1, and visionOS 2.3.1, released on February 10, 2025. Citizen Lab has found forensic evidence that this vulnerability was leveraged to deploy Paragon's Graphite spyware against journalists.