News

McDonald’s Japan postpones toy promo after Pokémon complaints

Getty Images A child looks at a Pokémon promotion outside a McDonald’s store in Japan McDonald’s Japan has postponed a child’s menu toy promotion after complaints that a recent Pokémon giveaway led to piles of food being dumped, with the cards then being sold on for profit. The fast-food giant said on Thursday that its...

Business

Jackson Hole jitters trigger stock-market selling — and a missed buying opportunity

Any S&P 500 pullback that holds 6,150 is another minor correction in the ongoing bull market. Source link Share via: Facebhttps://www.facebook.com/profile.php?id=61576547936537ook X (Twitter) LinkedIn More

News

Nigeria, Iran, and China top priority countries for new U.S. Commission on International Freedom chair

By Chris Casquejo Washington, D.C. Newsroom, Aug 21, 2025 / 06:00 am Nigeria is the deadliest country in the world for Christians, according to the new chair of the U.S. Commission on International Freedom (USCIRF). Vicky Hartzler, a Republican who represented Missouri in the U.S. House of Representatives for 12 years, became chair of the...

Technology

Update Apple devices now – new security patch fixes potentially serious zero-day flaw

americalatinanews.com2 hours ago04 mins

Apple fixes CVE-2025-43300, an out-of-bounds write bug in iOS and iPadOS
The bug allowed threat actors to run remote code execution attacks
There is evidence of abuse in the wild, so users should be on their guard

Apple has fixed a bug in iOS and iPadOS which was apparently being used in “an extremely sophisticated attack against specific targeted individuals”.

In a security advisory, Apple said it fixed an out-of-bounds write issue it found in the ImageIO framework, which lets apps open, save, and work with image files efficiently, including reading details like EXIF data, or creating thumbnails.

An out-of-bounds bug happens when software mistakenly writes data beyond the memory area it was supposed to. This can corrupt memory, crash apps, and even allow threat actors to run malicious code, remotely.

Hiding the details from the crooks

Since the bug was found in ImageIO, it allowed specially crafted images to overflow memory checks and overwrite adjacent data when processed. A threat actor could send a malicious image in an email, a message, or a webpage. If the vulnerable device were to try and render it, the out-of-bounds write might let the attacker crash the system, or even run malware.

The bug is tracked as CVE-2025-43300, and doesn’t yet have a severity score. Apple did not discuss the findings further, in order to give everyone enough time to patch, without giving other threat actors knowledge on how to abuse it.

Devices affected by this flaw include iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.

Apple fixed it by improving boundary checks, in versions iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8.

This is the sixth zero-day vulnerability Apple fixed since the start of 2025, BleepingComputer reports, including CVE-2025-24085 (January), CVE-2025-24200 (February), CVE-2025-24201 (March), and two in April, CVE-2025-31200 and CVE-2025-31201.

Via BleepingComputer

Source link

Leave a Reply Cancel reply

Related News