#zero-click-exploit

[ follow ]
#whatsapp #cve-2025-55177 #webkit #remote-code-execution #iosipados-updates #targeted-attacks #android-spyware
Apple
fromTechRepublic
1 week ago

New iOS and iPadOS Flaws Leave Millions of iPhones at Risk

Two WebKit vulnerabilities (CVE-2025-43529 and CVE-2025-14174) allow zero-click remote code execution in Safari, potentially giving attackers full access to iPhones and iPads.
fromTheregister
2 months ago

Landfall spyware used in 0-day attacks on Samsung phones

A previously unknown Android spyware family called LANDFALL exploited a zero-day in Samsung Galaxy devices for nearly a year, installing surveillance code capable of recording calls, tracking locations, and harvesting photos and logs before Samsung finally patched it in April. The surveillance campaign likely began in July 2024 and abused CVE-2025-21042, a critical bug in Samsung's image-processing library that affects Galaxy devices running Android versions 13, 14, 15, and 16,
Information security
Information security
fromArs Technica
2 months ago

Commercial spyware "Landfall" ran rampant on Samsung phones for almost a year

A Samsung image-processing vulnerability enabled zero-click Landfall spyware to install via malicious images, modify SELinux for deep access, exfiltrate data, and activate sensors.
#whatsapp
more#whatsapp
fromTheregister
5 months ago

WhatsApp warns of 'attack against specific targeted users'

Donncha Ó Cearbhaill, the head of Amnesty International's security lab, suggested attackers used the flaws in a highly specialized attack, which from past experience suggests that a commercial surveillanceware vendor is using it in highly targeted attacks against specific individuals. Surveillanceware is supposed to be used against state criminals but is also used against journalists, human rights campaigners, and anyone else certain governments don't like.
Information security
[ Load more ]