Apple patches exploited zero-day, CISCO FMC warning, WinRAR being actively exploited (Update Now!) and issues with a Windows 11 update...
Welcome to this week’s Security News. We’ve collated the best articles from the around the internet and put them all into one place. We’ve also got the latest CVE information to help you stay ahead of vulnerabilities. If you have any queries or concerns about anything in this week’s news, then please get in touch with our team who can advise further. For our existing clients, if we believe anything may affect your organisation, our team will be in touch directly.Â
News & Articles
Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks
Apple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation in the wild.
The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300 (CVSS score: 8.8), resides in the ImageIO framework and could result in memory corruption when processing a malicious image.
The iPhone maker said the bug was internally discovered and that it was addressed with improved bounds checking. The following versions address the security defect –
- iOS 18.6.2 and iPadOS 18.6.2 – iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
- iPadOS 17.7.10 – iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
- macOS Ventura 13.7.8 – Macs running macOS Ventura
- macOS Sonoma 14.7.8 – Macs running macOS Sonoma
- macOS Sequoia 15.6.1 – Macs running macOS Sequoia
It’s currently not known who is behind the attacks and who may have been targeted, but it’s likely that the vulnerability has been weaponised as part of highly targeted attacks.
Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution
Cisco has released security updates to address a maximum-severity security flaw in Secure Firewall Management Center (FMC) Software that could allow an attacker to execute arbitrary code on affected systems.
The vulnerability, assigned the CVE identifier CVE-2025-20265 (CVSS score: 10.0), affects the RADIUS subsystem implementation that could permit an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device.
The networking equipment major said the issue stems from a lack of proper handling of user input during the authentication phase, as a result of which an attacker could send specially crafted input when entering credentials that get authenticated at the configured RADIUS server.
The shortcoming impacts Cisco Secure FMC Software releases 7.0.7 and 7.7.0 if they have RADIUS authentication enabled. There are no workarounds other than applying the patches provided by the company.Â
WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately
The maintainers of the WinRAR file archiving utility have released an update to address an actively exploited zero-day vulnerability.
Tracked as CVE-2025-8088 (CVSS score: 8.8), the issue has been described as a case of path traversal affecting the Windows version of the tool that could be exploited to obtain arbitrary code execution by crafting malicious archive files.
“When extracting a file, previous versions of WinRAR, Windows versions of RAR, UnRAR, portable UnRAR source code and UnRAR.dll can be tricked into using a path, defined in a specially crafted archive, instead of a specified path,” WinRAR said in an advisory.
Windows 11 24H2 Security Update Causes SSD/HDD Failures and Potential Data Corruption
A significant security update rolled out by Microsoft with the Windows 11 24H2Â (KB5063878)Â release is causing widespread issues for users, with reports surfacing that the update can render SSDs and HDDs inaccessible and may potentially corrupt user data.
Last week’s Patch Tuesday (August 2025) saw Microsoft release several critical security updates for Windows 10 (KB5063709 / KB5063877 / KB5063871 / KB5063889) and Windows 11 (KB5063878, KB5063875) systems.
Among them was a very important Defender update, intended to tackle the Lamma stealer malware found in new Windows ISO installations. However, as users and experts quickly discovered, the fix introduced unintended side effects for storage devices on Windows 11 24H2.
The issue began when users started experiencing installation failures with error code 0x80240069 on the KB5063878 update, but Microsoft’s subsequent hotfix seemed to alleviate those issues. Unfortunately, that did not mark the end of the saga.
According to a report highlighted by cybersecurity community members and corroborated by an X user, the latest 24H2 update triggered critical failures with storage drives. Users report that after installing the update, SSDs and HDDs can disappear from the Windows environment, with SMART (Self-Monitoring, Analysis, and Reporting Technology) attributes becoming unreadable.
For those affected, unplugging the impacted drive and reconnecting it may temporarily restore visibility, but this is not an assured solution and may not prevent future data loss or corruption. Routine data backups and delaying installation of the problematic update are strongly recommended.
Latest Vulnerabilities & Exploits
CVE-2025-48978
Critical - EdgeMAX EdgeSwitch
An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) could
allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent
network. Affected Products: EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) Mitigation:
Update the EdgeMAX EdgeSwitch to Version 1.11.1 or later.
CVE-2025-8895
Critical - WP Webhooks Plugin
The WP Webhooks plugin for WordPress is vulnerable to arbitrary file copy due to missing
validation of user-supplied input in all versions up to, and including, 3.3.5. This makes it
possible for unauthenticated attackers to copy arbitrary files on the affected site’s server
to arbitrary locations. This can be used to copy the contents of wp-config.php into a text
file which can then be accessed in a browser to reveal database credentials.
CVE-2025-7390
Critical - opc.https Server
A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication.
CVE-2025-8592
High - Inspiro WordPress Theme
The Inspiro theme for WordPress is vulnerable to Cross-Site Request Forgery in all
versions up to, and including, 2.1.2. This is due to missing or incorrect nonce validation
on the inspiro_install_plugin() function. This makes it possible for unauthenticated
attackers to install plugins from the repository via a forged request granted they can trick
a site administrator into performing an action such as clicking on a link.
Sources: TheHackerNews, CyberSecurityNews