#apple

## Summary - **Target:** ImageMagick (commit `ecc9a5eb456747374bae8e07038ba10b3d8821b3`) - **Type:** Undefined Behavior (function-type-mismatch) in splay tree cloning callback - **Impact:** Deterministic abort under UBSan (DoS in sanitizer builds). No crash in a non-sanitized build; likely low security impact. - **Trigger:** Minimal **2-byte** input parsed via MagickWand, then coalescing. ## Environment OS: macOS (Apple Silicon/arm64) Homebrew clang version 20.1.8 Target: arm64-apple-darwin24.5.0 Thread model: posix InstalledDir: /opt/homebrew/Cellar/llvm/20.1.8/bin Configuration file: /opt/homebrew/etc/clang/arm64-apple-darwin24.cfg Homebrew ImageMagick: `magick -version` → `ImageMagick 7.1.2-0 Q16-HDRI aarch64` pkg-config: `MagickWand-7.Q16HDRI` version `7.1.2` Library configure flags (capsule build): ./configure --disable-shared --enable-static --without-modules --without-magick-plus-plus --disable-openmp --without-perl --without-x --with-png=yes --without-jpeg --without-tiff --with...

Cybersecurity today moves at the pace of global politics. A single breach can ripple across supply chains, turn a software flaw into leverage, or shift who holds the upper hand. For leaders, this means defense isn’t just a matter of firewalls and patches—it’s about strategy. The strongest organizations aren’t the ones with the most tools, but the ones that see how cyber risks connect to business

A list of topics we covered in the week of August 18 to August 24 of 2025

Apple fixes CVE-2025-43300, a flaw letting hackers hijack devices via malicious images. Users urged to update iPhone, iPad,…

CrowdStrike reports COOKIE SPIDER using malvertising to spread SHAMOS macOS malware (a new variant of AMOS infostealer), stealing…

Music tastes, location information, even encrypted messages — Apple's servers are gathering a "surprising" amount of personal data through Apple Intelligence, Lumia Security's Yoav Magid warns in his new analysis.

A clickjack attack was revealed this summer that can steal the credentials from password managers that are integrated into web browsers.

CVE-2025-43300 is the latest zero-day bug used in cyberattacks against "targeted individuals," which could signify spyware or nation-state hacking.

Apple has released security updates to patch a zero-day vulnerability tracked as CVE-2025-43300 for all platforms

Apple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation in the wild. The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300, resides in the ImageIO framework that could result in memory corruption when processing a malicious image. "Apple is aware of a report that this issue may have been