Update iOS and macOS: Warning of Attacks on Apple Vulnerabilities and Gladinet
CISA warns of ongoing attacks on vulnerabilities in Apple's iOS and macOS, as well as on Gladinet CentreStack and Triofox.
(Image: Titima Ongkantong/Shutterstock.com)
Vulnerabilities in Apple's WebKit, Gladinet CentreStack, and Triofox are currently being actively exploited on the internet. Updates to close the security holes are available. Admins should apply them promptly.
This is currently being warned about by the US Cybersecurity and Infrastructure Security Agency (CISA). Over the weekend, Apple released updates to operating system version 26.2 for iOS, iPadOS, macOS, watchOS, tvOS, visionOS, and HomePods, a very unusual weekday for this. It later turned out that the updates close security vulnerabilities – that were already being attacked on the internet. Now, the top US cybersecurity authority is also warning about these observed attacks and recommends installing the available updates immediately. The vulnerability entry with the number CVE-2025-43529 is prepared but not yet public; its specific severity cannot be assessed because of this. Apple also mentions the exploitation of vulnerability CVE-2025-14174 in WebKit – this is the vulnerability that Google addressed with an emergency update for Chrome on the night before last Thursday, as it was already being attacked.
There are also corresponding updates for the Safari web browser that users should install. As usual, CISA does not specify how the attacks are carried out or their extent. Since Apple also remains tight-lipped, there are no indications of how interested parties can check if they have become victims of such attacks. Indicators of Compromise (IOCs) are missing.
Further Attacked Security Vulnerabilities
In Gladinet CentreStack and Triofox, which are intended to enable remote access to local files in companies without VPN or cloud synchronization, IT security researchers have discovered hardcoded values for the AES encryption used (CVE-2025-14611, CVSS4 7.1, Risk “high”). Attackers can exploit this without prior authentication on publicly accessible endpoints to embed arbitrary local files, which, with other vulnerabilities, can ultimately lead to complete compromise. Version 16.12.10420.56791 or newer closes the security vulnerability.
Videos by heise
Here too, further details are missing on how the attacks on the vulnerability are carried out and how IT managers can recognize (successful) attacks. In mid-November, CISA had already warned of cyberattacks on a Gladinet vulnerability.
(dmk)
