「WhatsApp」にゼロデイ脆弱性、iOS/macOSの脆
『AppleのOSと「WhatsApp」
…
「CVE-2025-55177」は(筆者注、KEVカタログ掲
開発元も「WhatsAppセキュリティ勧告2025」で以下2
l NVD - CVE-2025-55177 (08/29-09/02)
『Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.
…
CVSS 4.0 Severity and Vector Strings:
NIST: NVD N/A NVD assessment not yet provided. 』
(下線・太字化は筆者が加工したもの)
Ø NVD - CVE-2025-43300 (08/20-26)
『An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS 17.7.10, macOS Sequoia 15.6.1, iOS 18.6.2 and iPadOS 18.6.2. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.』
l NVD - CVE-2025-30401 (04/05-04/09)
『A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension. A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp. We have not seen evidence of exploitation in the wild.』
No comments:
Post a Comment