Full Disclosure A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
- Re: [FD] Full Disclosure: CVE-2025-31200 & CVE-2025-31201 β 0-Click iMessage Chain β Secure Enclave Key Theft, Wormable RCE, Crypto Theft
on October 7, 2025 at 6:56 pmPosted by josephgoyd via Fulldisclosure on Oct 07The GitHub link has a write up on the attack-chain. Along with the CNVD certs that were issued for validation. https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201
- Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 β 0-Click iMessage Chain β Secure Enclave Key Theft, Wormable RCE, Crypto Thefton October 7, 2025 at 6:55 pm
Posted by full on Oct 07Substack is down. If there is a replacement, it is appreciated. -x9p
- Re: Defense in depth — the Microsoft way (part 93): SRP/SAFER whitelisting goes black on Windows 11on October 7, 2025 at 6:53 pm
Posted by Stefan Kanthak via Fulldisclosure on Oct 07On a fresh installation of the just released Windows 11 25H2 the former file %SystemRoot%\System32\SecurityHealth\10.0.27840.1000-0\SecurityHealthHost.exe is %SystemRoot%\System32\SecurityHealthHost.exe now, but the BUG persists: | svchost.exe (PID = 9876) identified \\?\C:\Windows\System32\SecurityHealthHost.exe | as Disallowed using default rule, Guid = {11015445-d282-4f86-96a2-9e485f593302} stay tuned, and far away from bug-riddled Windows…
- Re: [FD] : “Glass Cage” β Zero-Click iMessage β Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)on October 2, 2025 at 10:20 pm
Posted by josephgoyd via Fulldisclosure on Oct 02Updated repo location: https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201 Working exploit: https://www.dropbox.com/scl/fi/ech6wdnpnyscbfiu2o8zh/IMG_1118.png?rlkey=jna5uo6aihs6tfbwtsk8fw7em&st=8c56raq8&dl=0
- Re: [FD] Full Disclosure: CVE-2025-31200 & CVE-2025-31201 β 0-Click iMessage Chain β Secure Enclave Key Theft, Wormable RCE, Crypto Thefton October 2, 2025 at 10:20 pm
Posted by josephgoyd via Fulldisclosure on Oct 02Updated repo location: https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201 Working exploit: https://www.dropbox.com/scl/fi/oerpnhq1ui3xfswsszfh2/Audio-clip.amr?rlkey=7n54m1o84poezyipxvd2f9slx&st=b1tkonvr&dl=0
- Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlibon September 30, 2025 at 3:19 pm
Posted by Ron E on Sep 30A denial-of-service vulnerability exists in Samtools and the underlying HTSlib when processing BED files containing extremely large interval values. The bed_index_core() function in bedidx.c uses the interval end coordinate to calculate allocation size without sufficient validation. By supplying a BED record with a crafted end coordinate (e.g., near 2^61), an attacker can trigger uncontrolled memory allocation requests via hts_resize_array_()….
- Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflowon September 30, 2025 at 3:19 pm
Posted by Ron E on Sep 30In the samtools coverage subcommand, the -w / –n-bins option allows the user to specify how many βbinsβ to produce in the coverage histogram. The code computes: stats[tid].bin_width = (stats[tid].end – stats[tid].beg) / n_bins; When the number of bins (n_bins) is extremely large relative to the region length (end – beg), this integer division can yield zero, or lead to unexpected behavior in subsequent arithmetic. Later in print_hist(),…
- libgeotiff 1.7.4 Heap Buffer Overflow in geotifcp (libgeotiff) During 8-to-4 Bit Downsample with Odd Image Widthon September 30, 2025 at 3:19 pm
Posted by Ron E on Sep 30A heap buffer overflow vulnerability exists in the geotifcp utility, distributed as part of libgeotiff. The flaw occurs in the function cpContig2ContigByRow_8_to_4 when processing TIFF images with an odd ImageWidth and using the -d option (downsampling from 8-bit to 4-bit). During conversion, the function iterates over pixels in pairs and always accesses buf_in[i_in+1]. When the width is odd, the last iteration dereferences one byte past the…
- APPLE-SA-09-29-2025-6 visionOS 26.0.1on September 30, 2025 at 3:19 pm
Posted by Apple Product Security via Fulldisclosure on Sep 30APPLE-SA-09-29-2025-6 visionOS 26.0.1 visionOS 26.0.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/125338. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. FontParser Available for: Apple Vision Pro Impact: Processing a maliciously crafted font may lead to unexpected app termination…
- APPLE-SA-09-29-2025-5 macOS Sonoma 14.8.1on September 30, 2025 at 3:19 pm
Posted by Apple Product Security via Fulldisclosure on Sep 30APPLE-SA-09-29-2025-5 macOS Sonoma 14.8.1 macOS Sonoma 14.8.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/125330. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. FontParser Available for: macOS Sonoma Impact: Processing a maliciously crafted font may lead to unexpected app…
- APPLE-SA-09-29-2025-4 macOS Sequoia 15.7.1on September 30, 2025 at 3:19 pm
Posted by Apple Product Security via Fulldisclosure on Sep 30APPLE-SA-09-29-2025-4 macOS Sequoia 15.7.1 macOS Sequoia 15.7.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/125329. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. FontParser Available for: macOS Sequoia Impact: Processing a maliciously crafted font may lead to unexpected app…
- APPLE-SA-09-29-2025-3 macOS Tahoe 26.0.1on September 30, 2025 at 3:19 pm
Posted by Apple Product Security via Fulldisclosure on Sep 30APPLE-SA-09-29-2025-3 macOS Tahoe 26.0.1 macOS Tahoe 26.0.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/125328. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. FontParser Available for: macOS Tahoe Impact: Processing a maliciously crafted font may lead to unexpected app termination…
- APPLE-SA-09-29-2025-2 iOS 18.7.1 and iPadOS 18.7.1on September 30, 2025 at 3:19 pm
Posted by Apple Product Security via Fulldisclosure on Sep 30APPLE-SA-09-29-2025-2 iOS 18.7.1 and iPadOS 18.7.1 iOS 18.7.1 and iPadOS 18.7.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/125327. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. FontParser Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and…
- APPLE-SA-09-29-2025-1 iOS 26.0.1 and iPadOS 26.0.1on September 30, 2025 at 3:19 pm
Posted by Apple Product Security via Fulldisclosure on Sep 30APPLE-SA-09-29-2025-1 iOS 26.0.1 and iPadOS 26.0.1 iOS 26.0.1 and iPadOS 26.0.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/125326. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. FontParser Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro…
- SEC Consult SA-20250925-0 :: Multiple Vulnerabilities in iMonitorSoft EAM employee monitoring #CVE-2025-10540 #CVE-2025-10541 #CVE-2025-10542on September 25, 2025 at 10:49 pm
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Sep 25SEC Consult Vulnerability Lab Security Advisory < 20250925-0 > ======================================================================= title: Multiple Vulnerabilities product: iMonitorSoft EAM vulnerable version: iMonitor EAM 9.6394 fixed version: – CVE number: CVE-2025-10540, CVE-2025-10541, CVE-2025-10542 impact: Critical homepage:…
