Vulnerability in Apple Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Affected Systems:
- Versions prior to iOS 18.6 and iPadOS 18.6
- Versions prior to iPadOS 17.7.9
- Versions prior to macOS Sequoia 15.6
- Versions prior to macOS Sonoma 14.7.7
- Versions prior to macOS Ventura 13.7.7
- Versions prior to watchOS 11.6
- Versions prior to tvOS 18.6
- Versions prior to visionOS 2.6
Risk:
- Large and medium business entities: High
- Small business entities: Medium
Remediation Recommendations
- Ensure Apple software has the latest version(s) installed
- Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)
References
https://support.apple.com/en-us/100100
https://support.apple.com/en-us/124147
https://support.apple.com/en-us/124148
https://support.apple.com/en-us/124149
https://support.apple.com/en-us/124150
https://support.apple.com/en-us/124151
https://support.apple.com/en-us/124155
https://support.apple.com/en-us/124153
https://support.apple.com/en-us/124154
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Affected Systems:
- Chrome prior to 138.0.7204.183/.184 for Windows and Mac
- Chrome prior to 138.0.7204.183 for Linux
Risk:
- Large and medium business entities: High
- Small business entities: High
Remediation Recommendations
- Ensure all devices using Google Chrome have the latest version(s) installed
- Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)
References
https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_29.html
Thousands of Exchange Servers Remain Vulnerable to High-Severity Flaw
BleepingComputer reports that, as of August 10th, more than 29,000 hybrid Microsoft Exchange servers remained vulnerable to a high-severity post-authentication vulnerability (CVE-2025-53786) that can allow threat actors to escalate privileges within compromised cloud environments.
The US Cybersecurity and Infrastructure Security Agency (CISA) last week ordered Federal civilian agencies to patch the flaw by 9:00 AM this morning. The agency stated, "Although exploitation of this vulnerability is only possible after an attacker establishes administrative access on the on-premises Exchange server, CISA is deeply concerned at the ease with which a threat actor could escalate privileges and gain significant control of a victim’s M365 Exchange Online environment."
Google Discloses Breach of Salesforce Instance
Google has disclosed that the ShinyHunters extortion group breached one of its Salesforce databases and stole contact information for small and medium businesses, TechCrunch reports. ShinyHunters has been using voice phishing (vishing) attacks to target victims' Salesforce instances, recently breaching Adidas, Qantas, Allianz Life, Chanel Louis Vuitton, Dior, and Tiffany & Co., according to BleepingComputer. Google itself described this wave of ShinyHunters attacks in June. The company said in an update yesterday that "one of Google’s corporate Salesforce instances was impacted by similar UNC6040 activity described in this post." The company notes that most of the compromised data is publicly available business information.
Threat Actors Abuse Link-Warpping Services to Disguise Phishing URLs
Cloudflare warns that threat actors are abusing link-wrapping services from Proofpoint and Intermedia to mask phishing URLs. These link-wrapping services are designed to prevent users from visiting known malicious sites, but they aren't effective against phishing sites that haven't yet been flagged by security scanners.
Cloudflare explains, "Proofpoint link wrapping abuse is centered around gaining unauthorized access to Proofpoint-protected email accounts (i.e., accounts already leveraging Proofpoint URL wrapping). The attacker likely uses these accounts to 'launder' malicious URLs through Proofpoint’s link wrapping, distributing the newly legitimized links in phishing campaigns–either directly from the Proofpoint-protected account or via another compromised account or actor-controlled account." The attackers used similar tactics to abuse Intermedia's wrapping services.
In the campaign observed by Cloudflare, the phishing links led to credential-harvesting pages disguised as Microsoft 365 login portals.
.png)