Apple Patches iOS Flaw Allowing Recovery of Deleted Chats
Apple rolled out the security patches for dozens of iPhone and iPad models and generations.
The post Apple Patches iOS Flaw Allowing Recovery of Deleted Chats appeared first on SecurityWeek.
Apple rolled out the security patches for dozens of iPhone and iPad models and generations.
The post Apple Patches iOS Flaw Allowing Recovery of Deleted Chats appeared first on SecurityWeek.
The flaw allows attackers to access the SAM database, extract NTLM hashes, and gain System privileges.
The post Recent Microsoft Defender Vulnerability Exploited as Zero-Day appeared first on SecurityWeek.
The vulnerability can be exploited remotely, without authentication, to circumvent existing authentication controls.
The post Critical HPE AOS-CX Vulnerability Allows Admin Password Resets appeared first on SecurityWeek.

Can a computer be infected with malware simply by processing a photo β particularly if that computer is a Mac, which many still believe (wrongly) to be inherently resistant to malware? As it turns out, the answer is yes β if youβre using a vulnerable version of ExifTool or one of the many apps built based on it. ExifTool is a ubiquitous open-source solution for reading, writing, and editing image metadata. Itβs the go-to tool for photographers and digital archivists, and is widely used in data analytics, digital forensics, and investigative journalism.
Our GReAT experts discovered a critical vulnerability β tracked as CVE-2026-3102 β which is triggered during the processing of malicious image files containing embedded shell commands within their metadata. When a vulnerable version of ExifTool on macOS processes such a file, the command is executed. This allows a threat actor to perform unauthorized actions in the system, such as downloading and executing a payload from a remote server. In this post, we break down how this exploit works, provide actionable defense recommendations, and explain how to verify if your system is vulnerable.
ExifTool is a free, open-source application addressing a niche but critical requirement: it extracts metadata from files, and enables the processing of both that data and the files themselves. Metadata is the information embedded within most modern file formats that describes or supplements the main content of a file. For instance, in a music track, metadata includes the artistβs name, song title, genre, release year, album cover art, and so on. For photographs, metadata typically consists of the date and time of a shot, GPS coordinates, ISO and shutter speed settings, and the camera make and model. Even office documents store metadata, such as the authorβs name, total editing time, and the original creation date.
ExifTool is the industry leader in terms of the sheer volume of supported file formats, as well as the depth, accuracy, and versatility of its processing capabilities. Common use cases include:
The list goes on and on. ExifTool is available both as a standalone command-line application and an open-source library, meaning its code often runs under the hood of powerful, multi-purpose tools; examples include photo organization systems like Exif Photoworker and MetaScope, or image processing automation tools like ImageIngester. In large digital libraries, publishing houses, and image analytics firms, ExifTool is frequently used in automated mode, triggered by internal enterprise applications and custom scripts.
To exploit this vulnerability, an attacker must craft an image file in a certain way. While the image itself can be anything, the exploit lies in the metadata β specifically the DateTimeOriginal field (date and time of creation), which must be recorded in an invalid format. In addition to the date and time, this field must contain malicious shell commands. Due to the specific way ExifTool handles data on macOS, these commands will execute only if two conditions are met:
A rare but by no means fantastical scenario for a targeted attack would look like this: a forensics laboratory, a media editorial office, or a large organization that processes legal or medical documentation receives a digital document of interest. This can be a sensational photo or a legal claim β the bait depends on the victimβs line of work. All files entering the company undergo sorting and cataloging via a digital asset management (DAM) system. In large companies, this may be automated; individuals and small firms run the required software manually. In either case, the ExifTool library must be used under the hood of this software. When processing the date of the malicious photo, the computer where the processing occurs is infected with a Trojan or an infostealer, which is subsequently capable of stealing all valuable data stored on the attacked device. Meanwhile, the victim could easily notice nothing at all, as the attack leverages the image metadata while the picture itself may be harmless, entirely appropriate, and useful.
GReAT researchers reported the vulnerability to the author of ExifTool, who promptly released version 13.50, which is not susceptible to CVE-2026-3102. Versions 13.49 and earlier must be updated to remediate the flaw.
Itβs critical to ensure that all photo processing workflows are using the updated version. You should verify that all asset management platforms, photo organization apps, and any bulk image processing scripts running on Macs are calling ExifTool version 13.50 or later, and donβt contain an embedded older copy of the ExifTool library.
Naturally, ExifTool β like any software β may contain additional vulnerabilities of this class. To harden your defenses, we also recommend the following:
Finally, if you work with freelancers or self-employed contractors (or simply allow BYOD), only allow them to access your network if they have a comprehensive macOS security solution installed.
Still think macOS is safe? Then read about these Mac threats:




The bugs could lead to arbitrary code execution, privilege escalation, or authentication rate-limit bypass.
The post Fortinet, Ivanti, Intel Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
Novee researchers discovered 16 vulnerabilities in Foxit and Apryse PDF tools that could have been exploited via malicious documents or URLs.
The post Vulnerabilities in Popular PDF Platforms Allowed Account Takeover, Data Exfiltration appeared first on SecurityWeek.
GTIG and Mandiant said the zero-day tracked as CVE-2026-22769 has been exploited by UNC6201 since at least 2024.
The post Dell RecoverPoint Zero-Day Exploited by Chinese Cyberespionage Group appeared first on SecurityWeek.
It also fixed a high-severity authentication bypass that could be exploited remotely without authentication to obtain credentials.
The post Ivanti Patches Endpoint Manager Vulnerabilities Disclosed in October 2025 appeared first on SecurityWeek.
More than two dozen advisories have been published by the chip giants for vulnerabilities found recently in their products.
The post Chipmaker Patch Tuesday: Over 80 Vulnerabilities Addressed by Intel and AMD appeared first on SecurityWeek.
The bugs could be exploited without authentication for command execution and authentication bypass.
The post Fortinet Patches High-Severity Vulnerabilities appeared first on SecurityWeek.
Dozens of vulnerabilities, bugs, and potential improvements have been identified by the tech giantsβ security teams.
The post Google-Intel Security Audit Reveals Severe TDX Vulnerability Allowing Full Compromise appeared first on SecurityWeek.
The KEV list is useful but largely misunderstood. KEVology explains what it is, and how best to use it.
The post New Paper and Tool Help Security Teams Move Beyond Blind Reliance on CISAβs KEV Catalog appeared first on SecurityWeek.
The security defect allows unauthenticated attackers to execute arbitrary code remotely via malicious HTTP requests.
The post Critical SmarterMail Vulnerability Exploited in Ransomware Attacks appeared first on SecurityWeek.
CISA updated 59 KEV entries in 2025 to specify that the vulnerabilities have been exploited in ransomware attacks.
The post Concerns Raised Over CISAβs Silent Ransomware Updates in KEV Catalog appeared first on SecurityWeek.
VS Code-integrated configuration files are automatically executed in Codespaces when the user opens a repository or pull request.
The post VS Code Configs Expose GitHub Codespaces to Attacks appeared first on SecurityWeek.
The vulnerability could allow attackers to execute arbitrary commands and steal credentials and other secrets.
The post Critical N8n Sandbox Escape Could Lead to Server Compromise appeared first on SecurityWeek.
The security defects can lead to DoS conditions, arbitrary command execution, and privilege escalation.
The post Cisco, F5 Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
Albeit mainly considered a theoretical risk, the flaw has been exploited to disable protections and deliver malware.
The post Critical React Native Vulnerability Exploited in the Wild appeared first on SecurityWeek.
OpenClaw (aka Moltbot and Clawdbot) is vulnerable to one-click remote code execution attacks.
The post Vulnerability Allows Hackers to Hijack OpenClaw AI AssistantΒ appeared first on SecurityWeek.
Aisy has emerged from stealth mode with $2.3 million in seed funding for its AI-assisted platform.
The post Aisy Launches Out of Stealth to Transform Vulnerability Management appeared first on SecurityWeek.