Apple’s latest operating systems for its most popular devices — iPhones, iPads and Macs — include patches for multiple vulnerabilities, but the company didn’t issue any warnings about active exploitation. 

Apple patched 27 defects with the release of iOS 26 and iPadOS 26 and 77 vulnerabilities with the release of macOS 26, including some bugs that affected software across all three devices. Apple’s new operating systems, which are now numbered for the year of their release, were published Monday as the company prepares to ship new iPhones later this week.

Users that don’t want to upgrade to the latest versions, which adopt a translucent design style Apple dubs “liquid glass,” can patch the most serious vulnerabilities by updating to iOS 18.7 and iPad 18.7 or macOS 15.7. Most Apple devices released in 2019 or earlier are not supported by the latest operating systems.

None of the vulnerabilities Apple disclosed this week appear to be under active attack, Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative, told CyberScoop.

Apple previously issued an emergency software update to customers last month to patch a zero-day vulnerability — CVE-2025-43300 — that was “exploited in an extremely sophisticated attack against specific targeted individuals,” the company said in a series of updates for iOS, iPadOS and macOS.

The company has addressed five actively exploited zero-days this year, including defects previously disclosed in January, February, March and April. Seven Apple vulnerabilities have been added to the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerabilities catalog this year. 

Unlike many vendors, Apple doesn’t provide details about the severity of vulnerabilities it addresses in software updates. Childs noted it would be helpful if Apple issued some sort of initial severity indicator alongside the vulnerabilities it patches — even if it doesn’t follow the Common Vulnerability Scoring System.

A pair of vulnerabilities patched in macOS — CVE-2025-43298, which affects PackageKit, and CVE-2025-43304, which affects StorageKit — are concerning because exploitation could allow an attacker to gain root privileges, Childs said. 

“On the iOS side, I don’t see anything that makes me sweat immediately but there are a lot of bugs addressed,” he added.

Apple also patched seven defects in Safari 26, 19 vulnerabilities in watchOS 26, 18 bugs in visionOS 26 and five defects in Xcode 26. 

More information about the vulnerabilities and latest software versions are available on Apple’s security releases site.

The post Apple addresses dozens of vulnerabilities in latest software for iPhones, iPads and Macs appeared first on CyberScoop.

Cisco disclosed a maximum-severity vulnerability affecting its Secure Firewall Management Center Software that could allow unauthenticated attackers to inject arbitrary shell commands and execute high-privilege commands, the vendor said in a security advisory Thursday. 

The enterprise networking vendor said it discovered the vulnerability — CVE-2025-20265 — during internal security testing. Cisco released a patch for the defect along with a series of 29 vulnerabilities in other Cisco Secure technologies. 

“To date, Cisco’s Product Security Incident Response Team (PSIRT) is not aware of any malicious use or exploitation of this vulnerability, and we strongly urge customers to upgrade to update releases,” a Cisco spokesperson told CyberScoop. “If an immediate upgrade is not feasible, implement a mitigation as outlined in the advisory.”

The disclosure marks yet another vulnerability in a widely used edge technology — a common and persistent point of intrusion for attackers. Edge technologies, including VPNs, firewalls and routers, harbored the four most frequently exploited vulnerabilities in 2024, according to Mandiant’s M-Trends report released earlier this year. 

“Anytime you see ‘remote, unauthenticated command injection,’ you should be concerned,” Nathaniel Jones, VP of security and AI strategy at Darktrace, told CyberScoop. “These are exactly the types of vulnerabilities that pose significant danger because they are highly attractive to nation-state actors like Salt Typhoon — and such groups are likely to move quickly to exploit them.” 

Darktrace hasn’t observed exploitation in the wild, nor is it aware of a proof-of-concept exploit. “But, this type of vulnerability means the clock is ticking. I’d bet a proof-of-concept is available come Monday,” Jones said. 

The remote-code execution vulnerability, which has a CVSS rating of 10, involves improper handling of user input during the authentication phase. “For this vulnerability to be exploited, Cisco Secure FMC Software must be configured for RADIUS (remote authentication dial-in user service) authentication for the web-based management interface, SSH (secure shell) management, or both,” Cisco said in the advisory.

The vulnerability affects Cisco Secure FMC Software versions 7.0.7 and 7.7.0 with RADIUS authentication enabled. The platform allows customers to configure, monitor, manage and update firewall controls. 

“The vulnerability means that no credential is needed nor proximity, and you can get full privileges,” Jones added. “The improper-input handling could let an attacker craft authentic packets containing malicious payloads that escape the intended command context and run arbitrary OS commands.”

The vendor said there are no workarounds for the vulnerability, and it confirmed the defect does not affect Cisco Secure Firewall Adaptive Security Appliance Software or Cisco Secure Firewall Threat Defense Software.

Jones said the maximum-severity vulnerability accentuates the unflattering security posture of edge devices and their development lifecycles. “It just reinforces why they’re attacked — because they sit at network boundaries where attackers can reach them without stepping inside first, often have high privileges and broad visibility and the gatekeeper can bypass multiple layers of security at once,” he said.

Cisco encouraged customers to determine exposure to CVE-2025-20265 and other vulnerabilities by running the Cisco Software Checker, which identifies vulnerabilities impacting specific software releases.

The post Cisco discloses maximum-severity defect in firewall software appeared first on CyberScoop.