In a stark reminder of the evolving cybersecurity landscape, recent vulnerabilities in Microsoft and Apple systems have been swiftly exploited by threat actors, emphasizing the critical need for timely updates and proactive security measures.
Microsoft’s CVE-2025-24054 Exploited Within Days
On March 11, 2025, Microsoft released its Patch Tuesday updates, addressing various security flaws, including CVE-2025-24054—a vulnerability in the Windows Common Log File System (CLFS) driver. Initially deemed “less likely” to be exploited, this vulnerability was weaponized by attackers within just eight days.
Exploitation involved phishing emails containing malicious ZIP archives hosted on Dropbox. These archives included files that, when interacted with, triggered the vulnerability, leading to the leakage of Net-NTLMv2 hashes. Such leaks can be leveraged for offline brute-force attacks or relay attacks, potentially granting unauthorized access to systems.
Notably, the stolen hashes were exfiltrated to an IP address previously associated with the Russian-linked APT28 group, though no direct attribution has been confirmed.
Apple’s Immediate Response to Zero-Day Exploits
Simultaneously, Apple addressed two zero-day vulnerabilities with the release of iOS 18.4.1 and iPadOS 18.4.1.
- A memory corruption issue in CoreAudio, which could allow arbitrary code execution when processing malicious audio files.
- A flaw in the Return Pointer Authentication Code (RPAC), potentially enabling attackers with arbitrary read and write access to bypass pointer authentication mechanisms.
Apple credited the discovery of these vulnerabilities to its internal teams and Google’s Threat Analysis Group, highlighting the collaborative effort in identifying and mitigating such threats.
Implications for Small and Medium Enterprises (SMEs)
These incidents underscore the increasing speed at which vulnerabilities are being exploited post-disclosure. For SMEs, this trend necessitates:
- Prompt Patch Management: Ensuring that all systems are updated as soon as patches are released.
- Employee Awareness: Training staff to recognize and report phishing attempts and suspicious activities.
- Robust Security Protocols: Implementing multi-layered security measures to detect and prevent unauthorized access.
At Blue Eclipse Ltd, we specialize in assisting SMEs to navigate these challenges, offering tailored solutions to enhance their cybersecurity posture.
For further details on these vulnerabilities, refer to the original reports from The Register and BleepingComputer