Monthly Archives: May 2026

Potential Risk of CVE

CVE-2026-31431: Copy Fail, a module designed to ensure security (encryption), has become a tool used to undermine security (4th May 2026)

Leave a comment

Preface: The algif_aead module is a Linux-specific component of the AF_ALG socket interface. It is rarely the primary choice for application-level encryption even on Linux, and it has no direct equivalent in the architecture of Apple’s iOS XNU kernel.

Background: The use of algif_aead is a niche architectural choice for several reasons:

Platform Dependency: It is part of the Linux Kernel Crypto API. Apps targeting multiple platforms (Android, iOS, Windows) prefer cross-platform libraries like OpenSSL, BoringSSL, or libsodium to avoid writing platform-specific kernel interface code.

The specified design weakness (Copy Fail) in the Linux kernel allows a local attacker to overwrite read-only files by manipulating the page cache via splice() and the AF_ALG (kernel crypto) interface.

Ref: This exploit allows a write to the page cache of that file. This explains how a read-only file gets “overwritten” in memory, which is the “magic” of this vulnerability.

Vulnerability details: In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead – Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

Official announcement: Please refer to link for details – https://nvd.nist.gov/vuln/detail/CVE-2026-31431

Cell Phone (iPhone, Android, windows mobile), Potential Risk of CVE

The “ghost data” issue has been fixed in iOS 18.7.8 and iPadOS 18.7.8, as well as iOS 26.4.2 and iPadOS 26.4.2 on 24th Apr 2026. Did you receive same update alert again on 1st of May 2026? (2nd May 2026)

Leave a comment

Preface: My iPhone 15 pushed the iOS 26.4.2 update again on May 2, 2026. I think even if you installed it around April 24—is likely because Apple released a revised build of that same update to address continued issues, or my device failed to properly register the previous installation due to the emergency nature of the patch.

Background: Why I received the update again on 1st May 2026. The NVD’s last modified date is shown as April 29, 2026. Therefore, this is one of the reasons why I need to perform the analysis again. Why update again? Similar to previous scenarios in 2023, Apple often re-issues critical patches if the first version did not fully resolve the issue, was causing compatibility problems, or if new information about the vulnerability arose.

My observation: The April 29 update reinforces why your switch to PRAGMA secure_delete = ON; is the right move. The official fix description—”improved data redaction”—aligns with the behavior of secure_delete, which physically overwrites data to ensure it cannot be recovered via forensic tools.

By using the PRAGMA, you are implementing at the application level what Apple has now implemented at the OS level: ensuring that when a record is “deleted,” its physical remnants are immediately destroyed.

The following URL is the analysis report I published on April 24, 2026 – http://www.antihackingonline.com/cell-phone-iphone-android-windows-mobile/the-ghost-data-issue-has-been-fixed-in-ios-18-7-8-and-ipados-18-7-8-as-well-as-ios-26-4-2-and-ipados-26-4-2-24th-apr-2026/

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2026-28950