Cell Phone (iPhone, Android, windows mobile)

The main updates in iOS 26.2.1 include support for the second-generation AirTag and general bug fixes. (9 Feb 2026)

Leave a comment

Preface: According to Apple’s security update documentation, these two critical zero-day vulnerabilities, CVE-2025-43529 and CVE-2025-14174, were officially patched in iOS 26.2 released on December 15, 2025. CVE-2025-46285 is also typically a security patch included with iOS 26.2.

Upgrading to 26.2.1 will indeed ensure your iPhone is protected against the aforementioned CVE vulnerabilities, but these protections were already in place in version 26.2. If you are already on 26.2.1, the current system is the most secure official release as of today (February 6, 2026).

Focus: There are many services available that can easily provide facial recognition capabilities, including Amazon Rekognition, OpenCV, and Microsoft Azure.

Apple uses its own internal frameworks like Core ML and Vision to perform on-device machine learning and image analysis. With the help of Core ML, facial recognition is definitely possible using the Vision framework, although that requires integrating a previously trained model into your app.

Although iOS 26.2.1 was intended to fix bugs, some users encountered the following problems after updating:

  • Issues with Face ID in iOS 26.2.1: Face ID is unresponsive when unlocking or entering third-party apps (such as banking apps).
  • Some users have reported that after the update, apps that previously supported Face ID login no longer display the facial recognition window.
  • Reports indicate that iOS 26.2.1 may have a storage space reporting error, indirectly causing instability in system components such as Face ID.

Summary:  the Face ID fixes in iOS 26.2.1 are more focused on underlying system stability (such as updates to the Secure Enclave feature and adjustments to the audio/camera pipeline) rather than errors in the Core ML integration logic. If you encounter a situation where the Vision framework cannot recognize faces while developing your application, you usually need to check the model’s VNRequest configuration.

Although not weekly or mandated:

Apple performs:

  • Static code scanning
  • Behavioral analysis on device
  • Privacy API usage scanning
  • Analysis of network calls

Make sure:

✔ No private API usage
✔ No runtime permission circumvention
✔ No silent data upload

Science

Comet 3I/ATLAS is visiting our solar system as an interstellar traveller. What can we learn from it? (6-Feb-2026)

Leave a comment

Preface: Philosophy is the “love of wisdom,” defined as the systematic, rational study of fundamental questions regarding existence, knowledge, truth, ethics, and the meaning of life. Civilization develops along with the progress of science, technology and culture.

Earth’s civilization dates back thousands of years. During this period, many inexplicable events occurred, leading to suspicions that they might be related to extraterrestrial civilizations. Despite the discovery of structures similar to the ruin of Puma Punku, the mainstream view avoids the topic. NASA has confirmed that 3I/ATLAS is an interstellar comet. Therefore, details regarding its potential connection to extraterrestrial life are no longer valid. Perhaps you’ve already lost interest?

Background: From a scientific perspective, exploring unknown objects in space requires making many technological assumptions. For example, this unknown object did not form naturally. Could it pose a threat to humanity? Astronomers and professors focus on its scientific parameters and spectral analysis, but conversely: if 3I/ATALS is a monitoring device, it might also conclude that our Moon and Earth did not form by chance!

Scientific details: The Moon’s existence is not just a coincidence; it is Earth’s gravitational stabilizer.

The Gyroscopic Effect (Axial Stability)

Think of Earth as a spinning top. Without an outside force to steady it, a spinning top eventually wobbles and tips over.

The Moon as an Anchor: The Moon’s gravity exerts a constant pull on Earth’s equatorial bulge (the slight “spare tire” shape Earth has because of its rotation).

Stabilizing the Tilt: This “gravitational grip” keeps Earth’s axial tilt steady at about 23.5 degrees.

Preventing Chaos: Without the Moon, the gravity of other planets (like Jupiter) would pull Earth’s tilt into chaotic shifts, swinging anywhere from 0 to 85 degrees over millions of years

Reference: Puma Punku is an ancient, 6th-century, 3,850-meter-high, archaeological site in Bolivia featuring massive, intricately cut, and interlocking red sandstone and andesite blocks. Located near the larger Tiwanaku complex, these ruins are famed for their precise, H-shaped, and near-microscopic stonework, which some researchers suggest may indicate advanced engineering techniques.

End of reading.

IoT, Potential Risk of CVE

CVE-2025-47366: Qualcomm remediation – focuses on Memory Corruption during deinitialization. (5th Feb 2026)

Leave a comment

Preface: The iframe (Inline Frame) is an HTML element used to embed another document or website within the current web page (e.g., embedding a YouTube video or a Google Map).

Background: High-bandwidth Digital Content Protection (HDCP) in a Trusted Execution Environment (TEE) refers to securing the handshake, authentication, and encryption keys of audio/video content within a secure, isolated area of a device’s processor.

  • When a HDCP session is deinitialized, the non-secure buffer allocated for communication with the TEE is freed.
  • However, if the cleanup sequence does not enforce strict ordering, “lingering references” (such as asynchronous callbacks or TEE drivers) might still attempt to access that memory.
  • This results in a memory corruption (Use-After-Free), allowing a local attacker with low privileges to potentially escalate their rights or cause a system crash. 

This is a memory integrity issue, not a cryptographic one.  Memory corruption during deinitialization. The vulnerability resides in the way the HLOS (Android kernel/drivers) and TrustZone interact, the fix must be applied at the Firmware/Kernel level via a system update from the manufacturer (OEM). 

Vulnerability details:

Title: Exposed Dangerous Method or Function in HLOS

Description: Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input.

Technology Area: HLOS

Vulnerability Type: CWE-749 Exposed Dangerous Method or Function.

Risk Level High (CVSS Score: 7.8)

Affected Platforms: Multiple Qualcomm Chipsets (including Snapdragon series)

Official announcement: Please refer to the link for more details –

https://docs.qualcomm.com/securitybulletin/february-2026-bulletin.html

IoT, Potential Risk of CVE

CVE-2026-25142: If you are using SandboxJS [@nyariv/sandboxjs] for IoT (ESP32) development, please be cautious! (5 Feb 2026)

Leave a comment

Preface: The ESP32 is a low-cost, low-power System on a Chip (SoC) microcontrollers with integrated Wi-Fi and dual-mode Bluetooth, making it a cornerstone for modern Internet of Things (IoT) applications. It offers direct, high-level control over hardware peripherals, including GPIOs, built-in Flash memory, and network interfaces, with extensive support for low-power operation.

Background: When using SandboxJS (@nyariv/sandboxjs) for ESP32 or any Internet of Things (IoT) development, caution is essential. While the tool is designed to provide a “secure eval runtime environment,” a major vulnerability recently discovered could put your embedded devices at risk.

Core Security Risks

  • Prototype Pollution: A critical vulnerability (CVE-2025-34146) exists in versions 0.8.23 and earlier. An attacker could inject malicious JavaScript code into `Object.prototype`, potentially leading to a denial-of-service (DoS) attack or escape from the sandbox environment to execute arbitrary code.
  • Sandbox Escape: In early 2026, a critical escape vulnerability (GHSA-wxhw-j4hc-fmq6) was disclosed again. The reason was that the AsyncFunction was not properly isolated, which allowed attackers to access the entire scope and execute native commands.
  • Specific threats to IoT devices: Because ESP32 typically has direct control over hardware (GPIO, Flash memory, network), once the sandbox is breached, attackers may directly manipulate the physical device, steal keys stored in Flash memory, or even perform malicious firmware updates.

Vulnerability details: SandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, SanboxJS does not properly restrict __lookupGetter__ which can be used to obtain prototypes, which can be used for escaping the sandbox / remote code execution. This vulnerability is fixed in 0.8.27.

Official announcement: Please refer to the link for details –

https://nvd.nist.gov/vuln/detail/CVE-2026-25142

https://github.com/nyariv/SandboxJS/security/advisories/GHSA-9p4w-fq8m-2hp7

Recommendation:

Implement hardware isolation – Utilize ESP32’s hardware security features (such as Secure Boot, Flash encryption, and digital signature peripherals) to protect core keys, making it difficult for attackers to obtain sensitive credentials even if application-layer software is cracked. Consider alternatives – For embedded scenarios with extremely high security requirements, consider well-maintained JavaScript engines designed specifically for microcontrollers, such as Espruino or Moddable SDK.

IoT, Potential Risk of CVE

CVE-2025-47363: In Qualcomm-specified products, memory corruption when calculating oversized partition sizes without proper checks. (4th Feb-2026)

Leave a comment

Preface: ADAS data streams refer to the constant flow of real-time information collected from the vehicle’s environment by sensors like cameras, radar, lidar, and ultrasonic sensors. This data, along with processed information, is sent to the vehicle’s central computer (ADAS ECU) which uses it to perform functions such as object detection, lane keeping, and adaptive cruise control, ultimately improving safety and driving comfort. The Qualcomm Snapdragon SA9000P is a highly capable, leading-edge AI accelerator designed for Advanced Driver Assistance Systems (ADAS) and autonomous driving, frequently used in combination with the SA8540P SoC as part of the Snapdragon Ride platform.

Background: Qualcomm defines memory-conservative configurations in device trees primarily to optimize boot speed, ensure system stability, and manage the complex, carved-out memory architecture typical of modern mobile SoCs. By limiting available RAM during the initial boot, Qualcomm can skip initializing vast amounts of memory, resulting in significant boot time savings (e.g., 20-30ms per GB of RAM).

DTS is capable of providing attacker‑controlled (or misconfigured) large memory partitions, which is necessary for exploitability. But the DTS alone is not the vulnerability — the bug is in Qualcomm’s handling of these sizes in downstream drivers or frameworks.

Remark: Secure engineering limit for HLOS‑visible reserved regions: Do NOT exceed 1/16th of total DDR per region unless Qualcomm documentation explicitly permits it. So the “secure maximum” becomes: 2 GB per reserved-memory region. The recommended in safety‑critical domains): Limit to 1 GB.

Vulnerability details: CVE-2025-47363 integer Overflow or Wraparound in Automotive (Memory corruption when calculating oversized partition sizes without proper checks).

This means the vulnerable path occurs when a Qualcomm driver or subsystem performs arithmetic on a partition size, and the size is large enough to overflow internal calculations, resulting in corrupted pointers, truncated lengths, or allocated regions smaller or larger than expected.

Even if the original driver is not the bug — but it can exercise the buggy Qualcomm code by providing a large memory region, which may cause overflow inside Qualcomm subsystems.

Official announcement: Please refer to the link for details – https://docs.qualcomm.com/securitybulletin/february-2026-bulletin.html

Cell Phone (iPhone, Android, windows mobile), Potential Risk of CVE

Regarding Apple’s CVE-2025-46285: The handling of 32-bit timestamps in Swift and their security importance. (2 Feb 2026)

Leave a comment

Preface: As of February 2026, Apple has issued urgent security updates—specifically iOS 26.2.1 and iOS 26.2—to patch critical vulnerabilities (CVE-2025-43529, CVE-2025-14174, and CVE-2025-46285) that were exploited in targeted attacks. These bugs, affecting the WebKit browser engine and Kernel, allow arbitrary code execution and unauthorized root privileges. Users must immediately update to protect their devices.

Background: Adopting 64-bit timestamps means changing how computers store time, replacing 32-bit integers with 64-bit integers to record seconds since the Unix Epoch (Jan 1, 1970). This shift eliminates the “Year 2038 problem,” extending the maximum representable date from January 2038 to over 292 billion years in the future, ensuring long-term system stability and precision.

Apple’s security hardening efforts following vulnerability CVE‑2025‑46285. CVE‑2025‑46285 was a system‑level integer‑overflow vulnerability in Apple platforms. It occurred because 32‑bit timestamps could overflow, and in certain OS internals this overflow allowed a malicious app to gain root privileges. Apple’s official fix for this vulnerability was to “adopt 64‑bit timestamps”, which eliminates the overflow condition entirely on the affected systems.

Vulnerability details: CVE-2025-46285: A Kernel vulnerability allowing apps to gain root privileges, bypassing app sandboxes.

Official announcement: Please refer to the link for more details

https://support.apple.com/en-us/100100

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2025-46285#vulnCurrentDescriptionTitle

http://www.antihackingonline.com/cell-phone-iphone-android-windows-mobile/cve-2025-43529-apple-multiple-products-use-after-free-webkit-vulnerability-31-12-2025/

http://www.antihackingonline.com/cell-phone-iphone-android-windows-mobile/the-media-reports-in-january-2026-were-triggered-by-a-security-warning-issued-by-apple-on-december-16-2025-20th-jan-2026/

AI and ML, Potential Risk of CVE

CVE-2025-33220 only applies to NVIDIA vGPU deployments running on hypervisors, such as TKGI clusters on vSphere. (2 Feb 2026)

Leave a comment

Preface: When comparing VMware TKGI, Docker, and Kubernetes (K8s) for CUDA (NVIDIA’s parallel computing platform) workflows, the “best” choice depends on your scale and infrastructure.

Choose Docker – if you are a data scientist doing local model development.

Choose Native Kubernetes – if you are building a large-scale AI platform on physical hardware (Bare-metal) for maximum performance.

Choose VMware TKGI – if you need high availability, vGPU flexibility, and are already heavily invested in the VMware ecosystem.

Background: CVE‑2025‑33220 lives in the hypervisor’s vGPU Manager, not in:

  • Docker
  • Containerd
  • Kubernetes
  • NVIDIA Container Runtime
  • NVIDIA Docker runtime
  • PyTorch/TensorFlow workloads
  • CUDA libraries inside containers

CVE‑2025‑33220 requires:

  1. Freeing an object inside the hypervisor
  2. A later operation accessing that SAME freed internal heap structure
  3. The hypervisor NOT realizing the handle is stale
  4. A malformed RM object relationship or command sequence
  5. Conditions normal CUDA applications never generate

If there is no hypervisor-based vGPU, there is no attack surface, because:

  • The ioctl path stops at the bare‑metal NVIDIA GPU driver
  • There is no vGPU Manager backend
  • No vGPU protocol messages are generated
  • No hypervisor memory structures exist to exploit

The CVE is triggered only under very specific hypervisor‑internal states that normal or even “weird order” RMAPI usage will never produce.

Vulnerability details: CVE-2025-33220 – NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause heap memory access after the memory is freed. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.

Official announcement: Please refer to the link for details.- https://nvidia.custhelp.com/app/answers/detail/a_id/5747

AI and ML, Potential Risk of CVE

In-depth analysis of CVE-2025-33234: NVIDIA runx contains this vulnerability. (30-01-2026)

Leave a comment

Preface: According to the NVIDIA security bulletin for runx updated January 23, 2026 – A vulnerability (CVE‑2025‑33234) was found “during End of Support, but prior to End of Life.”

Background: An ML hyperparameter sweep is the automated process of systematically testing different combinations of hyperparameter values for a machine learning model to identify the configuration that yields the best performance. Hyperparameters are external settings that control the learning process, such as the learning rate or number of hidden layers, and must be set before training begins.

NVIDIA runx (Deep Learning Library) – This is a lightweight Python tool used for experiment management and hyperparameter sweeps.

Vulnerability details: CVE-2025-33234 NVIDIA runx contains a vulnerability where an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Official announcement: Please refer to the link for details – https://nvidia.custhelp.com/app/answers/detail/a_id/5764

Appendix: runx is a local Python script for organizing your personal files, while NVIDIA Run:ai is a cloud-based infrastructure for managing hardware. To move from a local developer environment using runx to an enterprise environment using Run:ai, you must transition from a “local script” workflow to a “containerized” workflow.

Realistic examples where Run:ai WOULD be impacted (conceptual, not exploit details)

Scenario 1

runx injects malicious commands into a Python file your training code imports →
you copy the folder into Docker →
Run:ai runs that code →
the malicious code executes.

Scenario 2

runx generates a poisoned submit_cmd[.]sh or config file →
you include it in the Docker image →
your entrypoint or tools accidentally run it.

Scenario 3

runx modifies your dataset or preprocessing script →
container uses that script →
it runs inside Run:ai.

Reminder: These examples show pollution can travel only if you physically package it into the container.

Potential Risk of CVE

Retrospective: CVE‑2025‑59718 and CVE‑2025‑59719 both involve weaknesses in how FortiCloud handles SSO authentication and authorization, but they are not only about attribute/role mapping. They relate more broadly to how SSO assertions are validated and how privilege assignment occurs. (29-01-2026)

Leave a comment

Preface: You can summarize it as: “FortiCloud MUST fail SSO login when mandatory SAML attributes are missing, malformed, incorrect, unsigned, or expired. No fallback admin privileges are permitted under any circumstance”.

Background: A patch for CVE-2025-59718 and CVE-2025-59719 contains a vulnerability that allows attackers to bypass SSO login verification via a carefully crafted SAML message, provided FortiCloud SSO is enabled on the affected device. Fortinet patched these issues last month. Last week, reports surfaced of malicious SSO login activity reappearing on FortiGate devices that had been patched for the two vulnerabilities, with attackers logging in using administrator accounts. This activity is similar to events that occurred shortly after the disclosure of CVE-2025-59718 and CVE-2025-59719 vulnerabilities last December.

Security Focus: Both CVE‑2025‑59718 and CVE‑2025‑59719 sit in the same category:

SSO trust + authorization enforcement weaknesses

Specifically, both are tied to situations where:

• FortiCloud accepts an SSO/SAML login

• But does not sufficiently enforce privilege/role restrictions

• Potentially allowing unintended or elevated administrator access

This is why they appear similar — they arise during:

“FortiCloud SSO + IAM authorization step after login.”

They do involve the handling of SAML/SSO attributes, but the underlying issue is broader than “incorrect mapping.”

Vulnerability details:

CVE-2025-59718 -A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

Ref: https://nvd.nist.gov/vuln/detail/CVE-2025-59718

CVE-2025-59719 -An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.

Ref: https://nvd.nist.gov/vuln/detail/CVE-2025-59719

Cell Phone (iPhone, Android, windows mobile), Potential Risk of CVE

Can we say that CVE-2025-0647 is not limited to the officially released affected products list? 28-01-2026

Leave a comment

Official Last updated: 14 Jan 2026

Preface: Smartphones using the ARM Cortex-X925 CPU core are primarily powered by the MediaTek Dimensity 9400 and Dimensity 9400+ chipsets. Key flagship devices featuring this processor include the OPPO Find X8 Pro, vivo X200 series, and Xiaomi 15T Pro. These phones utilize the chip’s “all-big-core” design for high-performance computing.

Dimensity 9400 and Dimensity 9400+ both chipsets use the same core components, including the ARM Cortex-X925 CPU, the Immortalis-G925 GPU, and the NPU 890. The primary difference lies in the clock speeds and certain enhanced connectivity/AI features of the Plus model.

Background: Cache prefetch predictionrestriction by context – This instruction prevents cache allocation predictions that predict execution addresses based on information gathered from earlier execution within a particular execution context. The actions of code in the target execution context or contexts appearing in program order before the instruction cannot exploitatively control cache prefetch predictions occurring after the instruction is complete and synchronized.

The Cortex-X925 supports Armv9’s Realm Management Extension (RME), which goes a step further than traditional TEE:

Confidential Computing: In addition to Android (Normal World) and TEE (Secure World), Armv9 introduces Realm World.

Realm Guest OS: A fully encrypted Guest OS (called Realm) can run on the Hypervisor (EL2), which even the Android Kernel cannot peek at.

Vulnerability details: An issue has been identified in some Arm-based CPUs which may allow a modified, untrusted guest OS to compromise the host in certain hypervisor environments.

Workaround: To workaround this issue, affected partners must perform TLB invalidation whenever a CPP RCTX instruction is executed. For details on how to do this, please see the Errata Notice for the relevant product.

Official announcement: Please refer to the link for details –

https://developer.arm.com/documentation/111546/1-0/?lang=en

antihackingonline.com