Patch Monday August 2025 - Apple Zero Day Affecting iPadOS, iOS and macOS

Unsubscribe

Welcome to my August 2025 Patch Monday newsletter! Apple played catchup this month which makes sense since last month they didn't have any updates. There is a zero-day affecting iPad/iOS, Sequoia, Sonoma and Ventura. The update to patch the zero was released on 8/20. In the chart below, the link will take you to the previous update list for each product in July. If you would like more information about the zero-day you can visit this link. That link is specific to iPadOS but that particular CVE is the same zero day for the affected Apple products; CVE-2025-43300. Apple reports that a malicious image file may result in memory corruption and that specific targeted individuals may have already been exploited. So please get these products updated ASAP.

For the last 30 days we have four updates coming from Google for Chrome. In total, 23 vulnerabilities were updated. Of these, only five are rated "Critical" from Google. Thankfully Google Chrome doesn't have any zero days in the last 30 days.

Besides these it was a pretty busy month for the rest of Apples products and also Adobe. You will want to see if you have any of the affected products in the chart below.

Zoom only had two updates with one being "Critical" for the various software pieces within Zoom's Clients for Windows suite.

If there are any additional products you would like to see in the chart below, please let me know.

Be sure to browse the chart below and happy patching!

So, without further ado, here’s the chart of non-Microsoft 3rd party patches that affect Windows platforms in the past month.

Patch data provided by:
Identifier	Vendor/ Product	Affected Versions	Date Released by Vendor	Vulnerability Info	Vender Severity / Our Recommedation
Multiple CVE's	Adobe Commerce	Commerce and Magento Open Source 2.4.9-alpha1, 2.4.8-p1 and earlier, 2.4.7-p6 and earlier, 2.4.6-p11 and earlier, 2.4.5-p13 and earlier, 2.4.4-p14 and earlier Commerce B2B 1.5.3-alpha, 1 1.5.2-p1 and earlier, 1.4.2-p6 and earlier, 1.3.5-p11 and earlier, 1.3.4-p13 and earlier, 1.3.3-p14 and earlier	8/12/2025	Application DoS, Aribitrary File System Read Privilege Escalation, Security Feature Bypass	Critical Priority 2: Update within 30 days
Multiple CVE's	Adobe Substance 3D Viewer	0.25 and earlier	8/12/2025	Arbitrary Code Execution	Critical Priority 3: Update at admins discretion
Multiple CVE's	Adobe Animate	2023 23.0.12 and earlier 2024 24.0.9 and earlier	8/12/2025	Arbitrary Code Execution, Memory Leak	Critical Priority 3: Update at admins discretion
Multiple CVE's	Adobe Illustrator	2024 28.7.8 and earlier 2025 29.6.1 and earlier	8/12/2025	Arbitrary Code Execution, Application DoS	Critical Priority 3: Update at admin's discretion
CVE-2025-49570	Adobe Photoshop	2024 25.12.3 and earlier 2025 26.8 and earlier	8/12/2025	Arbitrary Code Execution	Critical Priority 3: Update at admin's discretion
Multiple CVE's	Adobe Substance 3D Modeler	1.22.0 and earlier	8/12/2025	Arbitrary Code Execution, Memory Leak	Critical Priority 3: Update at admin's discretion
Multiple CVE's	Adobe Substance 3D Painter	11.0.2 and earlier	8/12/2025	Arbitrary Code Execution, Memory Leak	Critical Priority 3: Update at admins discretion
CVE-2025-54205	Adobe Substance 3D Sampler	5.0.3 and earlier	8/12/2025	Memory Leak	Important Priority 3: Update at admins discretion
Multiple CVE's	Adobe InDesign	ID20.4 and earlier ID19.5.4 and earlier	8/12/2025	Arbitrary Code Execution, Memory Leak	Critical Priority 3: Update at admins discretion
Multiple CVE's	Adobe InCopy	20.4 and earlier 19.5.4 and earlier	8/12/2025	Arbitrary Code Execution	Critical Priority 3: Update at admins discretion
Multiple CVE's	Adobe Substance 3D Stager	3.1.3 and earlier	8/12/2025	Arbitrary Code Execution, Memory Leak	Critical Priority 3: Update at admins discretion
Multiple CVE's	Adobe FrameMaker	2020 Update 8 and earlier 2022 Update 6 and earlier	8/12/2025	Arbitrary Code Execution, Memory Leak	Critical Priority 3: Update at admins discretion
CVE-2025-54238	Adobe Dimension	4.1.3 and earlier	8/12/2025	Memory Leak	Important Priority 3: Update at admins discretion
Multiple CVE's	Apple iPadOS	Before 17.7.10	8/20/2025	Application Termination, Data Leak, DoS, Memory Corruption, Out of Bounds, Security Feature Bypass, System Termination, Use After Free	Zero Day - Update ASAP
Multiple CVE's	Apple iOS	Before 18.6.2	8/20/2025	Application Termination, Data Leak, DoS, Memory Corruption, Out of Bounds, Security Feature Bypass, Spoofing	Zero Day - Update ASAP
Multiple CVE's	Apple macOS Sequoia	Before 15.6.1	8/20/2025	Application Termination, Arbitrary Code Execution, Cross Site Scripting, Data Leak, DoS, Memory Corruption, Out of Bounds, Privilege Escalation, Sandbox Escape, Security Feature Bypass, System Termination, Use After Free, Unauthorized Access	Zero Day - Update ASAP
Multiple CVE's	Apple macOS Sonoma	Before 14.7.8	8/20/2025	Application Termination, Arbitrary Code Execution, Data Leak, DoS, Memory Corruption, Out of Bounds, Privilege Escalation, Sandbox Escape, Security Feature Bypass, System Termination, Use After Free, Unauthorized Access	Zero Day - Update ASAP
Multiple CVE's	Apple macOS Ventura	Before 13.7.8	8/20/2025	Application Termination, Arbitrary Code Execution, Data Leak, DoS, Out of Bounds, Privilege Escalation, Sandbox Escape, Security Feature Bypass, System Termination, Use After Free, Unauthorized Access	Zero Day - Update ASAP
Multiple CVE's	Apple Safari	Before 18.6	7/30/2025	Application Termination, Cross Site Scripting, Data Leak, DoS, Memory Corruption, Out of Bounds, Security Feature Bypass, Spoofing, Use After Free	Update when possible
Multiple CVE's	Apple watchOS	Before 11.6	7/29/2025	Application Termination, Data Leak, DoS, Memory Corruption, Out of Bounds, Security Feature Bypass, Use After Free	Update when possible
Multiple CVE's	Google Chrome	Before 139.0.7258.138 (Linux) Before 139.0.7258.138/139 (Windows/Mac)	8/19/2025	Heap Buffer Overflow, Inappropriate Implementation, Insufficient Validation, Out of Bounds, Race, Use After Free	Update after testing
Multiple CVE's	Mozilla Thunderbird	Before 142	8/19/2025	Arbitrary Code Execution, Memory Corruption, Security Feature Bypass	Update after testing
Multiple CVE's	Mozilla Thunderbird ESR	Before 128.14	8/19/2025	Arbitrary Code Execution, Memory Corruption, Security Feature Bypass	Update after testing
Multiple CVE's	Mozilla Firefox	Before 142	8/19/2025	Arbitrary Code Execution, DoS, Memory Corruption, Security Feature Bypass, Spoofing	Update after testing
Multiple CVE's	Mozilla Firefox ESR	Before 140.2	8/19/2025	Arbitrary Code Execution, DoS, Memory Corruption, Security Feature Bypass, Spoofing	Update after testing
Multiple CVE's	Mozilla Firefox for iOS	Before 142	8/19/2025	Cross Site Scripting, DoS, Phishing	Update after testing
Multiple CVE's	Mozilla Focus for iOS	Before 142	8/19/2025	Cross Site Scripting, Phishing	Update after testing
CVE-2025-49456	Zoom Clients for Windows	Workplace for Windows before 6.4.10, Workplace VDI for Windows before 6.3.12, Rooms for Windows before 6.4.5, Rooms Controller for Windows before 6.4.5, Meeting SDK for Windows before 6.4.10	8/12/2025	Race Condition	Medium - Update after testing
CVE-2025-49457	Zoom Clients for Windows	Workplace for Windows before 6.3.10, Workplace VDI for Windows before 6.3.10, Rooms for Windows before 6.3.10, Rooms Controller for Windows before 6.3.10, Meeting SDK for Windows before 6.3.10	8/12/2025	Privilege Escalation via Untrusted Search Path	Critical - Update after testing

Thanks as always for reading and best wishes on security,

Randy Franklin Smith

Click here to unsubscribe

Ultimate Windows Security is adivision of Monterey Technology Group, Inc. ©2006-2025 Monterey Technology Group, All rights reserved. You may forward this email in its entirety but all other rights reserved.

9450 SW Gemini Drive #53822, Beaverton, OR 97008

Note: We do our best to provide quality information and expert commentary but use all information at your own risk.

Unsubscribe