Threat Intelligence Report

The most critical vulnerability today is CVE-2024-2787, which affects Apple's archive utility, enabling arbitrary file write and bypassing Gatekeeper, Apple's security feature that enforces code signing and verifies downloaded applications before allowing them to run. This presents severe implications as it could potentially allow an attacker to execute malicious code without user intervention. A proof-of-concept exploit has been released, increasing the urgency for users to update their systems.

In other news, Microsoft’s patch for a previous symlink vulnerability has inadvertently introduced a new flaw, which can lead to a denial-of-service (DoS) attack on Windows Update, preventing users from receiving necessary security updates. Also, CVE-2025-31324, a critical zero-day vulnerability in SAP NetWeaver, is currently being exploited in the wild. Attackers are deploying web shells and command-and-control (C2) frameworks, enabling them to maintain persistence and potentially take over affected systems. It is of utmost importance for organizations using SAP NetWeaver to apply the necessary patches immediately to mitigate this high-risk vulnerability. Today's findings underscore the relentless dynamic nature of cybersecurity, underscoring the need for continuous vigilance and prompt action on identified vulnerabilities.

Our analysis for April 25, 2025, begins with a critical flaw in the Apple Archive utility, labelled CVE-2024-2787, which allows for arbitrary file writing and a bypass of Gatekeeper. Gatekeeper, designed to protect Mac users from malicious software, can be evaded through the exploitation of this vulnerability, subsequently allowing for arbitrary file-writing. The potential impact of this flaw is severe, as it grants an attacker the ability to execute malicious code without the user's knowledge. Moreover, the problem has been exacerbated by the public release of Proof of Concept (PoC) code, which provides a roadmap for potential attackers to exploit this vulnerability. Users are advised to update their systems as soon as possible to mitigate this risk. In Microsoft-related security news, a patch designed to address a Symlink exploit has unintentionally introduced a new vulnerability that can be exploited to create a Denial of Service (DoS) condition on the Windows Update service. This new flaw can be used by attackers to disrupt the critical update mechanism, potentially leaving systems vulnerable to other known exploits if they are unable to update. Microsoft is currently working on a fix for this issue, but in the meantime, administrators are advised to monitor their systems closely for any unusual activity. Lastly, we bring attention to a zero-day exploit in SAP NetWeaver, labelled CVE-2025-31324, which carries a severity score of 10 on the Common Vulnerability Scoring System (CVSS). This vulnerability is currently being exploited in the wild to deploy webshells and command-and-control (C2) frameworks. The severity of this vulnerability lies in its ability to provide an attacker with complete control over the affected system, including access to sensitive data and the capability to disrupt essential services. SAP has released a patch for this vulnerability, and users are urged to apply this update immediately. In conclusion, today's security landscape is dominated by critical vulnerabilities in widely used software, including Apple's macOS and Microsoft's Windows, along with enterprise solutions like SAP NetWeaver. Updating these systems to their latest versions is the most effective way to mitigate these risks. Moreover, it is also essential to maintain a vigilant watch over system activities to detect any unusual patterns that may signal an impending attack.