New Hak5 Video Discusses Critical Cybersecurity Topics

The latest video from the @hak5 channel covers several crucial cybersecurity topics, including zero-day vulnerabilities at Apple, new U.S. legislation on cybercrime, and the emergence of a new zero-day broker offering substantial rewards.

Firstly, the video discusses a new zero-day vulnerability discovered at Apple, identified as CVE 202543300. This flaw, discovered by an internal Apple researcher, has already been exploited in the wild. It affects the Image IO framework, used for image processing and reading/writing image file formats. The vulnerability impacts various Apple devices, including iPads, iPhones (both old and new models), and several versions of Mac OS. Exploiting this flaw can lead to memory corruption when processing a malicious image file. Apple has patched this vulnerability with a security update, but this raises questions about the security of the Apple ecosystem, which has already had to fix seven other zero-days this year.

Next, the video addresses new legislation proposed in the United States, the "Cyber Crime Mark and Reprisal Authorization Act of 2025." This law would allow the U.S. government to issue "letters of marque and reprisal," authorizing non-governmental entities to take offensive actions against foreign cyber attackers. Historically, these letters were used to authorize maritime actions against adversaries. If enacted, this law would allow cybersecurity companies to "hack back" to recover stolen assets, prevent future attacks, and defend critical infrastructure. Although controversial, this idea is not new; in 2017, a similar law, the "Active Cyber Defense Certainty Act," was proposed to allow companies to take active defense measures.

Finally, the video introduces a new zero-day broker, Active Security Solutions, based in the United Arab Emirates. This broker is offering record rewards for zero-days, up to $20 million for an SMS-based vulnerability working on any mobile operating system, and $15 million for zero-click exploits on iOS and Android. However, little information is available about the company's origins, its leaders, or the source of its funds, raising questions about its legitimacy and intentions.

The practical implications of this information are vast. For Apple users, it is crucial to keep their devices updated to protect against zero-day vulnerabilities. For cybersecurity companies, the possibility of "hacking back" could offer new defense opportunities but also legal and ethical risks. Finally, for security researchers, the emergence of new zero-day brokers offering high rewards could incentivize the discovery of new vulnerabilities but also the potential malicious use of this information.

To learn more, watch the full video here: https://www.youtube.com/watch?v=y_bxqrNKLDo