Apple fixed 27 code execution vulnerabilities in a number of products

Apple released macOS Catalina 10.15.4, in which fixed 27 vulnerabilities. Problems affected components such as Bluetooth, call history, CoreFoundation, FaceTime, the kernel, libxml2, Mail, sudo, and Time Machine.

The exploitation of vulnerabilities allowed attackers to execute arbitrary code with system or kernel privileges, increase privileges on the system, and also lead to kernel memory leakage, confidential information leakage, limited memory disclosure or code signature bypass.

Vulnerabilities affected macOS Catalina 10.15.3 (CVE-2020-3903, CVE-2020-9785), but some of them were also contained in macOS High Sierra 10.13.6 and macOS Mojave 10.14.6 (CVE-2020-3904, CVE -2020-3892, CVE-2020-3893, CVE-2020-3905, CVE-2020-3919, CVE-2020-3884).

The security update for iOS 13.4 and iPadOS 13.4 includes fixes for 30 vulnerabilities in components such as ActionKit, Bluetooth, CoreFoundation, Icons, Image Processing (CVE-2020-9768), IOHIDFamily (CVE-2020-3919 core (CVE-2020-9785 ), libxml2, Mail, Mail Attachments, Messages, Safari browser, web application and WebKit. The Apple WebKit engine eliminated nine vulnerabilities, six of which allowed remote code execution (CVE-2020-3899, CVE-2020-3895, CVE-2020-3900, CVE-2020-3901, CVE-2020-9783, CVE-2020-3897).

The most severe of these vulnerabilities is a type confusion bug (CVE-2020-3897) in WebKit. Type confusion flaws arise when a piece of code doesn’t verify the type of object that is passed to it, and uses it blindly without type-checking.

A remote attacker can use this bug, but for the attack required user’s interaction, for example, the victim must visit a malicious page or open a malicious file.

“This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. The specific flaw exists within the object transition cache. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process”, — told Dustin Childs, manager with Zero Day Initiative.

With the release of tvOS 13.4, the company fixed 20 vulnerabilities in ActionKit, AppleMobileFileIntegrity, Icons, Image Processing (CVE-2020-9768), IOHIDFamily (CVE-2020-3919), kernel (CVE-2020-9785), libxml2 and WebKit (CVE- 2020-3895, CVE-2020-3900, CVE-2020-3899, CVE-2020-3901, CVE-2020-9783, CVE-2020-3897).

“Exploiting these vulnerabilities can intercept Bluetooth traffic, increase privileges, execute arbitrary code, and cause leakage of limited memory, confidential information, or unwanted interference between applications”, – Apple experts explain.

With the release of watchOS 6.2, 17 vulnerabilities were fixed in ActionKit, AppleMobileFileIntegrity, CoreFoundation, Icons, Image Processing (CVE-2020-9768), IOHIDFamily (CVE-2020-3919), kernel (CVE-2020-9785), libxml2, Messages and WebKit (CVE-2020-3895, CVE-2020-3900, CVE-2020-3901, CVE-2020-3897).

In the tradition of Apple, there is less rumors about vulnerabilities in the company’s products. However, in this way it turns out that the vendor is practically catching up with Microsoft negative news, and messages like: Vulnerability allows reading encrypted Apple Mail letters on macOS, or the OpenID Foundation stated that “Sign in with Apple” feature is not secure seriously destroy the brand’s reputation.

Most importantly: with a minimum of information, it is often unclear how malicious users are already exploiting Apple vulnerabilities.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About James Brown

Technology news writer and part-time security researcher. Author of how-to articles related to Windows computer issue solving.

Check Also

Shiny Hunters published data

Shiny Hunters hackers published user data from 18 companies for free

The Shiny Hunters hacker group has been quite active in recent months. For example, it …

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.