28 September 2020

Apple fixed four dangerous vulnerabilities in macOS


Apple fixed four dangerous vulnerabilities in macOS

Apple has patched four vulnerabilities in macOS Catalina, High Sierra, and Mojave.

One of the vulnerabilities (CVE-2020-9973) affects the Model I / O component. Its exploitation, which includes the processing of a malicious USD file, could lead to arbitrary code execution or a DoS condition. The vulnerability affects all versions of macOS. The problem was reported by a Cisco Talos researcher, and Apple has fixed it.

Another issue (CVE-2020-9968) that also affects all versions of macOS is a sandbox vulnerability. It can be exploited by a malicious application to access restricted files. Adam Chester of TrustedSec reported his findings to Apple, and the company patched the vulnerability.

The tech giant has also patched a remote arbitrary code execution vulnerability (CVE-2020-9961) that could be exploited using malicious images. An issue discovered by Xingwei Lin of the Ant Group Light-Year Security Lab affects the ImageIO component in macOS High Sierra and Mojave.

The fourth issue (CVE-2020-9941) only affects macOS High Sierra and affects the Mail component. Its exploitation allows a remote attacker to "change the state of the application."

Back to the list

Latest Posts

Canadian steel maker Stelco temporarily halts production due to a cyber-attack

Canadian steel maker Stelco temporarily halts production due to a cyber-attack

The company did not reveal the nature of the cyber-attack, or what damage it might have caused.
27 October 2020
Cryptocurrency service 'Harvest Finance' offers $100K bounty after massive hack

Cryptocurrency service 'Harvest Finance' offers $100K bounty after massive hack

In total, the attacker stole $13 million worth of USD Coin and $11 million worth of Tether.
27 October 2020
KashmirBlack botnet targets popular CMS platforms to mine cryptocurrency, spread spam

KashmirBlack botnet targets popular CMS platforms to mine cryptocurrency, spread spam

The botnet utilizes exploits for dozens of known vulnerabilities that allow it to attack sites running CMS platforms, such as WordPress, Joomla!, Drupal, and vBulletin.
26 October 2020