Apple Security Updates May 2020 released security updates for multiple products. A total of 59 vulnerabilities addressed. The exploitation of some of these security flaws could allow an attacker to take control of an affected system. However, a vulnerability management tool can stop the exploitation.
The update for macOS includes fixes for 48 vulnerabilities which could allow an attacker to execute arbitrary code with kernel privileges, cause a denial of service, system termination or write kernel memory, leak memory, gain access to restricted files, bypass privacy preferences, gain elevated privileges, overwrite arbitrary files or corrupt memory. The updates include patches fixed by using a patch management tool.
A fix was released for dynamic library loading issue when running the installer in an untrusted directory in the Windows Migration Assistant. Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code.
A total of 10 vulnerabilities have been fixed in Apple Safari. The flaw exists while processing maliciously crafted web content. Successful exploitation may allow an attacker to execute arbitrary code.
Multiple vulnerabilities have been fixed in Apple iCloud for Windows 7 and Windows 10. Successful exploitation may allow an attacker to execute arbitrary code and may also cause a denial of service or potentially disclose memory contents.
Apple Security Updates Summary for May 2020:
macOS
- Affected OS: macOS Catalina, Mojave, and High Sierra
- Affected features: AirDrop, AppleMobileFileIntegrity, AppleUSBNetworking, Audio, Bluetooth, Calendar, CoreBluetooth, CVMS, DiskArbitration, Find My, FontParser, ImageIO, Intel Graphics Driver, IPSec, Kernel, Ksh, NSURL, PackageKit, Python, Sandbox, Security, SIP, SQLite, System Preferences, USB Audio, Wi-Fi, WindowServer, zsh
- Impact: Information Disclosure, Privilege Escalation, arbitrary code execution, memory corruption
- CVEs: CVE-2019-14868, CVE-2019-20044, CVE-2020-3878, CVE-2020-3882, CVE-2020-9771, CVE-2020-9772, CVE-2020-9788 – CVE-2020-9795, CVE-2020-9797, CVE-2020-9804, CVE-2020-9808, CVE-2020-9809, CVE-2020-9811 – CVE-2020-9817, CVE-2020-9821, CVE-2020-9822, CVE-2020-9824 – CVE-2020-9828, CVE-2020-9830 – CVE-2020-9834, CVE-2020-9837, CVE-2020-9839 – CVE-2020-9842, CVE-2020-9844, CVE-2020-9847, CVE-2020-9851, CVE-2020-9852 and then CVE-2020-9855 – CVE-2020-9857
- Affected OS: macOS Catalina
- Affected features: Windows Installer
- Impact: Arbitrary code execution
- CVEs: CVE-2020-9858
- Product: Safari
- Affected OS: macOS Mojave, macOS High Sierra, and macOS Catalina
- Affected features: WebKit, WebRTCImpact: Arbitrary code execution, Information Disclosure, Cross-Site scripting
- CVEs: CVE-2019-20503, CVE-2020-9800 – CVE-2020-9803, CVE-2020-9805 – CVE-2020-9807, CVE-2020-9843 and then CVE-2020-9850
- Product: iCloud
- Affected OS: Windows 7 and Windows 10
- Affected features: ImageIO, SQLite, WebKit
- Impact: Arbitrary Code Execution, Cross-Site scripting, Denial of service
- CVEs: CVE-2020-3878 – CVE-2020-9790, CVE-2020-9794, CVE-2020-9800, CVE-2020-9802, CVE-2020-9803, CVE-2020-9805 – CVE-2020-9807, CVE-2020-9843 and then CVE-2020-9850
Also, SanerNow detects these vulnerabilities and automatically fixes them by applying security updates. Furthermore, download SanerNow and keep your systems updated and secure.