SecPod Labs Apple Security Update 27 May 2020

Apple released security updates for multiple products. A total of 59 vulnerabilities were addressed. The exploitation of some of these security flaws could allow an attacker to take control of an affected system.

The update for macOS includes fixes for 48 vulnerabilities which could allow an attacker to execute arbitrary code with kernel privileges, cause a denial of service, system termination or write kernel memory, leak memory, gain access to restricted files, bypass privacy preferences, gain elevated privileges, overwrite arbitrary files or corrupt memory.

A fix was released for dynamic library loading issue when running the installer in an untrusted directory in the Windows Migration Assistant. Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code.

A total of 10 vulnerabilities have been fixed in Apple Safari. The flaw exists while processing maliciously crafted web content. Successful exploitation may allow an attacker to execute arbitrary code.

Multiple vulnerabilities have been fixed in Apple iCloud for Windows 7 and Windows 10. Successful exploitation may allow an attacker to execute arbitrary code and may also cause a denial of service or potentially disclose memory contents.


Apple Security Updates Summary for May 2020:

macOS

  • Affected OS: macOS Catalina, Mojave, and High Sierra
  • Affected features: AirDrop, AppleMobileFileIntegrity, AppleUSBNetworking, Audio, Bluetooth, Calendar, CoreBluetooth, CVMS, DiskArbitration, Find My, FontParser, ImageIO, Intel Graphics Driver, IPSec, Kernel, Ksh, NSURL, PackageKit, Python, Sandbox, Security, SIP, SQLite, System Preferences, USB Audio, Wi-Fi, WindowServer, zsh
  • Impact: Information Disclosure, Privilege Escalation, arbitrary code execution, memory corruption
  • CVEs: CVE-2019-14868, CVE-2019-20044, CVE-2020-3878, CVE-2020-3882, CVE-2020-9771, CVE-2020-9772, CVE-2020-9788 – CVE-2020-9795, CVE-2020-9797, CVE-2020-9804, CVE-2020-9808, CVE-2020-9809, CVE-2020-9811 – CVE-2020-9817, CVE-2020-9821, CVE-2020-9822, CVE-2020-9824 – CVE-2020-9828, CVE-2020-9830 – CVE-2020-9834, CVE-2020-9837, CVE-2020-9839 – CVE-2020-9842, CVE-2020-9844, CVE-2020-9847, CVE-2020-9851, CVE-2020-9852, CVE-2020-9855 – CVE-2020-9857

Windows Migration Assistant

  • Affected OS: macOS Catalina
  • Affected features: Windows Installer
  • Impact: Arbitrary code execution
  • CVEs: CVE-2020-9858

Safari

  • Product: Safari
  • Affected OS: macOS Mojave, macOS High Sierra, and macOS Catalina
  • Affected features: WebKit, WebRTCImpact: Arbitrary code execution, Information Disclosure, Cross-Site scripting
  • CVEs: CVE-2019-20503, CVE-2020-9800 – CVE-2020-9803, CVE-2020-9805 – CVE-2020-9807, CVE-2020-9843, CVE-2020-9850

iCloud

  • Product: iCloud
  • Affected OS: Windows 7 and Windows 10
  • Affected features: ImageIO, SQLite, WebKit
  • Impact: Arbitrary Code Execution, Cross-Site scripting, Denial of service
  • CVEs: CVE-2020-3878 – CVE-2020-9790, CVE-2020-9794, CVE-2020-9800, CVE-2020-9802, CVE-2020-9803, CVE-2020-9805 – CVE-2020-9807, CVE-2020-9843, CVE-2020-9850

SecPod Saner detects these vulnerabilities and automatically fixes them by applying security updates. Download SanerNow and keep your systems updated and secure.


Summary
Author
Publisher Name
SecPod Technologies
Publisher Logo

Leave a Reply

Your email address will not be published. Required fields are marked *