Apple has released security advisories
and patches for multiple products, including Safari, iOS and macOS.
Two vulnerabilities were
associated with Safari
13.0.5, CVE-2020-3833 and CVE-2020-3841, effecting macOS Mojave and High
Sierra and included in Catalina. CVE-2020-3833 covers an inconsistent user
interface issue that could be exploited if a user visited a malicious website
leading to address bar spoofing. The second flaw could allow a local user to
unknowingly send an unencrypted password over the network.
There were 23 security issues
with iOS 13.3.1 and iPadOS
13.3.1 covering the iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation. A memory corruption issue was addressed
with improved memory handling that could have led to an attacker being able to
execute arbitrary code. In Facetime an
issue existed the handling of the local user’s self-view that if exploited could
have caused the local user’s camera self-view to display the incorrect camera.
Updates for macOS Catalina 10.15.3, Mojave and High Sierra covered 31 vulnerabilities. This included the memory corruption issue CVE-2020-3854 that if exploited would allow an attacker to execute arbitrary code with system privileges. Another high-priority was CVE-2020-3827 covered a memory corruption issue stopping a problem where a maliciously crafted JPEG file could have lead to arbitrary code execution.
Thirteen vulnerabilities were
addressed in tvOS 13.3.1
used in Apple TV 4K and Apple TV HD. Five of these were in the kernel with the
impacts ranging from being able to read restricted memory, determine kernel
memory layout and execute arbitrary code with kernel or system privileges.
Apple followed its
traditional path not issuing any news regarding vulnerabilities until a patch
has been created and issued.
Want to read more?
Please login or register first to view this content.