Apple has released security advisories and patches for multiple products, including Safari, iOS and macOS.
Two vulnerabilities were associated with Safari 13.0.5, CVE-2020-3833 and CVE-2020-3841, effecting macOS Mojave and High Sierra and included in Catalina. CVE-2020-3833 covers an inconsistent user interface issue that could be exploited if a user visited a malicious website leading to address bar spoofing. The second flaw could allow a local user to unknowingly send an unencrypted password over the network.
There were 23 security issues with iOS 13.3.1 and iPadOS 13.3.1 covering the iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation. A memory corruption issue was addressed with improved memory handling that could have led to an attacker being able to execute arbitrary code. In Facetime an issue existed the handling of the local user’s self-view that if exploited could have caused the local user’s camera self-view to display the incorrect camera.
Updates for macOS Catalina 10.15.3, Mojave and High Sierra covered 31 vulnerabilities. This included the memory corruption issue CVE-2020-3854 that if exploited would allow an attacker to execute arbitrary code with system privileges. Another high-priority was CVE-2020-3827 covered a memory corruption issue stopping a problem where a maliciously crafted JPEG file could have lead to arbitrary code execution.
Thirteen vulnerabilities were addressed in tvOS 13.3.1 used in Apple TV 4K and Apple TV HD. Five of these were in the kernel with the impacts ranging from being able to read restricted memory, determine kernel memory layout and execute arbitrary code with kernel or system privileges.
Apple followed its traditional path not issuing any news regarding vulnerabilities until a patch has been created and issued.
Comments