Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Apple addresses four vulnerabilities in macOS

Apple this week released security updates to address a total of four vulnerabilities affecting macOS Catalina, High Sierra and Mojave. Apple on Thursday announced to have patched four vulnerabilities affecting macOS Catalina, High Sierra and Mojave. “This document describes the security content of macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave.” […]

Apple zero-day

Apple this week released security updates to address a total of four vulnerabilities affecting macOS Catalina, High Sierra and Mojave.

Apple on Thursday announced to have patched four vulnerabilities affecting macOS Catalina, High Sierra and Mojave.

“This document describes the security content of macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave.” reads the advisory published by Apple.

One of the flaws addressed by Apple is an out-of-bounds read, tracked as CVE-2020-9973, that affects the Model I/O component. The exploitation of the flaw involves the processing of a malicious USD file, it could lead to arbitrary code execution or a trigger DoS condition. This vulnerability was reported by the Cisco Talos researcher Aleksandar Nikolic and affects all versions of macOS.

The second issue addressed by Apple is an arbitrary code execution vulnerability, tracked as CVE-2020-9961, that affects the ImageIO component. The exploitation of the flaw involves the use of malicious image files. This vulnerability was reported by the researcher Xingwei Lin from Ant Group Light-Year Security Lab and affects macOS High Sierra and Mojave

The third flaw, tracked as CVE-2020-9968, affects the sandbox and can be exploited by a malicious application to access restricted files.

The issue was reported by Adam Chester of TrustedSec and affects all versions of macOS.

The fourth issue fixed in macOS, tracked as CVE-2020-9941, affects the Mail component in the High Sierra OS. The vulnerability can be exploited by a remote attacker to “unexpectedly alter application state.” The flaw was reported by researchers from the FH Münster University of Applied Sciences in Germany.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Apple)

[adrotate banner=”5″]

[adrotate banner=”13″]