Security News > 2020 > May > You, Apple Mac fan. Put down the homemade oat-milk latte, you need to patch a load of security bugs, too
Apple has alerted users about a bunch of security fixes for its software on supported versions of macOS that you ought to install as soon as you can.
The SSLab trio also found CVE-2020-9801 in Safari that can be exploited by malware already running on a Mac to force the browser to open another application.
An anonymous researcher found CVE-2020-9805, and Ryan Pickren found CVE-2020-9843, both cross-site scripting holes in the software.
Natalie Silvanovich of Google Project Zero found CVE-2019-20503, an information leak in the WebRTC component of Safari.
iOS users should have picked up security patches from earlier this month - which won't close down the arbitrary code execution hole used by a jailbreak that's doing the rounds.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/05/28/apple_may_updates/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-09 | CVE-2020-9801 | Unspecified vulnerability in Apple Safari A logic issue was addressed with improved restrictions. | 4.6 |
| 2020-06-09 | CVE-2020-9805 | Cross-site Scripting vulnerability in Apple products A logic issue was addressed with improved restrictions. | 7.1 |
| 2020-06-09 | CVE-2020-9843 | Cross-site Scripting vulnerability in Apple products An input validation issue was addressed with improved input validation. | 7.1 |
| 2020-03-06 | CVE-2019-20503 | Out-of-bounds Read vulnerability in multiple products usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init. | 6.5 |