Security News > 2020 > May > You, Apple Mac fan. Put down the homemade oat-milk latte, you need to patch a load of security bugs, too
Apple has alerted users about a bunch of security fixes for its software on supported versions of macOS that you ought to install as soon as you can.
The SSLab trio also found CVE-2020-9801 in Safari that can be exploited by malware already running on a Mac to force the browser to open another application.
An anonymous researcher found CVE-2020-9805, and Ryan Pickren found CVE-2020-9843, both cross-site scripting holes in the software.
Natalie Silvanovich of Google Project Zero found CVE-2019-20503, an information leak in the WebRTC component of Safari.
iOS users should have picked up security patches from earlier this month - which won't close down the arbitrary code execution hole used by a jailbreak that's doing the rounds.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/05/28/apple_may_updates/
Related news
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- 7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now (source)
- Asus lets processor security fix slip out early, AMD confirms patch in progress (source)
- Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More (source)
- Apple plugs security hole in its iThings that's already been exploited in iOS (source)
- SLAP, Apple, and FLOP: Safari, Chrome at risk of data theft on iPhone, Mac, iPad Silicon (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-09 | CVE-2020-9801 | Unspecified vulnerability in Apple Safari A logic issue was addressed with improved restrictions. | 5.3 |
| 2020-06-09 | CVE-2020-9805 | Cross-site Scripting vulnerability in Apple products A logic issue was addressed with improved restrictions. | 7.1 |
| 2020-06-09 | CVE-2020-9843 | Cross-site Scripting vulnerability in Apple products An input validation issue was addressed with improved input validation. | 7.1 |
| 2020-03-06 | CVE-2019-20503 | Out-of-bounds Read vulnerability in multiple products usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init. | 6.5 |