Security News > 2020 > May > You, Apple Mac fan. Put down the homemade oat-milk latte, you need to patch a load of security bugs, too

You, Apple Mac fan. Put down the homemade oat-milk latte, you need to patch a load of security bugs, too
2020-05-28 15:45

Apple has alerted users about a bunch of security fixes for its software on supported versions of macOS that you ought to install as soon as you can.

The SSLab trio also found CVE-2020-9801 in Safari that can be exploited by malware already running on a Mac to force the browser to open another application.

An anonymous researcher found CVE-2020-9805, and Ryan Pickren found CVE-2020-9843, both cross-site scripting holes in the software.

Natalie Silvanovich of Google Project Zero found CVE-2019-20503, an information leak in the WebRTC component of Safari.

iOS users should have picked up security patches from earlier this month - which won't close down the arbitrary code execution hole used by a jailbreak that's doing the rounds.


News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/05/28/apple_may_updates/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-06-09 CVE-2020-9801 Unspecified vulnerability in Apple Safari
A logic issue was addressed with improved restrictions.
local
low complexity
apple
5.3
2020-06-09 CVE-2020-9805 Cross-site Scripting vulnerability in Apple products
A logic issue was addressed with improved restrictions.
network
low complexity
apple CWE-79
7.1
2020-06-09 CVE-2020-9843 Cross-site Scripting vulnerability in Apple products
An input validation issue was addressed with improved input validation.
network
low complexity
apple CWE-79
7.1
2020-03-06 CVE-2019-20503 Out-of-bounds Read vulnerability in multiple products
usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.
network
low complexity
usrsctp-project debian canonical CWE-125
6.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349