Your new post is loading...
Apple released fixes for various products this week, including several nasty arbitrary code execution (ACE) flaws, and a bug that has been public with proof-of-concept code for two months.
CVE-2019-8656, discovered by cybersecurity researcher Filippo Cavallarin, enabled an attacker to bypass Apple’s Gatekeeper functionality with a suitably formed Zip file. Gatekeeper is the Mac function that asks you if you want to run untrusted content downloaded from the web. Apple was supposed to have fixed this by mid-May following a 90-day responsible disclosure period, but didn’t, so Cavallarin published proof of concept code.
The fix was part of a patchfest addressing 48 separate entries in the CVE database. The patches spanned these Apple products:
iOS 12.4
tvOS 12.4 (the Apple TV operating system)
Safari browser 12.1.2
iTunes 12.9.6 for Windows
iCloud for Windows 10.6 and 7.13
watchOS 5.3
macOS Mojave 10.14.6, High Sierra, and Sierra
Many of the fixes addressed single bugs that affected multiple Apple products, showing how tightly integrated Apple’s code base is. One of the most notable was for the company’s WebKit browser engine, which it mandates for other browser vendors (Chrome is forced to use WebKit on Apple operating systems rather than its own Blink engine, for example).
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security
Apple released fixes for various products this week, including several nasty arbitrary code execution (ACE) flaws, and a bug that has been public with proof-of-concept code for two months.
CVE-2019-8656, discovered by cybersecurity researcher Filippo Cavallarin, enabled an attacker to bypass Apple’s Gatekeeper functionality with a suitably formed Zip file. Gatekeeper is the Mac function that asks you if you want to run untrusted content downloaded from the web. Apple was supposed to have fixed this by mid-May following a 90-day responsible disclosure period, but didn’t, so Cavallarin published proof of concept code.
The fix was part of a patchfest addressing 48 separate entries in the CVE database. The patches spanned these Apple products:
iOS 12.4
tvOS 12.4 (the Apple TV operating system)
Safari browser 12.1.2
iTunes 12.9.6 for Windows
iCloud for Windows 10.6 and 7.13
watchOS 5.3
macOS Mojave 10.14.6, High Sierra, and Sierra
Many of the fixes addressed single bugs that affected multiple Apple products, showing how tightly integrated Apple’s code base is. One of the most notable was for the company’s WebKit browser engine, which it mandates for other browser vendors (Chrome is forced to use WebKit on Apple operating systems rather than its own Blink engine, for example).
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security