Now on Demand: CISO Forum Virtual Summit - All Sessions Available to Watch Instantly
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Apple Patches Tens of Code Execution Vulnerabilities in macOS

Updates released this week by Apple for its macOS operating systems patch a total of 59 vulnerabilities, including roughly 30 that could lead to the execution of arbitrary code.

Updates released this week by Apple for its macOS operating systems patch a total of 59 vulnerabilities, including roughly 30 that could lead to the execution of arbitrary code.

An attacker able to exploit the most severe of these issues would execute code within the context of the application, with the same privileges as the current user. Some of the bugs, Apple explains in its advisory, could be exploited to execute code with system or kernel privileges.

macOS Big Sur 11.1, Security Update 2020-001 for Catalina, and Security Update 2020-007 for Mojave address flaws in components such as Audio, App Store, Bluetooth, CoreAudio, FontParser, Graphics Drivers, Kernel, ImageIO, Intel Graphics Driver, libxml2, Ruby, WebRTC, and Wi-Fi.

Components that were affected the most are ImageIO (eight flaws, six resulting in arbitrary code execution), FontParser (seven vulnerabilities, six leading to arbitrary code execution), and Kernel (seven bugs, three resulting in applications being able to execute arbitrary code with kernel privileges).

Apple says many of the issues were corrected via improved input validation. Improved state management, improved checks and bounds checking, and other similar enhancements were used to address remaining flaws.

This week, Apple also released updates for tvOS and watchOS, to resolve 9 and 10 vulnerabilities in each, respectively. Just as with the release of iOS 14.3 and iPadOS 14.3, these updates are meant to fix arbitrary code execution, memory disclosure, heap corruption, and authentication policy violation flaws.

The company also patched vulnerabilities with the release of macOS Server 5.11 (open redirect/cross-site scripting in Profile Manager), Safari 14.0.2 (arbitrary code execution in WebRTC), iOS 12.5 (authentication policy violation in Security), and watchOS 6.3 (authentication policy violation in Security).

In an advisory, the Multi-State Information Sharing and Analysis Center (MS-ISAC) notes that there are no reports of the addressed vulnerabilities being exploited in live attacks.

Advertisement. Scroll to continue reading.

Related: Apple to Press Ahead on Mobile Privacy, Despite Facebook Protests

Related: Researchers Get Big Bounties From Apple For Critical Vulnerabilities

Related: Apple Patches Four Vulnerabilities in macOS

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Secure enterprise browser provider Menlo Security has appointed Bill Robbins as President.

Erik Rolf has joined Booz Allen Hamilton as the Business Information Security Officer (BISO) of Commercial Sector.

Gant Redmon has joined Trustle as its new Chief Executive Officer and Board Director.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.