silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,057
Apple this week released patches to address numerous vulnerabilities across its products, including five arbitrary code execution issues affecting the audio components used by its operating systems.
The five bugs were found to affect macOS Catalina, with four of them also impacting iOS and iPadOS, tvOS, and watchOS.
The first two of the flaws are CVE-2020-9884 and CVE-2020-9889, two out-of-bounds write issues, while the remaining three, namely CVE-2020-9888, CVE-2020-9890 and CVE-2020-9891, are out-of-bounds read flaws.
All of the vulnerabilities could be exploited by supplying a maliciously crafted audio file to ultimately execute arbitrary code on the affected systems.
A total of 19 issues were patched in macOS, including vulnerabilities in Clang, CoreAudio, CoreFoundation, Crash Reporter, Graphics Drivers, Heimdal, ImageIO, Kernel, Mail, Messages, Model I/O, Security, Vim, and Wi-Fi.
iOS 13.6 and iPadOS 13.6 address a total of 29 vulnerabilities, including most of those patched in macOS. The platforms also include patches for bugs in Bluetooth, GeoServices, iAP, Kernel, Safari Login AutoFill, Safari Reader, WebKit, WebKit Page Loading, WebKit Web Inspector, and Wi-Fi.