Apple Patches Multiple Code Execution Flaws in Audio Components

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Apple this week released patches to address numerous vulnerabilities across its products, including five arbitrary code execution issues affecting the audio components used by its operating systems.

The five bugs were found to affect macOS Catalina, with four of them also impacting iOS and iPadOS, tvOS, and watchOS.

The first two of the flaws are CVE-2020-9884 and CVE-2020-9889, two out-of-bounds write issues, while the remaining three, namely CVE-2020-9888, CVE-2020-9890 and CVE-2020-9891, are out-of-bounds read flaws.

All of the vulnerabilities could be exploited by supplying a maliciously crafted audio file to ultimately execute arbitrary code on the affected systems.

A total of 19 issues were patched in macOS, including vulnerabilities in Clang, CoreAudio, CoreFoundation, Crash Reporter, Graphics Drivers, Heimdal, ImageIO, Kernel, Mail, Messages, Model I/O, Security, Vim, and Wi-Fi.

iOS 13.6 and iPadOS 13.6 address a total of 29 vulnerabilities, including most of those patched in macOS. The platforms also include patches for bugs in Bluetooth, GeoServices, iAP, Kernel, Safari Login AutoFill, Safari Reader, WebKit, WebKit Page Loading, WebKit Web Inspector, and Wi-Fi.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top