Apple this week released security updates to address over fifty vulnerabilities impacting macOS and Safari.
A total of 44 security flaws were fixed with the release of macOS Catalina 10.15.5, impacting components such as Accounts, AirDrop, Audio, Bluetooth, Calendar, ImageIO, Kernel, ksh, PackageKit, Sandbox, SQLite, USB Audio, Wi-Fi, and zsh, among others.
Eighteen of these vulnerabilities are specific to macOS Catalina, but many impact macOS High Sierra and macOS Mojave as well, and patches were released for those platform iterations as well.
What’s more, Apple addressed two other vulnerabilities that impact macOS Mojave only, as well as two more that affect macOS Mojave and macOS High Sierra.
The component impacted the most was Kernel, which received patches for a total of 10 vulnerabilities. Next in line was Wi-Fi, with fixes for 5 vulnerabilities.
The addressed issues could result in denial of service, the circumvention of sandbox restrictions, leak of private information, arbitrary code execution, exfiltration of user information, elevation of privilege, sandbox escape, memory leak, execution of arbitrary shell commands, and privacy preferences bypass, among others.
All these security bugs were fixed with the release of macOS Catalina 10.15.5, Security Update 2020-003 for Mojave, and Security Update 2020-003 for High Sierra.
Apple also patched 10 vulnerabilities with the rollout of Safari 13.1.1, which is now available for macOS Mojave and macOS High Sierra, and included in macOS Catalina.
The first of the bugs could result in a malicious process causing Safari to launch an application. The remaining nine flaws affect Webkit and could result in arbitrary code execution, cross-site scripting, or the disclosure of process memory.
..
Support the originator by clicking the read the rest link below.
