![]() CVE-2019-8620, a Wi-Fi vulnerability that could be exploited by attackers to track devices by their WiFi MAC address.CVE-2019-8617, a flaw in the Photo Storage component that could allow a sandboxed to circumvent sandbox restrictions. ![]() CVE-2019-8626, a Mail flaw that could be triggered via a maliciously crafted message to lead to a DoS condition.One of these has also been fixed in the iOS update, along with: An EFI authentication issue that may result in users unexpectedly getting logged in to another user’s account (CVE-2019-8634).Īlso of note are two flaws in the CoreAudio component that can be triggered by the OS processing a maliciously crafted audio or movie file (CVE-2019-8592, CVE-2019-8585).A flaw in DesktopSevices that could allow a malicious application to bypass Gatekeeper checks (CVE-2019-8589).Interesting fixesĪmong the vulnerabilities fixed in macOS, there are some more unusual than others: All of them were flagged by Omer Gull of Checkpoint Research and one of them can be triggered by sending a maliciously crafted SQL query and could lead to arbitrary code execution. They also have in common fixes for four vulnerabilities affecting the SQLite component. One of these, CVE-2019-8605, could be exploited by a malicious application to execute arbitrary code with system privileges. When updated, all of those Apple devices will also receive fixes for three flaws in XNU, the OS kernel they have in common. Those are fixed in macOS, iOS, tvOS, Safari and (in a more limited number) in the watchOS update. Most of the WebKit flaws are memory corruption issues that can be triggered by processing maliciously crafted web content and could lead to arbitrary code execution. Investing research and development into quantum technology.Another month, another batch of Apple security updates that users of the firm’s computers, phones, tablets, streaming devices and smart watches will be prompted to implement.Īs per usual, WebKit – the browser engine used in Apple’s Safari browser and other products – has the most number of flaws fixed.Developing quantum-resistant encryptions to protect our data from being compromised and theft, including protections against new advancing technologies ( i.e., future quantum computer attacks) and.Promoting new efforts to educate the public on ongoing cybersecurity issues ( e.g., the National Cyber Workforce and Education Summit) and provide opportunities to individuals to join the cyber workforce ( i.e., 120-Day Cybersecurity Apprenticeship Sprint). ![]()
0 Comments
Leave a Reply. |