What's more, the bug can be potentially exploited to access files on the machine, and record from the camera and microphone, too.6. We're told this has been used by the XCSSET malware app to snoop on folks' desktops. CVE-2021-30713, spotted by Apple specialists Jamf, can be abused by a malicious application to surreptitiously take screenshots of Macs. On the priority list is, ironically, a security bypass issue with Apple's Transparency Consent and Control (TCC) mechanism that is being exploited in the wild. 'Millions' of Dell PCs will grant malware, rogue users admin-level access if asked nicely.Chrome on Windows turns on Intel, AMD chip-level defenses against malicious websites.Qualcomm Snapdragon 855 modem code flaw exposed Android smartphones to possible snooping.Microsoft emits more fixes for Exchange Server plus patches for remote-code exec holes in HTTP stack, Visual Studio.Many of flaws found and addressed in iOS and iPadOS cropped up and are fixed in macOS as well, particularly in the kernel, WebKit and Model I/O, though there are some holes unique to the desktop OS. How apt since Apple just threw its desktop operating system under the bus to save its iOS App Store. Meanwhile, macOS Big Sur 11.4, also out on Monday, includes fixes for 74 CVE-listed flaws. As such, it's advisable to apply updates as soon as possible. Trend's flaw finders reported 10 CVE issues, three of which can be exploited to achieve code execution, and a handful of memory corruption issues.Īpple doesn't report that any of these bugs are being exploited in the wild as yet, though we know how quick malware developers are at turning patches into exploits. It looks like security shop Trend Micro has been doing a deep dive into Apple's Metal I/O graphics system as well.
Bug hunters found seven CVE flaws in the browser engine, including two that would allow arbitrary code execution – meaning they can be exploited by malicious webpages to compromise iPhones and iPads – and a couple of nasty universal cross site scripting issues. The UK's National Cyber Security Centre also passed on a denial-of-service issue that could be triggered with a maliciously crafted message.Īlso on the trouble list is WebKit which, given the security update earlier this month, appears to be under serious scrutiny. Three flaws, including one spotted by Google's Project Zero, fixed in iOS 14.6 and iPadOS 14.6 can be exploited by a malicious app to run code with kernel-level privileges, allowing malicious software to completely take over the device. The iGiant has also released iOS and iPadOS 14.6, which fixes 43 CVE-listed security flaws and adding a bunch of user-friendly UI tweaks. The security flaw can also be potentially abused to access files and record video and audio from the computer. Apple has patched a hole in macOS that has been exploited by malware to secretly take screenshots on victims' Macs.
0 kommentar(er)
