47 matches found
CVE-2020-9975
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute...
CVE-2020-9955
CVE-2020-9955 is an ImageIO out-of-bounds write vulnerability in Apple platforms. Apple reports that processing a maliciously crafted image may lead to arbitrary code execution. Concrete details across connected sources show the issue affecting ImageIO on iOS 14.0 / iPadOS 14.0, tvOS 14.0, watchO...
Utah's ‘Porn Filter’ Law Passes the State Legislature
Plus: An iOS 14 jailbreak is out, Solarwinds details emerge, and more of the week's top security news...
Apple Fixes One of the iPhone's Most Pressing Security Risks
By hardening iMessage in iOS 14, the company has effectively cut off what had been an increasingly popular line of attack...
Apple iOS 14 Thwarts iMessage Attacks With BlastDoor System
In an effort to prevent attacks from being launched via its iMessage feature, Apple has debuted a security service called BlastDoor in iOS 14, its current mobile operating system version. First detailed in an analysis this week by Google Project Zero’s Samuel Groß, BlastDoor acts as a “tightly...
New iMessage Security Features
Apple has added added security features to mitigate the risk of zero-click iMessage attacks. Apple did not document the changes but Groß said he fiddled around with the newest iOS 14 and found that Apple shipped a "significant refactoring of iMessage processing" that severely cripples the usual...
Google uncovers new iOS security feature Apple quietly added after zero-day attacks
Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app. Dubbed "BlastDoor," the improved sandbox system for iMessage data was...
A Look at iMessage in iOS 14
Posted By Samuel Groß, Project Zero On December 20, Citizenlab published “The Great iPwn”, detailing how “Journalists were Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit”. Of particular interest is the following note: “We do not believe that the exploit works against iOS 14 and...
CVE-2020-9996
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to elevate privileges...
CVE-2020-9963
The issue was addressed with improved handling of icon caches. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious app may be able to determine the existence of files on the computer...
CVE-2020-9969
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A local user may be able to view senstive user information...
CVE-2020-9944
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to read restricted memory...
Input validation
A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to determine a user's open tabs in Safari...
CVE-2020-9969
CVE-2020-9969 affects macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. Description from Apple Security Advisories shows an access issue that allowed a local user to view sensitive information, addressed by applying additional sandbox restrictions. The remediation is upgradi...
PT-2020-20913 · Apple · Macos Big Sur +4
Name of the Vulnerable Software and Affected Versions: macOS Big Sur version 11.0.1 and earlier iOS versions prior to 14.0 iPadOS versions prior to 14.0 Description: A validation issue existed in the entitlement verification, which was addressed with improved validation of the process entitlement...
Design/Logic Flaw
This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device...
CVE-2020-9992
CVE-2020-9992 affects Apple's IDE Device Support in Xcode 12.0 and iOS/iPadOS 14 (paired-device remote debugging). The vulnerability allows an attacker in a privileged network position to execute arbitrary code on a paired device during a debug session over the network. Apple addressed this by en...
CVE-2020-9992
This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device...
New Privacy Features in iOS 14
A good rundown...
MDM Enrollment Fails Consistently On iOS 14 Devices On Citrix Endpoint Management (On-Prem)
MDM Enrollment Fails Consistently On iOS 14 Devices On Citrix Endpoint Management Server On-Prem...