Apple Issues Security Updates

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

CVE-2020-15481
PUBLISHED: 2020-11-13

An issue was discovered in PassMark BurnInTest v9.1 Build 1008, OSForensics v7.1 Build 1012, and PerformanceTest v10.0 Build 1008. The kernel driver exposes IOCTL functionality that allows low-privilege users to map arbitrary physical memory into the address space of the calling process. This could …

CVE-2020-28638
PUBLISHED: 2020-11-13

ask_password in Tomb 2.0 through 2.7 returns a warning when pinentry-curses is used and $DISPLAY is non-empty, causing affected users’ files to be encrypted with "tomb {W] Detected DISPLAY, but only pinentry-curses is found." as the encryption key.

CVE-2020-5796
PUBLISHED: 2020-11-13

Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges.

CVE-2020-6157
PUBLISHED: 2020-11-13

Opera Touch for iOS before version 2.4.5 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing sensitiv…

CVE-2020-12338
PUBLISHED: 2020-11-13

Insufficient control flow management in the Open WebRTC Toolkit before version 4.3.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Share this post

Share on facebook
Share on linkedin
Share on print
Share on email

Subscribe to our Monthly Cyber Security Digest

Get monthly content to keep you up to date on the latest news and tips