But on < macOS 11.4 it wasn’t enforced at all so any app can capture your USB keyboard or most other USB devices. The macOS Catalina and Mojave security updates deliver many of the same fixes, but also additional ones such as that for CVE-2021-30731, a vulnerability that may be exploited by an unprivileged application to capture USB devices.ĭetails: Apple says entitlement (requires registration) OR running an app as root is required to capture USB.
/https://www.thespec.com/content/dam/thespec/business/2017/09/27/apple-s-new-macos-has-a-security-flaw/B823566566Z.1_20170927065045_000_G6M1V9J36.2_Gallery.jpg "apple security update closes flaw macs")
#APPLE SECURITY UPDATE CLOSES FLAW MACS CODE#
Most of these may lead to arbitrary code execution, allow malicious applications to gain root privileges, or allow a sandboxed process to circumvent sandbox restrictions.Īmong the more interesting bugs that have been splatted are multiple issues (CVE-2021-30784) that may allow a local attacker to execute code on the Apple T2 Security Chip, and two bugs (CVE-2021-30778, CVE-2021-30798) that may allow a malicious application to bypass Privacy preferences – though, as per usual, Apple has not shared any details about them. MacOS Big Sur (11.5) comes with fixes for a multitude of security issues. There is no indication that Apple has fixed any vulnerabilities that may be exploited to deliver NSO Group’s Pegasus spyware via “zero-click” iMessage attacks. Apple has released security updates for macOS Big Sur (11.5), Catalina (10.15) and Mojave (10.14), as well as iOS (14.7) and iPadOS (14.7).
0 kommentar(er)
