Apple Security Updates Tackle iOS Device Tracking, RCE Flaws

Author Topic: Apple Security Updates Tackle iOS Device Tracking, RCE Flaws  (Read 164 times)

Offline maruf.swe

  • Sr. Member
  • ****
  • Posts: 472
  • Test
    • View Profile
Apple Security Updates Tackle iOS Device Tracking, RCE Flaws
« on: February 23, 2020, 02:17:42 PM »




Apple’s iOS 13.3.1 update includes a host of security patches and a way to turn off U1 Ultra Wideband tracking.

Apple’s latest security fixes, released Tuesday, tackle a wide range of bugs, including several patches for high-risk flaws that could allow for remote code execution (RCE). Of particular interest to privacy-minded iPhone 11 users is an iOS 13.3.1 update that allows users to turn off U1 Ultra-Wideband device tracking.

The fixes address vulnerabilities in Apple’s Xcode, watchOS, Safari, iTunes for Windows, iOS, iPadOS, macOS and tvOS. The most severe of the bugs include four RCE flaws in Apple TV’s operating system, tvOS – each rated high-severity.

Tracked as CVE-2020-3868, one tvOS RCE bug has a CVSS severity score of 8.8 out of 10, the highest among those patched Tuesday. The bug is tied to multiple memory corruption issues in Apple’s browser engine, WebKit. “By persuading a victim to visit a specially crafted website, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service,” according a description of the flaw.

For More Details : https://threatpost.com/apple-patches-ios-device-tracking/152364/