5 month 28 Japanese news , Apple's official website released major bugs recently fixed , And thanks to the vulnerability submitter , Including 11 important high-risk vulnerabilities found by the information security team of didi US Research Institute .

Official website display , A series of loopholes discovered by didi Meiyan's information security team are 8 Involved macOS Mojave 10.14.6,macOS High Sierra
10.13.6,macOS Catalina 10.15.3,macOS Catalina 10.15.4 Bluetooth vulnerability in other system versions ,3 Involved macOS High
Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Etc WiFi loophole .


Where the number is CVE-2020-3907,CVE-2020-3908,CVE-2020-3912,CVE-2020-9831,CVE-2020-9832,CVE-2020-9833
and CVE-2020-9853
Seven vulnerabilities in can cause an attacker to read data in memory or terminate the system unexpectedly , And then the problem of kernel information leakage arises . Specifically, the existence of vulnerabilities will lead to the failure of operating system protection mechanism , If not repaired in time , Privilege escalation vulnerability will obtain important data support based on this vulnerability .

And the number is CVE-2020-3892,CVE-2020-3893,CVE-2020-3905 and CVE-2020-9834
Four vulnerabilities of can cause unauthorized local users to execute arbitrary code with the highest privileges , Install malicious application . Affected by this , Apple's operating system will be completely exposed to attackers , What's more serious , The aforementioned kernel information disclosure vulnerabilities can be perfectly matched with such vulnerabilities , Form a complete attack chain . If not repaired in time , Hundreds of millions of Apple end users' personal data may be at risk .

Due to the increasingly severe situation of network security , In today's diversified attacks , Security experts need to dig before hackers and report vulnerabilities to manufacturers to remind them to fix them , If any vulnerability is exploited by hackers , Will have serious consequences . In addition to helping the industry identify security vulnerabilities , Promote the development of network security research , Security Emergency Response Center under didi Information Security Department (DSRC) Since its establishment, it has also actively cooperated with thousands of white hats around the world to explore its own product loopholes , Risk prevention in advance , Jointly build network security , Strive to protect the information security of users .

Technology
©2019-2020 Toolsou All rights reserved,
TP6 Application examples of verifier and correct verification data ESP8266/ESP32 System : Optimize system startup time 2021 year 2 Chinese programming language ranking 2021 year 1 Monthly programmer salary statistics , average 14915 element CSS architecture design It's not depravity that's terrible , It's about knowing you're falling Gude Haowen serial - You deserve to be an engineer ( Preface ) Software testing BUG describe C Course design of language programming of 《 Student achievement management system 》vue In the project axios Global encapsulation of