5 month 28 Japanese news , Apple's official website released major bugs recently fixed , And thanks to the vulnerability submitter , Including 11 important high-risk vulnerabilities found by the information security team of didi US Research Institute .
Official website display , A series of loopholes discovered by didi Meiyan's information security team are 8 Involved macOS Mojave 10.14.6,macOS High Sierra
10.13.6,macOS Catalina 10.15.3,macOS Catalina 10.15.4 Bluetooth vulnerability in other system versions ,3 Involved macOS High
Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Etc WiFi loophole .
Where the number is CVE-2020-3907,CVE-2020-3908,CVE-2020-3912,CVE-2020-9831,CVE-2020-9832,CVE-2020-9833
Seven vulnerabilities in can cause an attacker to read data in memory or terminate the system unexpectedly , And then the problem of kernel information leakage arises . Specifically, the existence of vulnerabilities will lead to the failure of operating system protection mechanism , If not repaired in time , Privilege escalation vulnerability will obtain important data support based on this vulnerability .
And the number is CVE-2020-3892,CVE-2020-3893,CVE-2020-3905 and CVE-2020-9834
Four vulnerabilities of can cause unauthorized local users to execute arbitrary code with the highest privileges , Install malicious application . Affected by this , Apple's operating system will be completely exposed to attackers , What's more serious , The aforementioned kernel information disclosure vulnerabilities can be perfectly matched with such vulnerabilities , Form a complete attack chain . If not repaired in time , Hundreds of millions of Apple end users' personal data may be at risk .
Due to the increasingly severe situation of network security , In today's diversified attacks , Security experts need to dig before hackers and report vulnerabilities to manufacturers to remind them to fix them , If any vulnerability is exploited by hackers , Will have serious consequences . In addition to helping the industry identify security vulnerabilities , Promote the development of network security research , Security Emergency Response Center under didi Information Security Department （DSRC） Since its establishment, it has also actively cooperated with thousands of white hats around the world to explore its own product loopholes , Risk prevention in advance , Jointly build network security , Strive to protect the information security of users .