CVE-2020-9839

This Metasploit module exploits an arbitrary file write in cfprefsd on macOS versions 10154 and below in order to run a payload as root The CFPreferencesSetAppValue function, which is reachable from most unsandboxed processes, can be exploited with a race condition in order to overwrite an arbitrary file as root By overwriting /etc/pamd/login ...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-05-26-1 iOS 135 and iPadOS 135 iOS 135 and iPadOS 135 address the following: Accounts Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to cause a denial of service Description: A de ...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-05-26-3 macOS Catalina 10155, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra macOS Catalina 10155, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra are now available and address the following: Accounts Available for: macOS Catalina 1015 ...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-05-26-4 tvOS 1345 tvOS 1345 addresses the following: Accounts Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause a denial of service Description: A denial of service issue was addressed with improved input validation CVE-2020-9827: Jannik Lo ...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-05-26-5 watchOS 625 watchOS 625 addresses the following: Accounts Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to cause a denial of service Description: A denial of service issue was addressed with improved input validation CVE-2020-9827: Ja ...