Apple Patches 24 Vulnerabilities Across Product Lines

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

CVE-2020-7764
PUBLISHED: 2020-11-08

This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. It accepts the Accept-Version’ header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache poisoning attack.

CVE-2020-28340
PUBLISHED: 2020-11-08

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via Secure Folder. The Samsung ID is SVE-2020-18546 (November 2020).

CVE-2020-28341
PUBLISHED: 2020-11-08

An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos990 chipsets) software. The S3K250AF Secure Element CC EAL 5+ chip allows attackers to execute arbitrary code and obtain…

Exit mobile version