This week, the Dropbox team revealed details three critical vulnerabilities in the operating system macOS. In fact, they act as a bunch of vulnerabilities that together can lead to remote code execution on an Apple computer. For the operation of these gaps is necessary only to lure a victim to a malicious web page.
Fun fact — originally, the problems detected by security specialists and information security company Syndis that Dropbox hired to conduct penetration testing of the it infrastructure of the company.
During these pentelow also checked Apple software, which is used in Dropbox.
Vulnerabilities found in February of this year, then they’ve submitted to Apple. A month later, the developers of Cupertino has released security updates that completely eliminate these problems.
According to the Dropbox team, discovered Syndis gaps affect only a family of macOS, but rather users of the Safari browser. Operation is possible only in case if a user goes to a malicious page using Safari.
These three 0-day vulnerabilities:
CVE-2017-13890 — present in component of macOS called CoreTypes. Allows Safari to automatically download and mount the image file with a specially crafted malicious web page.
CVE-2018-4176 — present in the course of processing Disk Images files.bundle. Exploitation of this breach could allow attackers to run a malicious application installed earlier drive.
CVE-2018-4175 — allows you to bypass anti-virus protection for macOS Gatekeeper, namely verifying the code signing.
Experts have published a video demonstrating the problem and showing the vector:
Read more •••