Safari RCE Vulnerability; hackers can remotely execute code in your Apple devices

Cases of vulnerability exploitation in Apple developments are really scarce, although reports on the finding of these flaws have become very common. One of the most recent reports was submitted by the Cisco Talos vulnerability testing team, which notified the company about the finding of a security flaw in Safari browser.

The report refers to a vulnerability in the Fonts feature in some versions of the Safari browser. By using a specially crafted HTML web page, a threat actor can generate a type confusion problem, resulting in memory corruption and potential remote code execution (RCE).

The vulnerability, tracked as CVE-2020-2868, received an 8.8/10 score on the Common Vulnerability Scoring System (CVSS) scale, making it a moderate-high risk security flaw. Along with the report, Cisco Talos sent a proof of concept of the exploit.

The target application must process the HTML web page to trigger the vulnerability or, in other words, the attacker must trick the victim into visiting the malicious website and concrete the attack. The following versions of Safari were subjected to vulnerability analysis:

  • Safari version 13.0.3 (15608.    
  • Safari Technology Preview Release 96 (Safari 13.1, WebKit 15609.1.9.7)

After submitting the report to Apple, the Cisco Talos vulnerability testing team issued a series of recommendations to update the affected systems and completely mitigate the risk of exploitation. Users of these deployments are advised to install security patches (already available) as soon as possible. In case updates don’t install automatically, users can look for them in Apple official platforms.

Security risks for Apple product users have increased significantly over the last few months. Recently, the International Institute of Cyber Security (IICS) reported the detection of a malicious campaign targeting macOS users to infect them with some variant of the malware family known as Shlayer. The hackers tried to trick the victims into clicking on links to websites loaded with the malware and thus complete the infection.