November 22, 2018 By Pierluigi Paganini
Dropbox team disclosed three critical zero-day vulnerabilities in Apple macOS, chaining them it is possible to take over a Mac computer.
Dropbox team disclosed three critical zero-day vulnerabilities (CVE-2017-13890, CVE-2018-4176, CVE-2018-4175) affecting the Apple macOS operating system, an attacker could chain them to remotely execute arbitrary code on a targeted Mac computer.
The attacker only needs to trick victims into visiting a specially crafted website.
The vulnerabilities were discovered by experts at cybersecurity firm Syndis that was hired by Dropbox to carry out a penetration test on the company’s IT infrastructure,
The experts also assessed the Apple software used by Dropbox
The flaws were reported to Apple security team in February and Apple quickly addressed it with the release of March security updates.
The vulnerabilities affected all systems running the latest version of the Safari web browser and operating system.