Ars Technica‘s Dan Goodin:
Mozilla released an update on Tuesday that fixed a code-execution vulnerability in a JavaScript programming method known as Array.pop. On Thursday, Mozilla issued a second patch fixing a privilege-escalation flaw that allowed code to break out of a security sandbox that Firefox uses to prevent untrusted content from interacting with sensitive parts of a computer operating system.
The zero-days were exploited by unnamed hackers this week, but so far, attacks are known only to have targeted Mac users involved in cryptocurrency.
3/ We've seen no evidence of exploitation targeting customers. We were not the only crypto org targeted in this campaign. We are working to notify other orgs we believe were also targeted. We're also releasing a set of IOCs that orgs can use to evaluate their potential exposure.
— Philip Martin (@SecurityGuyPhil) June 19, 2019
As noted by Mac security expert Patrick Wardle, XProtect and Gatekeeper provided no protection in this case, as they only scan applications that have a quarantine flag set. Fortunately, this may change in macOS Catalina.
Firefox users on Mac should update the web browser to version 67.0.4 as soon as possible to keep themselves protected.
More details can be read at Ars Technica.
MacRumors: Mac News and Rumors – Mac Blog
Không có nhận xét nào:
Đăng nhận xét