{"id":2130,"date":"2020-06-04T13:29:25","date_gmt":"2020-06-04T18:29:25","guid":{"rendered":"https:\/\/cert.pa\/?p=2130"},"modified":"2020-06-04T13:29:25","modified_gmt":"2020-06-04T18:29:25","slug":"csirt-panama-aviso-2020-06-4-apple-actualizaciones-de-vulnerabilidades-que-afectan-a-apple","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=2130","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2020-06-4 Apple: Actualizaciones de vulnerabilidades que afectan a Apple."},"content":{"rendered":"\n<p>CSIRT Panam\u00e1\nAviso 2020-06-4 Apple: Actualizaciones de vulnerabilidades que afectan a Apple.<\/p>\n\n\n\n<p>Gravedad:Media&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Vulnerabilidad: CVE-2020-3956 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Fecha\nde publicaci\u00f3n: Junio 4, 2020<br>\n\u00daltima revisi\u00f3n: Junio 4, 2020<br>\nPortal: https:\/\/support.apple.com<\/p>\n\n\n\n<p><strong>Sistemas Afectados:<\/strong><br>\nVulnerabilidades en la plataforma de Apple que afecta a sus productos: <\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Apple\nWatch Series 1 y posteriores<\/li><li>Apple\nTV 4K y Apple TV HD<\/li><li>macOS\nHigh Sierra 10.13.16<\/li><li>macOS\nCatalina 10.15.5<\/li><li>iPhone\n6s y posteriores<\/li><li>iPad\nAir 2 y posteriores<\/li><li>iPad\nMini 4 y posteriores<\/li><li>iPod\nTouch 7th generation<\/li><\/ul>\n\n\n\n<p><strong>I. Descripci\u00f3n<\/strong><br>\nActualizaci\u00f3n de seguridad que afecta a la plataforma de Apple. <\/p>\n\n\n\n<p><strong>II. Impacto<\/strong><\/p>\n\n\n\n<p>Vulnerabilidad: CVE-2020-3956<\/p>\n\n\n\n<p>El equipo de seguridad\nUnc0ver descubri\u00f3 una falla que permit\u00eda realizar jailbreaking (obtener\npermisos de administrador en el dispositivo afectado, eliminando las\nrestricciones de seguridad) en m\u00faltiples productos de la l\u00ednea de Apple.<\/p>\n\n\n\n<p>La vulnerabilidad en\nmemoria afecta al kernel de los sistemas operativos de Apple y permite que una\naplicaci\u00f3n especialmente dise\u00f1ada logre la ejecuci\u00f3n de c\u00f3digo a nivel de\nkernel, fuera del entorno de aislamiento de procesos (sandbox). La explotaci\u00f3n\ntambi\u00e9n funciona en dispositivos modernos que utilicen una CPU que admita PAC\n(Pointer Authentication Code), por lo que se puede saber que PAC no previene la\nvulnerabilidad.<\/p>\n\n\n\n<p><strong>III. Referencia a soluciones, herramientas e\ninformaci\u00f3n<\/strong><strong><\/strong><\/p>\n\n\n\n<p>Aplicar las actualizaciones publicadas (<a href=\"https:\/\/support.apple.com\/en-us\/HT201222\">https:\/\/support.apple.com\/en-us\/HT201222<\/a>) seg\u00fan el fabricante. <\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Para\nApple Watch Series 1 y posteriores, actualizar a la versi\u00f3n 6.2.6 de watchOS.<\/li><\/ul>\n\n\n\n<p>Enlace: https:\/\/support.apple.com\/en-us\/HT211217<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Para\nApple TV 4K y Apple TV HD, actualizar a la versi\u00f3n 13.4.6 de tvOS.<\/li><\/ul>\n\n\n\n<p>Enlace: https:\/\/support.apple.com\/en-us\/HT211216<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Para\nmacOS High Sierra 10.13.6 aplicar actualizaci\u00f3n de seguridad 2020-003.<\/li><\/ul>\n\n\n\n<p>Enlace: https:\/\/support.apple.com\/es-lamr\/HT211170<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Para\nmacOS Catalina 10.15.5 aplicar actualizaci\u00f3n suplemental 10.15.5.<\/li><\/ul>\n\n\n\n<p>Enlace: https:\/\/support.apple.com\/en-us\/HT211215<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Para\niPhone 6s y posteriores, iPad Air 2 y posteriores, iPad mini 4 y posteriores, e\niPod touch 7th generation, actualizar a la versi\u00f3n iOS 13.5.1 o iPadOS 13.5.1.<\/li><\/ul>\n\n\n\n<p>Enlace: https:\/\/support.apple.com\/en-us\/HT211214<\/p>\n\n\n\n<p><strong>Fuentes:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Apple\nsecurity updates. Recopilado en: https:\/\/support.apple.com\/en-us\/HT201222<\/li><li>National\nVulnerability Database. CVE-2020-3956 Detail. NIST&nbsp; GOV. Recopilado en: https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2020-3956<\/li><li>CSIRT Chile. 2 de junio del 2020. Vulnerabilidades.\nRecopilado en: https:\/\/www.csirt.gob.cl\/vulnerabilidades\/9vsa20-00231-01\/<\/li><\/ul>\n\n\n\n<p><strong>Informaci\u00f3n de contacto<\/strong><br>\nCSIRT PANAMA<br>\nComputer Security Incident Response Team Autoridad Nacional para la Innovacion\nGubernamental<br>\nE-Mail: info@cert.pa<br>\nPhone: +507 520-CERT (2378)<br>\nWeb: https:\/\/cert.pa<br>\nTwitter: @CSIRTPanama<br>\nKey ID: 16F2B124<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CSIRT Panam\u00e1 Aviso 2020-06-4 Apple: Actualizaciones de vulnerabilidades que afectan a Apple. Gravedad:Media&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Vulnerabilidad: CVE-2020-3956 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Fecha de publicaci\u00f3n: Junio 4, 2020 \u00daltima revisi\u00f3n: Junio 4, 2020 Portal: https:\/\/support.apple.com Sistemas Afectados: Vulnerabilidades en la plataforma de&#8230;<\/p>\n","protected":false},"author":4,"featured_media":373,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[32,72,80],"class_list":["post-2130","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad","tag-apple","tag-avisos-de-seguridad","tag-vulnerabilidad"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/2130","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2130"}],"version-history":[{"count":1,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/2130\/revisions"}],"predecessor-version":[{"id":2131,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/2130\/revisions\/2131"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/373"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2130"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2130"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2130"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}