Earlier this week Dropbox team unveiled details of three critical vulnerabilities in Apple macOS operating system, which altogether could allow a remote attacker to execute malicious code on a targeted Mac computer just by convincing a victim into visiting a malicious web page.
The reported vulnerabilities were originally discovered by Syndis, a cybersecurity firm hired by Dropbox to conduct simulated penetration testing attacks as Red Team on the company’s IT infrastructure, including Apple software used by Dropbox.
The vulnerabilities were discovered and disclosed to Apple security team in February this year, which were then patched by Apple just over one month later with the release of its March security updates. DropBox applauded Apple for its quick response to its bug report.
According to DropBox, the vulnerabilities discovered by Syndis didn’t just affect its macOS fleet, but also affected all Safari users running the latest version of the web browser and operating system at the time.
images from Hacker News