Talos threat intelligence and research department in Cisco identified several critical severity use-after-free liabilities that can be manipulated for remote code execution. It needs to be done by making the targeted end-user access specifically developed webpages that use WebKit. As per Talos, the vulnerabilities were discovered and reported in the fall of 2020 and rectified with patches earlier in November. The vulnerabilities are tagged as CVE-2020-13558, CVE-2020-13543, and CVE-2020-13584.
Read More: Can enterprises safely use open-source in their identity management tech?
The WebKitGTK developers released an advisory recently, a complete-featured port of the WPE and WebKit. The report includes the deployment of low-consumption and embedded devices systems, also includes two code liabilities identified by Talos, and several other issues detected by other researchers as well.
Source: securityweek
