Weekly threat roundup: Apple, AMD, and Google
The most dangerous and pressing cyber security exploits from the week gone by
Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.
Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.
‘Unpatchable’ flaws in Apple’s T2 security chip
A certain iteration of Apple’s T2 security-centric co-processing unit is embedded with two critical flaws that can be exploited in combination to grant hackers full access to targeted MacOS devices.
Weekly threat roundup: Nvidia, BitLocker, and HackerOne IT Pro Panel: Why is patch management so difficult? The most popular ransomware strains targeting UK businesses
'Checkm8', originally an iPhone vulnerability, and 'Blackbird' can be exploited in the T2 security chips built on Apple’s A10 architecture, present in some, but not the newest, Macs.
The CheckM8 bug allows hackers to circumvent the activation lock, and ‘jailbreak’ targeted devices. Once this happens, the T2 chip would normally exit with a fatal error if it recognised that the Device Firmware Update (DFU) mode was enabled. With the Blackbird exploit, however, hackers are able to bypass this critical security check, and gain full root access to the device.
Alarmingly, according to Iron Peak, the core vulnerability is can't be patched through software updates as the T2 operating system is classed in read-only memory for security reasons. The bugs currently affect Mac devices shipped with Intel CPUs, and may not affect units fitted with Arm-based processors, although there’s no guarantee.
85 flaws in Android and Google Chrome
Google has released patches to fix severe bugs in both its Chrome web browser and its Android operating system this week. The firm fixed 35 flaws in the former, and more than 50 vulnerabilities in the latter.
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
With the release of Chrome 86, Google has patched a critical flaw in the browser’s payments component, tagged CVE-2020-15967. This is a use-after-free memory corruption vulnerability that would give rise to various problems, including scope for a programme to crash or the execution of arbitrary code.
The pick of the Android flaws, of which 22 were rated critical, includes two escalation of privilege bugs that exist in the core of the operating system. These two, tagged CVE-2020-0215 and CVE-2020-0416, can be exploited remotely by an attacker using a specially crafted transmission.
Common flaws in widely-used anti-malware tools
Cyberark has disclosed a series of vulnerabilities present in the widely-used products developed by many cyber security vendors, including McAfee, Kaspersky, Checkpoint and Fortinet, among others.
These bugs, of which there are at least 12, often allow hackers to execute a privilege escalation attack of the local system, with anit-virus software targeted specifically because of their high privileges. One example of an exploitable flaw is the Shared Log File bug, which is present in Avira’s antivirus software, while another is DLL hijacking, which researchers demonstrated as being exploitable in TrendMicro’s antivirus software
Cyberark has estimated that “probably every Windows machine” has had at least one software that could be abused to gain elevated privileges using file manipulation attacks.
IoT botnet Ttint exploiting unpatched Tenda routers
Attackers are exploiting two flaws in routers manufactured by Tenda to spread a remote access troject (RAT) heavily based on the Mirai malware to create a sophisticated botnet.
Two zero-day flaws tagged as CVE-2018-14558 and CVE-2020-10987, as highlighted by Netlab, are being exploited by the malware to not only create this botnet, but also conduct remote code execution attacks.
In addition to ten distributed denial of service (DDoS) attack instructions, there are also 12 different remote access methods embedded in the RAT, according to analysis. This additional functionality stands it apart from most other botnets.
When running, Ttint deletes its own files, manipulates the watchdog, and prevents an affected route from restarting. The malware also runs on a single instance by binding to the port, and modifies the process name to confuse the user. Neither flaw has been patched to date, Netlab claims.
AMD glitch that could cause BSOD
A denial-of-service vulnerability exists in AMD-manufactured graphics card drivers that may result in a user’s system to crash, and produce the dreaded blue screen of death (BSOD).
RELATED RESOURCE
How to improve cyber security for remote working
13 recommendations for security from any location
The flaw lies in the way a specially-crafted D3DKMTCreateAllocation API request may cause an out-of-bounds read and denial of service, and can be triggered from non-privileged user accounts. Cisco Talos researchers, who discovered the vulnerability, claim an attack can influence the read address when this function is triggered by modifying the payload, and cause such a system crash deliberately.
The bug, tagged as CVE-2020-12911, has been rated 7.1 on the CVSS scale, but won’t be patched until early in the first quarter of 2020.

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.
-
The NCSC wants to build an AI-powered 'Cyber Shield' to protect the UK from hackersNews The aim is to create a national, sovereign defence capability to protect government agencies and critical infrastructure
-
IBM targets data center efficiency gains with new z17 and LinuxONE offeringsNews Cost, data center footprint, and performance improvements are coming for IBM Z and LinuxONE customers
-
Hackers are posing as Interpol to target small businesses – here's what you need to knowNews Small businesses are warned to think twice before clicking on links
-
‘Every hour ransomware goes undetected drastically increases its potential blast radius’: Hackers are breaching networks and laying low for longer – and nearly half of firms don’t realize until data is stolenNews An ExtraHop survey found more intrusions are going undetected, leading to longer dwell times
-
OpenAI expands 'Daybreak' cyber program: New tools, partnerships, and a cyber-focused GPT-5.5 aim to help 'patch the world'News The company has added new tools, signed up partners, and released its GPT-5.5-Cyber model more widely
-
Ransomware cartels are fragmenting into volatile splinter groups, warns Met Police cyber chiefNews Commoditized "cyber crime bazaars" and AI data mining are forcing law enforcement to rewrite its playbook
-
AI is shrinking attack windows, and it’s forcing a complete rethink of cyber resilience – here’s how organizations can prepareNews Commvault has urged companies to improve their business continuity and resilience plans in the face of flaws spotted by AI
-
New ransomware threat group, The Gentlemen, has become one of the most active ransomware operators, accounting for 10% of all attacksNews NTT researchers warn that the RaaS group is leveraging SystemBC malware to establish covert tunnelling, evade detection, and support rapid lateral movement across enterprise environments
-
Instructure chose to a pay ransom following the Canvas cyber attack – research shows more than half of security leaders would follow suitAnalysis Opting to pay ransoms creates huge risks for enterprises – you’re relying on the word of criminals
-
Ransomware negotiator sentenced for role in major cyber crime groupNews Deniss Zolotarjovs was a key player in a group associated with Conti