Sign-up

ID

VAR-202004-1991


CVE

CVE-2020-3881


TITLE

macOS Catalina Logic vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-003601

DESCRIPTION

A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to view sensitive user information. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. FaceTime is one of those video calling software. An information disclosure vulnerability exists in the FaceTime component of Apple macOS Catalina prior to 10.15.4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-03-24-2 macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra are now available and address the following: Apple HSSPI Support Available for: macOS Catalina 10.15.3 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-3903: Proteas of Qihoo 360 Nirvan Team AppleGraphicsControl Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed with improved state management. CVE-2020-3904: Proteas of Qihoo 360 Nirvan Team AppleMobileFileIntegrity Available for: macOS Catalina 10.15.3 Impact: An application may be able to use arbitrary entitlements Description: This issue was addressed with improved checks. CVE-2020-3883: Linus Henze (pinauten.de) Bluetooth Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-3907: Yu Wang of Didi Research America CVE-2020-3908: Yu Wang of Didi Research America CVE-2020-3912: Yu Wang of Didi Research America Bluetooth Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8853: Jianjun Dai of Qihoo 360 Alpha Lab Bluetooth Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2020-3892: Yu Wang of Didi Research America CVE-2020-3893: Yu Wang of Didi Research America CVE-2020-3905: Yu Wang of Didi Research America Call History Available for: macOS Catalina 10.15.3 Impact: A malicious application may be able to access a user's call history Description: This issue was addressed with a new entitlement. CVE-2020-9776: Benjamin Randazzo (@____benjamin) CoreFoundation Available for: macOS Catalina 10.15.3 Impact: A malicious application may be able to elevate privileges Description: A permissions issue existed. CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. CVE-2020-3881: Yuval Ron, Amichai Shulman and Eli Biham of Technion - Israel Institute of Technology Icons Available for: macOS Catalina 10.15.3 Impact: A malicious application may be able to identify what other applications a user has installed Description: The issue was addressed with improved handling of icon caches. CVE-2020-9773: Chilik Tamir of Zimperium zLabs Intel Graphics Driver Available for: macOS Catalina 10.15.3 Impact: A malicious application may disclose restricted memory Description: An information disclosure issue was addressed with improved state management. CVE-2019-14615: Wenjian HE of Hong Kong University of Science and Technology, Wei Zhang of Hong Kong University of Science and Technology, Sharad Sinha of Indian Institute of Technology Goa, and Sanjeev Das of University of North Carolina IOHIDFamily Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-3919: an anonymous researcher IOThunderboltFamily Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-3914: pattern-f (@pattern_F_) of WaCai Kernel Available for: macOS Catalina 10.15.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed with improved state management. CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team libxml2 Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with improved bounds checking. CVE-2020-3909: LGTM.com CVE-2020-3911: found by OSS-Fuzz libxml2 Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with improved size validation. CVE-2020-3910: LGTM.com Mail Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.3 Impact: A remote attacker may be able to cause arbitrary javascript code execution Description: An injection issue was addressed with improved validation. CVE-2020-3884: Apple sudo Available for: macOS Catalina 10.15.3 Impact: An attacker may be able to run commands as a non-existent user Description: This issue was addressed by updating to sudo version 1.8.31. CVE-2019-19232 TCC Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: A maliciously crafted application may be able to bypass code signing enforcement Description: A logic issue was addressed with improved restrictions. CVE-2020-3906: Patrick Wardle of Jamf Vim Available for: macOS Catalina 10.15.3 Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating to version 8.1.1850. CVE-2020-9769: Steve Hahn from LinkedIn Additional recognition CoreText We would like to acknowledge an anonymous researcher for their assistance. FireWire Audio We would like to acknowledge Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington for their assistance. FontParser We would like to acknowledge Matthew Denton of Google Chrome for their assistance. Install Framework Legacy We would like to acknowledge Pris Sears of Virginia Tech, Tom Lynch of UAL Creative Computing Institute, and an anonymous researcher for their assistance. LinkPresentation We would like to acknowledge Travis for their assistance. OpenSSH We would like to acknowledge an anonymous researcher for their assistance. rapportd We would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of Technische Universität Darmstadt for their assistance. Sidecar We would like to acknowledge Rick Backley (@rback_sec) for their assistance. Installation note: macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64 iQIcBAEDCAAGBQJeejDOAAoJEAc+Lhnt8tDNTtkP/RRnnsXeWXRjFHoRf7P+npKE Je0ZSoqv08Tgmv+Q0voSdCFZjFAqKXviVgZTGFT7LsuUWqdZEATxkB1fevt7t3Bl qXWNGpna3mGqWl6I2cWKxVOHT9fysO/31ADgFIwgOWSodvImNdp/JBpOcyRqcFJc B3TpNq8xtKSpWBVrq0TVHRWMu87VJHkGi78jAJ4x7qgXyWICf3usa9ajqYqzV99m 6/DrIH4s2Um2zJVi4YyzK0+rR2B2Q1eO8CFuzUB9D1HKCEnRXoRfALFC8v83p7cC m46CarISSrnMEYkxNhxsOGQbcMyBR3GDNZlo8/Y+Syqgwp3AKWbRFUDDM9vbCv6F z1fkWBmGftcd6G8dqO0dMAR6asglg9z2/GF/+3pZh5Mmmd7EBX+YeA84BhDTTsTs 671Af+F8OxSqgRV8qe+dbiFbD9qylM1luJD98PzoiFMO3h29fS41ofpuA6BTrdQN JPWY0NwTS11xQb11LHhXm7nF9vsrCIIspauOfkLbpCx6AWJQ/FpPyIXBYUEJ50ho NWWv4jmT+v8PSC2tSM0yMeI4OJX/+yd91uKLqzGGr1x2zshrXoMx0VDpg8HJkLfT y7CSgFrBGO8AgrcsZ6I8nDleoBsrEpLh2qEil7GexwoyUrVvfxCueW0shv4Oo4gf ZHp7Jd+FZIoCP69dNnxG =AUHy -----END PGP SIGNATURE-----

Trust: 1.8

sources: NVD: CVE-2020-3881 // JVNDB: JVNDB-2020-003601 // VULHUB: VHN-182006 // PACKETSTORM: 156894

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.15.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.3

Trust: 0.8

sources: JVNDB: JVNDB-2020-003601 // NVD: CVE-2020-3881

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3881
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-003601
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202003-1534
value: MEDIUM

Trust: 0.6

VULHUB: VHN-182006
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-3881
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003601
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-182006
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3881
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003601
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-182006 // JVNDB: JVNDB-2020-003601 // CNNVD: CNNVD-202003-1534 // NVD: CVE-2020-3881

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-182006 // JVNDB: JVNDB-2020-003601 // NVD: CVE-2020-3881

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-1534

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202003-1534

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003601

PATCH
title:HT211100url:https://support.apple.com/en-us/HT211100
Trust: 0.8
title:HT211100url:https://support.apple.com/ja-jp/HT211100
Trust: 0.8
title:Apple macOS Catalina FaceTime Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112946
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-003601 // 
            
            
            
            CNNVD: CNNVD-202003-1534

EXTERNAL IDS
db:NVDid:CVE-2020-3881
Trust: 2.6
db:JVNid:JVNVU96545608
Trust: 0.8
db:JVNDBid:JVNDB-2020-003601
Trust: 0.8
db:CNNVDid:CNNVD-202003-1534
Trust: 0.7
db:CNVDid:CNVD-2020-22472
Trust: 0.1
db:VULHUBid:VHN-182006
Trust: 0.1
db:PACKETSTORMid:156894
Trust: 0.1
sources:
            
            
            VULHUB: VHN-182006 // 
            
            
            
            JVNDB: JVNDB-2020-003601 // 
            
            
            
            PACKETSTORM: 156894 // 
            
            
            
            CNNVD: CNNVD-202003-1534 // 
            
            
            
            NVD: CVE-2020-3881

REFERENCES
url:https://support.apple.com/ht211100
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3881
Trust: 1.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3881
Trust: 0.8
url:http://jvn.jp/vu/jvnvu96545608/index.html
Trust: 0.8
url:https://support.apple.com/en-us/ht211100
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-3911
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-9769
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3883
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3903
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3851
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-19232
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-9785
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3905
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3907
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3893
Trust: 0.1
url:https://support.apple.com/downloads/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3909
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-9773
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3884
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3906
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3912
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-8853
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3908
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3914
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3910
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3892
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3919
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3913
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-9776
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-14615
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3904
Trust: 0.1
sources:
            
            
            VULHUB: VHN-182006 // 
            
            
            
            JVNDB: JVNDB-2020-003601 // 
            
            
            
            PACKETSTORM: 156894 // 
            
            
            
            CNNVD: CNNVD-202003-1534 // 
            
            
            
            NVD: CVE-2020-3881

CREDITS
Apple
Trust: 0.1
sources:
            
            
            PACKETSTORM: 156894

SOURCES
db:VULHUBid:VHN-182006
db:JVNDBid:JVNDB-2020-003601
db:PACKETSTORMid:156894
db:CNNVDid:CNNVD-202003-1534
db:NVDid:CVE-2020-3881

LAST UPDATE DATE
2024-11-23T20:36:28.765000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-182006date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2020-003601date:2020-04-21T00:00:00
db:CNNVDid:CNNVD-202003-1534date:2021-10-29T00:00:00
db:NVDid:CVE-2020-3881date:2024-11-21T05:31:53.303

SOURCES RELEASE DATE
db:VULHUBid:VHN-182006date:2020-04-01T00:00:00
db:JVNDBid:JVNDB-2020-003601date:2020-04-21T00:00:00
db:PACKETSTORMid:156894date:2020-03-25T14:22:53
db:CNNVDid:CNNVD-202003-1534date:2020-03-25T00:00:00
db:NVDid:CVE-2020-3881date:2020-04-01T18:15:15.660