Details of VAR-202010-1267

ID

VAR-202010-1267

CVE

CVE-2020-9864

TITLE

macOS Catalina Logic vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-009952

DESCRIPTION

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. Security is one of the security components. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra are now available and address the following: Audio Available for: macOS Catalina 10.15.5 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9884: Yu Zhou(@yuzhou6666) of 小鸡帮 working with Trend Micro Zero Day Initiative CVE-2020-9889: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab Audio Available for: macOS Catalina 10.15.5 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9888: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab CVE-2020-9890: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab CVE-2020-9891: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab Clang Available for: macOS Catalina 10.15.5 Impact: Clang may generate machine code that does not correctly enforce pointer authentication codes Description: A logic issue was addressed with improved validation. CVE-2020-9870: Samuel Groß of Google Project Zero CoreAudio Available for: macOS High Sierra 10.13.6 Impact: A buffer overflow may result in arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2020-9866: Yu Zhou of 小鸡帮 and Jundong Xie of Ant-financial Light- Year Security Lab CoreFoundation Available for: macOS Catalina 10.15.5 Impact: A local user may be able to view sensitive user information Description: An issue existed in the handling of environment variables. CVE-2020-9934: an anonymous researcher Crash Reporter Available for: macOS Catalina 10.15.5 Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud Grpahics Drivers Available for: macOS Catalina 10.15.5 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9799: ABC Research s.r.o. Heimdal Available for: macOS Catalina 10.15.5 Impact: A local user may be able to leak sensitive user information Description: This issue was addressed with improved data protection. CVE-2020-9913: Cody Thomas of SpecterOps ImageIO Available for: macOS Catalina 10.15.5 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9936: Mickey Jin of Trend Micro Kernel Available for: macOS Catalina 10.15.5 Impact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel Description: A routing issue was addressed with improved restrictions. CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall Mail Available for: macOS Catalina 10.15.5 Impact: A remote attacker can cause a limited out-of-bounds write, resulting in a denial of service Description: An input validation issue was addressed. CVE-2019-19906 Messages Available for: macOS Catalina 10.15.5 Impact: A user that is removed from an iMessage group could rejoin the group Description: An issue existed in the handling of iMessage tapbacks. CVE-2020-9885: an anonymous researcher, Suryansh Mansharamani, of WWP High School North (medium.com/@suryanshmansha) Model I/O Available for: macOS Catalina 10.15.5 Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2020-9864: Alexander Holodny Vim Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed with improved checks. CVE-2019-20807: Guilherme de Almeida Suckevicz Wi-Fi Available for: macOS Catalina 10.15.5 Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn) Additional recognition USB Audio We would like to acknowledge Andy Davis of NCC Group for their assistance. Installation note: macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl8PNx0ACgkQBz4uGe3y 0M3aXhAAm0hhJpdR0h7uhbtT6LkOuBAYbn0ivAbaB2wzEgZJNXBi9pwd/eL+I1tZ FsYG2Ux0P7VOXClepKzM/yi2Y9w9JZt/u5jSpps7n4/6k4JpcBT74IBF8A4iUvfQ DZcd58rTYf7PuO28ZW9FcYVhgMrN1oPheg0yr+ZaM+0wJrBfPg5STX9AwtPw5P4B aDMYGqv6EQLRiI/cj18/BnLD9kuYq2/fvO/AVjTzAGWVWmY0jpEaaHoeEgSbocNd qVpobhb8K8aK3PjfocK62hSH9DF0yBQYVsnX+bRmTDqzkWK4FXN6fG2ObiI+9ytq wJ6RPT9N5rkIsru8iqaYW6vo5eS61tCAxSgsOsWsm9+KAaBLOnrLzago3kQbtnTG SQBDDSW5w1iI/+kypdCCE67I67psSxPfrDdPU2wG3arQjnE4xm7S4eOE+9cBlKY+ bsNpFcYgShyZ6GnaJ1yVbZgR2zK97xbKYp8xbEOICeCchO1vF31hlDxsMl09UV1U eYJ3sOqBUxDpUj2vjpP9pB4ocSlHdAENL/5dyWUPlx8wjpnodRX2HsPHonjTqM4y kgwJjHI26LZWU4icKIPvl8875ksw/sCmKpVZlbF0IRPvd58ITt5rSvUTQulKqVs6 ML/l/uIf4shjBmNz0xdQlzsdctxdnPh1ge1kNfH34X4JgPWVWaM= =GCJp -----END PGP SIGNATURE-----

Trust: 1.89

sources: NVD: CVE-2020-9864 // JVNDB: JVNDB-2020-009952 // VULHUB: VHN-187989 // VULMON: CVE-2020-9864 // PACKETSTORM: 158457

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.5	Trust: 0.8

sources: JVNDB: JVNDB-2020-009952 // NVD: CVE-2020-9864

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9864
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2020-009952
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202007-1055
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-187989
value:	HIGH
Trust: 0.1
VULMON:	CVE-2020-9864
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-9864
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-009952
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-187989
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9864
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-009952
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-187989 // VULMON: CVE-2020-9864 // JVNDB: JVNDB-2020-009952 // CNNVD: CNNVD-202007-1055 // NVD: CVE-2020-9864

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2020-9864

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1055

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202007-1055

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-009952

PATCH

title:	HT211289	url:	https://support.apple.com/en-us/HT211289	Trust: 0.8
title:	HT211289	url:	https://support.apple.com/ja-jp/HT211289	Trust: 0.8
title:	Apple macOS Catalina Security Fixes for component security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124546	Trust: 0.6
title:	Apple: macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=aa30f53f014f01d7a0510a965599d2a9	Trust: 0.1
title:	-	url:	https://www.theregister.co.uk/2020/07/16/apple_july_updates/	Trust: 0.1

sources: VULMON: CVE-2020-9864 // JVNDB: JVNDB-2020-009952 // CNNVD: CNNVD-202007-1055

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9864	Trust: 2.7
db:	JVN	id:	JVNVU94090210	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-009952	Trust: 0.8
db:	CNNVD	id:	CNNVD-202007-1055	Trust: 0.7
db:	PACKETSTORM	id:	158457	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.2430	Trust: 0.6
db:	NSFOCUS	id:	50067	Trust: 0.6
db:	CNVD	id:	CNVD-2020-49314	Trust: 0.1
db:	VULHUB	id:	VHN-187989	Trust: 0.1
db:	VULMON	id:	CVE-2020-9864	Trust: 0.1

sources: VULHUB: VHN-187989 // VULMON: CVE-2020-9864 // JVNDB: JVNDB-2020-009952 // PACKETSTORM: 158457 // CNNVD: CNNVD-202007-1055 // NVD: CVE-2020-9864

REFERENCES

url:	https://support.apple.com/ht211289	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9864	Trust: 1.5
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9864	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu94090210/index.html	Trust: 0.8
url:	https://support.apple.com/kb/ht211289	Trust: 0.6
url:	https://packetstormsecurity.com/files/158457/apple-security-advisory-2020-07-15-2.html	Trust: 0.6
url:	https://support.apple.com/en-us/ht211289	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/50067	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2430/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/185434	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9918	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9878	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19906	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9889	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9799	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9913	Trust: 0.1
url:	https://support.apple.com/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9866	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9884	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9934	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9888	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14899	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9885	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9891	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9870	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20807	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9936	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9890	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9865	Trust: 0.1

sources: VULHUB: VHN-187989 // VULMON: CVE-2020-9864 // JVNDB: JVNDB-2020-009952 // PACKETSTORM: 158457 // CNNVD: CNNVD-202007-1055 // NVD: CVE-2020-9864

CREDITS

Apple

Trust: 0.7

sources: PACKETSTORM: 158457 // CNNVD: CNNVD-202007-1055

SOURCES

db:	VULHUB	id:	VHN-187989
db:	VULMON	id:	CVE-2020-9864
db:	JVNDB	id:	JVNDB-2020-009952
db:	PACKETSTORM	id:	158457
db:	CNNVD	id:	CNNVD-202007-1055
db:	NVD	id:	CVE-2020-9864

LAST UPDATE DATE

2024-11-23T20:45:46.659000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-187989	date:	2020-10-20T00:00:00
db:	VULMON	id:	CVE-2020-9864	date:	2020-10-20T00:00:00
db:	JVNDB	id:	JVNDB-2020-009952	date:	2020-12-11T07:58:42
db:	CNNVD	id:	CNNVD-202007-1055	date:	2021-10-29T00:00:00
db:	NVD	id:	CVE-2020-9864	date:	2024-11-21T05:41:25.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-187989	date:	2020-10-16T00:00:00
db:	VULMON	id:	CVE-2020-9864	date:	2020-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2020-009952	date:	2020-12-11T07:58:42
db:	PACKETSTORM	id:	158457	date:	2020-07-17T19:23:49
db:	CNNVD	id:	CNNVD-202007-1055	date:	2020-07-15T00:00:00
db:	NVD	id:	CVE-2020-9864	date:	2020-10-16T17:15:15.510