Details of VAR-202010-1306

ID

VAR-202010-1306

CVE

CVE-2020-9799

TITLE

macOS Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-009671

DESCRIPTION

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. Graphics Drivers is one of the graphics driver components. A security vulnerability exists in the Graphics Drivers component of Apple macOS Catalina prior to 10.15.6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra are now available and address the following: Audio Available for: macOS Catalina 10.15.5 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9884: Yu Zhou(@yuzhou6666) of 小鸡帮 working with Trend Micro Zero Day Initiative CVE-2020-9889: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab Audio Available for: macOS Catalina 10.15.5 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9888: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab CVE-2020-9890: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab CVE-2020-9891: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab Clang Available for: macOS Catalina 10.15.5 Impact: Clang may generate machine code that does not correctly enforce pointer authentication codes Description: A logic issue was addressed with improved validation. CVE-2020-9870: Samuel Groß of Google Project Zero CoreAudio Available for: macOS High Sierra 10.13.6 Impact: A buffer overflow may result in arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2020-9866: Yu Zhou of 小鸡帮 and Jundong Xie of Ant-financial Light- Year Security Lab CoreFoundation Available for: macOS Catalina 10.15.5 Impact: A local user may be able to view sensitive user information Description: An issue existed in the handling of environment variables. CVE-2020-9934: an anonymous researcher Crash Reporter Available for: macOS Catalina 10.15.5 Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2020-9799: ABC Research s.r.o. Heimdal Available for: macOS Catalina 10.15.5 Impact: A local user may be able to leak sensitive user information Description: This issue was addressed with improved data protection. CVE-2020-9913: Cody Thomas of SpecterOps ImageIO Available for: macOS Catalina 10.15.5 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9936: Mickey Jin of Trend Micro Kernel Available for: macOS Catalina 10.15.5 Impact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel Description: A routing issue was addressed with improved restrictions. CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall Mail Available for: macOS Catalina 10.15.5 Impact: A remote attacker can cause a limited out-of-bounds write, resulting in a denial of service Description: An input validation issue was addressed. CVE-2019-19906 Messages Available for: macOS Catalina 10.15.5 Impact: A user that is removed from an iMessage group could rejoin the group Description: An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. CVE-2020-9885: an anonymous researcher, Suryansh Mansharamani, of WWP High School North (medium.com/@suryanshmansha) Model I/O Available for: macOS Catalina 10.15.5 Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2020-9864: Alexander Holodny Vim Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed with improved checks. CVE-2019-20807: Guilherme de Almeida Suckevicz Wi-Fi Available for: macOS Catalina 10.15.5 Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn) Additional recognition USB Audio We would like to acknowledge Andy Davis of NCC Group for their assistance. Installation note: macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl8PNx0ACgkQBz4uGe3y 0M3aXhAAm0hhJpdR0h7uhbtT6LkOuBAYbn0ivAbaB2wzEgZJNXBi9pwd/eL+I1tZ FsYG2Ux0P7VOXClepKzM/yi2Y9w9JZt/u5jSpps7n4/6k4JpcBT74IBF8A4iUvfQ DZcd58rTYf7PuO28ZW9FcYVhgMrN1oPheg0yr+ZaM+0wJrBfPg5STX9AwtPw5P4B aDMYGqv6EQLRiI/cj18/BnLD9kuYq2/fvO/AVjTzAGWVWmY0jpEaaHoeEgSbocNd qVpobhb8K8aK3PjfocK62hSH9DF0yBQYVsnX+bRmTDqzkWK4FXN6fG2ObiI+9ytq wJ6RPT9N5rkIsru8iqaYW6vo5eS61tCAxSgsOsWsm9+KAaBLOnrLzago3kQbtnTG SQBDDSW5w1iI/+kypdCCE67I67psSxPfrDdPU2wG3arQjnE4xm7S4eOE+9cBlKY+ bsNpFcYgShyZ6GnaJ1yVbZgR2zK97xbKYp8xbEOICeCchO1vF31hlDxsMl09UV1U eYJ3sOqBUxDpUj2vjpP9pB4ocSlHdAENL/5dyWUPlx8wjpnodRX2HsPHonjTqM4y kgwJjHI26LZWU4icKIPvl8875ksw/sCmKpVZlbF0IRPvd58ITt5rSvUTQulKqVs6 ML/l/uIf4shjBmNz0xdQlzsdctxdnPh1ge1kNfH34X4JgPWVWaM= =GCJp -----END PGP SIGNATURE-----

Trust: 1.89

sources: NVD: CVE-2020-9799 // JVNDB: JVNDB-2020-009671 // VULHUB: VHN-187924 // VULMON: CVE-2020-9799 // PACKETSTORM: 158457

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.5	Trust: 0.8

sources: JVNDB: JVNDB-2020-009671 // NVD: CVE-2020-9799

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9799
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-009671
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202007-1063
value:	HIGH
Trust: 0.6
VULHUB:	VHN-187924
value:	HIGH
Trust: 0.1
VULMON:	CVE-2020-9799
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-9799
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-009671
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-187924
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9799
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-009671
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-187924 // VULMON: CVE-2020-9799 // JVNDB: JVNDB-2020-009671 // CNNVD: CNNVD-202007-1063 // NVD: CVE-2020-9799

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.9

sources: VULHUB: VHN-187924 // JVNDB: JVNDB-2020-009671 // NVD: CVE-2020-9799

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202007-1063

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202007-1063

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-009671

PATCH

title:	HT211289	url:	https://support.apple.com/en-us/HT211289	Trust: 0.8
title:	HT211289	url:	https://support.apple.com/ja-jp/HT211289	Trust: 0.8
title:	Apple macOS Catalina Graphics Drivers Fixes for component security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124550	Trust: 0.6
title:	Apple: macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=aa30f53f014f01d7a0510a965599d2a9	Trust: 0.1
title:	-	url:	https://www.theregister.co.uk/2020/07/16/apple_july_updates/	Trust: 0.1

sources: VULMON: CVE-2020-9799 // JVNDB: JVNDB-2020-009671 // CNNVD: CNNVD-202007-1063

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9799	Trust: 2.7
db:	JVNDB	id:	JVNDB-2020-009671	Trust: 0.8
db:	CNNVD	id:	CNNVD-202007-1063	Trust: 0.7
db:	PACKETSTORM	id:	158457	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.2430	Trust: 0.6
db:	NSFOCUS	id:	50078	Trust: 0.6
db:	CNVD	id:	CNVD-2020-49315	Trust: 0.1
db:	VULHUB	id:	VHN-187924	Trust: 0.1
db:	VULMON	id:	CVE-2020-9799	Trust: 0.1

sources: VULHUB: VHN-187924 // VULMON: CVE-2020-9799 // JVNDB: JVNDB-2020-009671 // PACKETSTORM: 158457 // CNNVD: CNNVD-202007-1063 // NVD: CVE-2020-9799

REFERENCES

url:	https://support.apple.com/ht211289	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9799	Trust: 1.5
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9799	Trust: 0.8
url:	https://support.apple.com/kb/ht211289	Trust: 0.6
url:	https://packetstormsecurity.com/files/158457/apple-security-advisory-2020-07-15-2.html	Trust: 0.6
url:	https://support.apple.com/en-us/ht211289	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/50078	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2430/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/125.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/185423	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9918	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9878	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19906	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9889	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9913	Trust: 0.1
url:	https://support.apple.com/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9864	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9866	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9884	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9934	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9888	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14899	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9885	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9891	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9870	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20807	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9936	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9890	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9865	Trust: 0.1

sources: VULHUB: VHN-187924 // VULMON: CVE-2020-9799 // JVNDB: JVNDB-2020-009671 // PACKETSTORM: 158457 // CNNVD: CNNVD-202007-1063 // NVD: CVE-2020-9799

CREDITS

Apple

Trust: 0.7

sources: PACKETSTORM: 158457 // CNNVD: CNNVD-202007-1063

SOURCES

db:	VULHUB	id:	VHN-187924
db:	VULMON	id:	CVE-2020-9799
db:	JVNDB	id:	JVNDB-2020-009671
db:	PACKETSTORM	id:	158457
db:	CNNVD	id:	CNNVD-202007-1063
db:	NVD	id:	CVE-2020-9799

LAST UPDATE DATE

2024-11-23T20:52:54.813000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-187924	date:	2020-10-19T00:00:00
db:	VULMON	id:	CVE-2020-9799	date:	2020-10-19T00:00:00
db:	JVNDB	id:	JVNDB-2020-009671	date:	2020-11-27T03:54:10
db:	CNNVD	id:	CNNVD-202007-1063	date:	2021-10-29T00:00:00
db:	NVD	id:	CVE-2020-9799	date:	2024-11-21T05:41:18.337

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-187924	date:	2020-10-16T00:00:00
db:	VULMON	id:	CVE-2020-9799	date:	2020-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2020-009671	date:	2020-11-27T03:54:10
db:	PACKETSTORM	id:	158457	date:	2020-07-17T19:23:49
db:	CNNVD	id:	CNNVD-202007-1063	date:	2020-07-15T00:00:00
db:	NVD	id:	CVE-2020-9799	date:	2020-10-16T17:15:13.637