Details of VAR-202010-1497

ID

VAR-202010-1497

CVE

CVE-2020-9986

TITLE

macOS Catalina File access vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-010032

DESCRIPTION

A file access issue existed with certain home folder files. This was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.7. A malicious application may be able to read sensitive location information. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-11-13-7 Additional information for APPLE-SA-2020-09-24-1 macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave addresses the following issues. Information about the security content is also available at https://support.apple.com/HT211849. CoreAudio Available for: macOS Catalina 10.15 Impact: Playing a malicious audio file may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2020-9986: Tim Kornhuber, Milan Stute and Alexander Heinrich of TU Darmstadt, Secure Mobile Networking Lab Entry added November 12, 2020 ImageIO Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab Entry updated November 12, 2020 libxml2 Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6 Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9981: found by OSS-Fuzz Entry added November 12, 2020 Mail Available for: macOS High Sierra 10.13.6 Impact: A remote attacker may be able to unexpectedly alter application state Description: This issue was addressed with improved checks. CVE-2020-9941: Fabian Ising of FH Münster University of Applied Sciences and Damian Poddebniak of FH Münster University of Applied Sciences Model I/O Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15 Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-10011: Aleksandar Nikolic of Cisco Talos CVE-2020-9973: Aleksandar Nikolic of Cisco Talos Entry updated November 12, 2020 Model I/O Available for: macOS Mojave 10.14.6, macOS Catalina 10.15 Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-13520: Aleksandar Nikolic of Cisco Talos Entry added November 12, 2020 Sandbox Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15 Impact: A malicious application may be able to access restricted files Description: A logic issue was addressed with improved restrictions. CVE-2020-9968: Adam Chester(@_xpn_) of TrustedSec Entry updated November 12, 2020 Additional recognition Bluetooth We would like to acknowledge Andy Davis of NCC Group for their assistance. Installation note: macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+uxoYACgkQZcsbuWJ6 jjCHdw//WLFqNbXU96dGvxxomfbZOJcbQJZNR2IfaJdfgyh7tXDM0iQ6u3pYiaE4 6ChayI2VZ7y0Aq0X8PkuIOCbin++/moGLuGrIEOYHaA9aiohD+YX9WMcKrk55B1K LBhZ9bBz2gPBzOUhVO63XW7nspS9tzhL+nyt1q4WeLbcYaLvEdV1ZJyrtQ7aBw1D RKFTKKxvOTgo+EdTq67zqWQNkTLdaz1Ls1NonDCVnd/p4M10Aa6iCUyA/q2OZFEL dmHAab1m+RBtkMCBaOXLlxQ09aBrBsJPQFRq0bH5btR1Od4GHyA+eXBmOLCggrM1 f64jsg/m9E+XgZ0OcBQ9X5Yh4kyBKw00EORGuSREAlvXl2WD87GlQzUpa53aMFf/ TjVEG79nWEWzxzNDFRPq6PXLrdbEUFizEEw0FffNPi4KjykntKtnQFJoqZiiWsSM Zmx7TI83KAdDYLusw5RYGhTb2fpfQKHLENnRpYvPC+b+pCyu+6RJC+mxHY2W9iAS K/yULJhphnQWyLO7kiiqLD1t77CDTUXNneei4WpS+L3SA7EjdcyLt/CZv4pBD2n1 /4RZXacoP1D7GabKK0DOB3tZHRqOuWa24NlkK3IzuejJJCbVhtji1yex7wU6gTW+ GEvH223424RO/8Kssd0/cgGfXQszDQLxZZIzooEUjxVcQ7tkxaI= =QB9p -----END PGP SIGNATURE-----

Trust: 1.89

sources: NVD: CVE-2020-9986 // JVNDB: JVNDB-2020-010032 // VULHUB: VHN-188111 // VULMON: CVE-2020-9986 // PACKETSTORM: 160065

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.7	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15	Trust: 0.8

sources: JVNDB: JVNDB-2020-010032 // NVD: CVE-2020-9986

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9986
value:	LOW
Trust: 1.0
NVD:	JVNDB-2020-010032
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-202010-1246
value:	LOW
Trust: 0.6
VULHUB:	VHN-188111
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-9986
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-9986
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-010032
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-188111
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9986
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-010032
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-188111 // VULMON: CVE-2020-9986 // JVNDB: JVNDB-2020-010032 // CNNVD: CNNVD-202010-1246 // NVD: CVE-2020-9986

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2020-9986

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202010-1246

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-1246

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-010032

PATCH

title:	HT211849	url:	https://support.apple.com/en-us/HT211849	Trust: 0.8
title:	HT211849	url:	https://support.apple.com/ja-jp/HT211849	Trust: 0.8
title:	Apple macOS Catalina Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131697	Trust: 0.6
title:	find-you	url:	https://github.com/positive-security/find-you	Trust: 0.1
title:	OpenHayStack	url:	https://github.com/kal1gh0st/OpenHayStack	Trust: 0.1
title:	openhaystack	url:	https://github.com/seemoo-lab/openhaystack	Trust: 0.1
title:	OpenHayStack	url:	https://github.com/T-jatesada/OpenHayStack	Trust: 0.1
title:	-	url:	https://github.com/youneselmoukhtari/airtag-zonder-Apple-s-restricties	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/apples-location-system-expose-identities/164615/	Trust: 0.1

sources: VULMON: CVE-2020-9986 // JVNDB: JVNDB-2020-010032 // CNNVD: CNNVD-202010-1246

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9986	Trust: 2.7
db:	PACKETSTORM	id:	160065	Trust: 0.8
db:	JVN	id:	JVNVU92546061	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-010032	Trust: 0.8
db:	CNNVD	id:	CNNVD-202010-1246	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3307.3	Trust: 0.6
db:	CNVD	id:	CNVD-2020-65939	Trust: 0.1
db:	VULHUB	id:	VHN-188111	Trust: 0.1
db:	VULMON	id:	CVE-2020-9986	Trust: 0.1

sources: VULHUB: VHN-188111 // VULMON: CVE-2020-9986 // JVNDB: JVNDB-2020-010032 // PACKETSTORM: 160065 // CNNVD: CNNVD-202010-1246 // NVD: CVE-2020-9986

REFERENCES

url:	http://seclists.org/fulldisclosure/2020/nov/21	Trust: 1.8
url:	https://support.apple.com/kb/ht211849	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9986	Trust: 1.5
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9986	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu92546061/index.html	Trust: 0.8
url:	https://support.apple.com/en-us/ht211849	Trust: 0.6
url:	https://packetstormsecurity.com/files/160065/apple-security-advisory-2020-11-13-7.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3307.3/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://github.com/positive-security/find-you	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/apples-location-system-expose-identities/164615/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10011	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13520	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9981	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9961	Trust: 0.1
url:	https://support.apple.com/ht211849.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9954	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://support.apple.com/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9941	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9968	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9973	Trust: 0.1

sources: VULHUB: VHN-188111 // VULMON: CVE-2020-9986 // JVNDB: JVNDB-2020-010032 // PACKETSTORM: 160065 // CNNVD: CNNVD-202010-1246 // NVD: CVE-2020-9986

CREDITS

Apple

Trust: 0.7

sources: PACKETSTORM: 160065 // CNNVD: CNNVD-202010-1246

SOURCES

db:	VULHUB	id:	VHN-188111
db:	VULMON	id:	CVE-2020-9986
db:	JVNDB	id:	JVNDB-2020-010032
db:	PACKETSTORM	id:	160065
db:	CNNVD	id:	CNNVD-202010-1246
db:	NVD	id:	CVE-2020-9986

LAST UPDATE DATE

2024-11-23T20:42:41.055000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-188111	date:	2022-05-24T00:00:00
db:	VULMON	id:	CVE-2020-9986	date:	2022-05-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-010032	date:	2020-12-17T08:43:27
db:	CNNVD	id:	CNNVD-202010-1246	date:	2021-10-29T00:00:00
db:	NVD	id:	CVE-2020-9986	date:	2024-11-21T05:41:38.880

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-188111	date:	2020-10-22T00:00:00
db:	VULMON	id:	CVE-2020-9986	date:	2020-10-22T00:00:00
db:	JVNDB	id:	JVNDB-2020-010032	date:	2020-12-17T08:43:27
db:	PACKETSTORM	id:	160065	date:	2020-11-15T15:22:22
db:	CNNVD	id:	CNNVD-202010-1246	date:	2020-10-22T00:00:00
db:	NVD	id:	CVE-2020-9986	date:	2020-10-22T19:15:15.900