VARIoT IoT vulnerabilities database
| VAR-202012-0780 | CVE-2020-27929 | iOS of group FaceTime Logic vulnerabilities in calls |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.4.9. A user may send video in Group FaceTime calls without knowing that they have done so. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. This vulnerability number has been assigned, and the vulnerability details will be updated soon. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-11-05-2 iOS 12.4.9
iOS 12.4.9 is now available and address the following issues.
Information about the security content is also available at
https://support.apple.com/HT211940.
CVE-2020-27929: James P (@Jam_Penn)
FontParser
Available for: iPhone 5s, iPhone 6 and 6 Plus, iPad Air, iPad mini 2
and 3, iPod touch (6th generation)
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution. Apple is aware of reports that an exploit for this
issue exists in the wild.
CVE-2020-27930: Google Project Zero
Kernel
Available for: iPhone 5s, iPhone 6 and 6 Plus, iPad Air, iPad mini 2
and 3, iPod touch (6th generation)
Impact: A malicious application may be able to disclose kernel
memory. Apple is aware of reports that an exploit for this issue
exists in the wild.
CVE-2020-27950: Google Project Zero
Kernel
Available for: iPhone 5s, iPhone 6 and 6 Plus, iPad Air, iPad mini 2
and 3, iPod touch (6th generation)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges. Apple is aware of reports that an exploit for
this issue exists in the wild.
CVE-2020-27932: Google Project Zero
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 12.4.9".
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+kfiwACgkQZcsbuWJ6
jjDngw//RguLwNx38u/bzvLSO9YOg4k1FOlRViWjznAtxG8TcFI27Bn5EJGvTCQL
Be5sAgLarhYYg29fuap/zGqURzmHAUkygmb7SBlWsEagogPDYFLfFIvwTbKuC9XX
n8v7LDAfpVKUmhPkLUuS78Gsk5RawQubYhHT7Q1I1KAixMirzQ39mH8dS6ZfRxpG
7f6qyYOP4a5kyXb7ALWZO6uZa4H1WgfMFpyk3VrEHE2s5A50zi6Lqj8IDepOSJAF
eHMvuHUU0D2Sd1od9OTHmfgBoKVN3S6VWMLyFuebtRwHIwQmVYK+IuMoDOuzmLbW
RVhqdfnCFgDoSvZmPZoFJrlTz9bURTFFN9OHPTB9aLtkAqvywcQYoljrOh+rdj/I
L680osf5g7+1K/MP265ihPMdXuVkD4g5UaMICf8PT+DSWDg77i4fI6Pf77mDU82G
ronucK6J9LPA4fD7o0Ufh4dA2swzgycSIJIJVYQT+/1ZZ+iL9Pl84YqDEnQPlqT/
QGS078jSVGWLiJ5JXTYHS6X1c2D2UJtKCCfP8kJk/dKDtwcAPcRbrvvh8dBXIC35
vy/3lR2upLnaRJPM4x7bCdilPCDOpSsMq+p/UTjB0U17LGrcU4MX5CnXfaMq5ZGi
u+QuaGhyR/9tlc/Ft9JolSNtmOV9H4w+460gBejle/iPi9R1tsE=
=bql1
-----END PGP SIGNATURE-----
| VAR-202012-0782 | CVE-2020-27932 | plural Apple Mistyped vulnerabilities in products |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to execute arbitrary code with kernel privileges. This vulnerability number has been assigned, and the vulnerability details will be updated soon. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2
iOS 14.2 and iPadOS 14.2 are now available and address the following
issues. Information about the security content is also available at
https://support.apple.com/HT211929.
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab
CallKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A user may answer two calls simultaneously without indication
they have answered a second call
Description: An issue existed in the handling of incoming calls.
CVE-2020-27925: Nick Tangri
CoreAudio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Security Light-Year Lab
CoreAudio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27909: Anonymous working with Trend Micro Zero Day
Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year
Lab
Crash Reporter
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local attacker may be able to elevate their privileges
Description: An issue existed within the path validation logic for
symlinks.
CVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan
FontParser
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution. Apple is aware of reports that an exploit for this
issue exists in the wild.
CVE-2020-27930: Google Project Zero
FontParser
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab
Foundation
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to read arbitrary files
Description: A logic issue was addressed with improved state
management.
CVE-2020-10002: James Hutchins
ImageIO
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab
IOAcceleratorFamily
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-27905: Mohamed Ghannam (@_simo36)
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to disclose kernel
memory. Apple is aware of reports that an exploit for this issue
exists in the wild.
Description: A memory initialization issue was addressed.
CVE-2020-27950: Google Project Zero
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-9974: Tommy Muir (@Muirey03)
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-10016: Alex Helie
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges. Apple is aware of reports that an exploit for
this issue exists in the wild.
CVE-2020-27932: Google Project Zero
Keyboard
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A person with physical access to an iOS device may be able to
access stored passwords without authentication
Description: An authentication issue was addressed with improved
state management.
CVE-2020-27902: Connor Ford (@connorford2)
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27917: found by OSS-Fuzz
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-27911: found by OSS-Fuzz
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27926: found by OSS-Fuzz
Logging
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local attacker may be able to elevate their privileges
Description: A path handling issue was addressed with improved
validation.
CVE-2020-10010: Tommy Muir (@Muirey03)
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-10004: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-13524: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-10011: Aleksandar Nikolic of Cisco Talos
WebKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27918: an anonymous researcher
Safari
We would like to acknowledge Gabriel Corona for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.2 and iPadOS 14.2".
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+khmUACgkQZcsbuWJ6
jjA/cxAArQHJ0PJZVPQ5gF3071ZxAlwu7iHuphiiYzM9JYskEJYymSxaRxm3mPaK
sT+1znbSDecwZLwFM5Luepkk3DHuj2sFRMZvYDfVvxvCvCob2b5ZQTsjfAimxemz
nrGFcZp/fRGSu1vG1l/wZRta3J6n1WogIvYw+belthcnJHjJ+KThmXL/iDOTRXev
KgS2K94G6tRAkgIUPuuLFnnrxHNyplzhECJXe55YBnkZxGcOBg0ZF7itF8F4q9sQ
TtnfgGxgKbkxXXGKID/ihgByEOI1iSSiiCMsKm2OoltaCB1kcOuT0PwuygRBZaDA
j+HdamnxBErgsQeTvaJPRlIEJFJgVrmr8/nHfKqxNSpF2LxDK+NTXQqo4iAHjy0j
QN4vmKueIN2j6IQmey3zwlkpao8Wg0mYNt9auWHC/S3aNCFVCEKLwUC9e74Ckbzk
5kWpUgtQsUdZDkHZRfPhEntB69KFGfaBAv+fZNewtnsVtoiqx8uxSDCsS8FY6qZL
X/wb2BKgqqmKfketffhihTKGKbBd045tyfjPd1Bodp753U6SKnhPMIQ283uHglEc
auWTj5YBeFtszLYaDvNi4DMci5olBd6n61kuSt8W+hy9vGPIREfPihsZFSGOwB53
ItcJGAqRgwlUEy4O3HUVugUXIJ3qhoHhV+SPaKcWomW3pJgzpg8=
=9YuD
-----END PGP SIGNATURE-----
| VAR-202012-0777 | CVE-2020-27925 | iOS and iPadOS Incoming call handling vulnerability in |
CVSS V2: 1.9 CVSS V3: 5.5 Severity: MEDIUM |
An issue existed in the handling of incoming calls. The issue was addressed with additional state checks. This issue is fixed in iOS 14.2 and iPadOS 14.2. A user may answer two calls simultaneously without indication they have answered a second call. This vulnerability number has been assigned, and the vulnerability details will be updated soon. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2
iOS 14.2 and iPadOS 14.2 are now available and address the following
issues. Information about the security content is also available at
https://support.apple.com/HT211929.
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab
CallKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A user may answer two calls simultaneously without indication
they have answered a second call
Description: An issue existed in the handling of incoming calls.
CVE-2020-27925: Nick Tangri
CoreAudio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Security Light-Year Lab
CoreAudio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27909: Anonymous working with Trend Micro Zero Day
Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year
Lab
Crash Reporter
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local attacker may be able to elevate their privileges
Description: An issue existed within the path validation logic for
symlinks.
CVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan
FontParser
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution. Apple is aware of reports that an exploit for this
issue exists in the wild.
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-27930: Google Project Zero
FontParser
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab
Foundation
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to read arbitrary files
Description: A logic issue was addressed with improved state
management.
CVE-2020-10002: James Hutchins
ImageIO
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab
IOAcceleratorFamily
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-27905: Mohamed Ghannam (@_simo36)
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to disclose kernel
memory. Apple is aware of reports that an exploit for this issue
exists in the wild.
CVE-2020-27950: Google Project Zero
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-9974: Tommy Muir (@Muirey03)
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-10016: Alex Helie
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges. Apple is aware of reports that an exploit for
this issue exists in the wild.
CVE-2020-27932: Google Project Zero
Keyboard
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A person with physical access to an iOS device may be able to
access stored passwords without authentication
Description: An authentication issue was addressed with improved
state management.
CVE-2020-27902: Connor Ford (@connorford2)
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27917: found by OSS-Fuzz
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-27911: found by OSS-Fuzz
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27926: found by OSS-Fuzz
Logging
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local attacker may be able to elevate their privileges
Description: A path handling issue was addressed with improved
validation.
CVE-2020-10010: Tommy Muir (@Muirey03)
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-10004: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-13524: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-10011: Aleksandar Nikolic of Cisco Talos
WebKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27918: an anonymous researcher
Safari
We would like to acknowledge Gabriel Corona for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.2 and iPadOS 14.2".
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+khmUACgkQZcsbuWJ6
jjA/cxAArQHJ0PJZVPQ5gF3071ZxAlwu7iHuphiiYzM9JYskEJYymSxaRxm3mPaK
sT+1znbSDecwZLwFM5Luepkk3DHuj2sFRMZvYDfVvxvCvCob2b5ZQTsjfAimxemz
nrGFcZp/fRGSu1vG1l/wZRta3J6n1WogIvYw+belthcnJHjJ+KThmXL/iDOTRXev
KgS2K94G6tRAkgIUPuuLFnnrxHNyplzhECJXe55YBnkZxGcOBg0ZF7itF8F4q9sQ
TtnfgGxgKbkxXXGKID/ihgByEOI1iSSiiCMsKm2OoltaCB1kcOuT0PwuygRBZaDA
j+HdamnxBErgsQeTvaJPRlIEJFJgVrmr8/nHfKqxNSpF2LxDK+NTXQqo4iAHjy0j
QN4vmKueIN2j6IQmey3zwlkpao8Wg0mYNt9auWHC/S3aNCFVCEKLwUC9e74Ckbzk
5kWpUgtQsUdZDkHZRfPhEntB69KFGfaBAv+fZNewtnsVtoiqx8uxSDCsS8FY6qZL
X/wb2BKgqqmKfketffhihTKGKbBd045tyfjPd1Bodp753U6SKnhPMIQ283uHglEc
auWTj5YBeFtszLYaDvNi4DMci5olBd6n61kuSt8W+hy9vGPIREfPihsZFSGOwB53
ItcJGAqRgwlUEy4O3HUVugUXIJ3qhoHhV+SPaKcWomW3pJgzpg8=
=9YuD
-----END PGP SIGNATURE-----
| VAR-202012-0778 | CVE-2020-27926 | plural Apple Product Free Memory Usage Vulnerability |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2. Processing maliciously crafted web content may lead to arbitrary code execution. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. This vulnerability number has been assigned, and the vulnerability details will be updated soon. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2
iOS 14.2 and iPadOS 14.2 are now available and address the following
issues. Information about the security content is also available at
https://support.apple.com/HT211929.
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab
CallKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A user may answer two calls simultaneously without indication
they have answered a second call
Description: An issue existed in the handling of incoming calls.
CVE-2020-27925: Nick Tangri
CoreAudio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Security Light-Year Lab
CoreAudio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27909: Anonymous working with Trend Micro Zero Day
Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year
Lab
Crash Reporter
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local attacker may be able to elevate their privileges
Description: An issue existed within the path validation logic for
symlinks.
CVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan
FontParser
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution. Apple is aware of reports that an exploit for this
issue exists in the wild.
CVE-2020-27930: Google Project Zero
FontParser
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab
Foundation
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to read arbitrary files
Description: A logic issue was addressed with improved state
management.
CVE-2020-10002: James Hutchins
ImageIO
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab
IOAcceleratorFamily
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-27905: Mohamed Ghannam (@_simo36)
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to disclose kernel
memory. Apple is aware of reports that an exploit for this issue
exists in the wild.
CVE-2020-27950: Google Project Zero
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-9974: Tommy Muir (@Muirey03)
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-10016: Alex Helie
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges. Apple is aware of reports that an exploit for
this issue exists in the wild.
CVE-2020-27932: Google Project Zero
Keyboard
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A person with physical access to an iOS device may be able to
access stored passwords without authentication
Description: An authentication issue was addressed with improved
state management.
CVE-2020-27902: Connor Ford (@connorford2)
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27917: found by OSS-Fuzz
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-27911: found by OSS-Fuzz
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27926: found by OSS-Fuzz
Logging
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local attacker may be able to elevate their privileges
Description: A path handling issue was addressed with improved
validation.
CVE-2020-10010: Tommy Muir (@Muirey03)
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-10004: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-13524: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-10011: Aleksandar Nikolic of Cisco Talos
WebKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27918: an anonymous researcher
Safari
We would like to acknowledge Gabriel Corona for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.2 and iPadOS 14.2".
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+khmUACgkQZcsbuWJ6
jjA/cxAArQHJ0PJZVPQ5gF3071ZxAlwu7iHuphiiYzM9JYskEJYymSxaRxm3mPaK
sT+1znbSDecwZLwFM5Luepkk3DHuj2sFRMZvYDfVvxvCvCob2b5ZQTsjfAimxemz
nrGFcZp/fRGSu1vG1l/wZRta3J6n1WogIvYw+belthcnJHjJ+KThmXL/iDOTRXev
KgS2K94G6tRAkgIUPuuLFnnrxHNyplzhECJXe55YBnkZxGcOBg0ZF7itF8F4q9sQ
TtnfgGxgKbkxXXGKID/ihgByEOI1iSSiiCMsKm2OoltaCB1kcOuT0PwuygRBZaDA
j+HdamnxBErgsQeTvaJPRlIEJFJgVrmr8/nHfKqxNSpF2LxDK+NTXQqo4iAHjy0j
QN4vmKueIN2j6IQmey3zwlkpao8Wg0mYNt9auWHC/S3aNCFVCEKLwUC9e74Ckbzk
5kWpUgtQsUdZDkHZRfPhEntB69KFGfaBAv+fZNewtnsVtoiqx8uxSDCsS8FY6qZL
X/wb2BKgqqmKfketffhihTKGKbBd045tyfjPd1Bodp753U6SKnhPMIQ283uHglEc
auWTj5YBeFtszLYaDvNi4DMci5olBd6n61kuSt8W+hy9vGPIREfPihsZFSGOwB53
ItcJGAqRgwlUEy4O3HUVugUXIJ3qhoHhV+SPaKcWomW3pJgzpg8=
=9YuD
-----END PGP SIGNATURE-----
| VAR-202012-0781 | CVE-2020-27930 | plural Apple Memory corruption vulnerability in the product |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. Processing a maliciously crafted font may lead to arbitrary code execution. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2
iOS 14.2 and iPadOS 14.2 are now available and address the following
issues. Information about the security content is also available at
https://support.apple.com/HT211929.
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab
CallKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A user may answer two calls simultaneously without indication
they have answered a second call
Description: An issue existed in the handling of incoming calls.
CVE-2020-27925: Nick Tangri
CoreAudio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Security Light-Year Lab
CoreAudio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27909: Anonymous working with Trend Micro Zero Day
Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year
Lab
Crash Reporter
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local attacker may be able to elevate their privileges
Description: An issue existed within the path validation logic for
symlinks.
CVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan
FontParser
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution. Apple is aware of reports that an exploit for this
issue exists in the wild.
CVE-2020-27930: Google Project Zero
FontParser
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab
Foundation
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to read arbitrary files
Description: A logic issue was addressed with improved state
management.
CVE-2020-10002: James Hutchins
ImageIO
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab
IOAcceleratorFamily
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-27905: Mohamed Ghannam (@_simo36)
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to disclose kernel
memory. Apple is aware of reports that an exploit for this issue
exists in the wild.
CVE-2020-27950: Google Project Zero
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-9974: Tommy Muir (@Muirey03)
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-10016: Alex Helie
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges. Apple is aware of reports that an exploit for
this issue exists in the wild.
CVE-2020-27932: Google Project Zero
Keyboard
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A person with physical access to an iOS device may be able to
access stored passwords without authentication
Description: An authentication issue was addressed with improved
state management.
CVE-2020-27902: Connor Ford (@connorford2)
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27917: found by OSS-Fuzz
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-27911: found by OSS-Fuzz
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27926: found by OSS-Fuzz
Logging
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local attacker may be able to elevate their privileges
Description: A path handling issue was addressed with improved
validation.
CVE-2020-10010: Tommy Muir (@Muirey03)
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-10004: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-13524: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-10011: Aleksandar Nikolic of Cisco Talos
WebKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27918: an anonymous researcher
Safari
We would like to acknowledge Gabriel Corona for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.2 and iPadOS 14.2".
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+khmUACgkQZcsbuWJ6
jjA/cxAArQHJ0PJZVPQ5gF3071ZxAlwu7iHuphiiYzM9JYskEJYymSxaRxm3mPaK
sT+1znbSDecwZLwFM5Luepkk3DHuj2sFRMZvYDfVvxvCvCob2b5ZQTsjfAimxemz
nrGFcZp/fRGSu1vG1l/wZRta3J6n1WogIvYw+belthcnJHjJ+KThmXL/iDOTRXev
KgS2K94G6tRAkgIUPuuLFnnrxHNyplzhECJXe55YBnkZxGcOBg0ZF7itF8F4q9sQ
TtnfgGxgKbkxXXGKID/ihgByEOI1iSSiiCMsKm2OoltaCB1kcOuT0PwuygRBZaDA
j+HdamnxBErgsQeTvaJPRlIEJFJgVrmr8/nHfKqxNSpF2LxDK+NTXQqo4iAHjy0j
QN4vmKueIN2j6IQmey3zwlkpao8Wg0mYNt9auWHC/S3aNCFVCEKLwUC9e74Ckbzk
5kWpUgtQsUdZDkHZRfPhEntB69KFGfaBAv+fZNewtnsVtoiqx8uxSDCsS8FY6qZL
X/wb2BKgqqmKfketffhihTKGKbBd045tyfjPd1Bodp753U6SKnhPMIQ283uHglEc
auWTj5YBeFtszLYaDvNi4DMci5olBd6n61kuSt8W+hy9vGPIREfPihsZFSGOwB53
ItcJGAqRgwlUEy4O3HUVugUXIJ3qhoHhV+SPaKcWomW3pJgzpg8=
=9YuD
-----END PGP SIGNATURE-----
| VAR-202012-0779 | CVE-2020-27927 | plural Apple Out-of-bounds write vulnerability in product |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted font file may lead to arbitrary code execution. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2
iOS 14.2 and iPadOS 14.2 are now available and address the following
issues. Information about the security content is also available at
https://support.apple.com/HT211929.
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab
CallKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A user may answer two calls simultaneously without indication
they have answered a second call
Description: An issue existed in the handling of incoming calls.
CVE-2020-27925: Nick Tangri
CoreAudio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Security Light-Year Lab
CoreAudio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27909: Anonymous working with Trend Micro Zero Day
Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year
Lab
Crash Reporter
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local attacker may be able to elevate their privileges
Description: An issue existed within the path validation logic for
symlinks.
CVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan
FontParser
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution. Apple is aware of reports that an exploit for this
issue exists in the wild.
CVE-2020-27930: Google Project Zero
FontParser
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab
Foundation
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to read arbitrary files
Description: A logic issue was addressed with improved state
management.
CVE-2020-10002: James Hutchins
ImageIO
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab
IOAcceleratorFamily
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-27905: Mohamed Ghannam (@_simo36)
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to disclose kernel
memory. Apple is aware of reports that an exploit for this issue
exists in the wild.
Description: A memory initialization issue was addressed.
CVE-2020-27950: Google Project Zero
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-9974: Tommy Muir (@Muirey03)
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-10016: Alex Helie
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges. Apple is aware of reports that an exploit for
this issue exists in the wild.
CVE-2020-27932: Google Project Zero
Keyboard
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A person with physical access to an iOS device may be able to
access stored passwords without authentication
Description: An authentication issue was addressed with improved
state management.
CVE-2020-27902: Connor Ford (@connorford2)
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27917: found by OSS-Fuzz
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-27911: found by OSS-Fuzz
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27926: found by OSS-Fuzz
Logging
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local attacker may be able to elevate their privileges
Description: A path handling issue was addressed with improved
validation.
CVE-2020-10010: Tommy Muir (@Muirey03)
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-10004: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-13524: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-10011: Aleksandar Nikolic of Cisco Talos
WebKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27918: an anonymous researcher
Safari
We would like to acknowledge Gabriel Corona for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.2 and iPadOS 14.2".
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+khmUACgkQZcsbuWJ6
jjA/cxAArQHJ0PJZVPQ5gF3071ZxAlwu7iHuphiiYzM9JYskEJYymSxaRxm3mPaK
sT+1znbSDecwZLwFM5Luepkk3DHuj2sFRMZvYDfVvxvCvCob2b5ZQTsjfAimxemz
nrGFcZp/fRGSu1vG1l/wZRta3J6n1WogIvYw+belthcnJHjJ+KThmXL/iDOTRXev
KgS2K94G6tRAkgIUPuuLFnnrxHNyplzhECJXe55YBnkZxGcOBg0ZF7itF8F4q9sQ
TtnfgGxgKbkxXXGKID/ihgByEOI1iSSiiCMsKm2OoltaCB1kcOuT0PwuygRBZaDA
j+HdamnxBErgsQeTvaJPRlIEJFJgVrmr8/nHfKqxNSpF2LxDK+NTXQqo4iAHjy0j
QN4vmKueIN2j6IQmey3zwlkpao8Wg0mYNt9auWHC/S3aNCFVCEKLwUC9e74Ckbzk
5kWpUgtQsUdZDkHZRfPhEntB69KFGfaBAv+fZNewtnsVtoiqx8uxSDCsS8FY6qZL
X/wb2BKgqqmKfketffhihTKGKbBd045tyfjPd1Bodp753U6SKnhPMIQ283uHglEc
auWTj5YBeFtszLYaDvNi4DMci5olBd6n61kuSt8W+hy9vGPIREfPihsZFSGOwB53
ItcJGAqRgwlUEy4O3HUVugUXIJ3qhoHhV+SPaKcWomW3pJgzpg8=
=9YuD
-----END PGP SIGNATURE-----
| VAR-202012-0762 | CVE-2020-27917 | plural Apple Product Free Memory Usage Vulnerability |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to code execution. This vulnerability number has been assigned, and the vulnerability details will be updated soon. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2
iOS 14.2 and iPadOS 14.2 are now available and address the following
issues. Information about the security content is also available at
https://support.apple.com/HT211929.
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab
CallKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A user may answer two calls simultaneously without indication
they have answered a second call
Description: An issue existed in the handling of incoming calls.
CVE-2020-27925: Nick Tangri
CoreAudio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Security Light-Year Lab
CoreAudio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27909: Anonymous working with Trend Micro Zero Day
Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year
Lab
Crash Reporter
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local attacker may be able to elevate their privileges
Description: An issue existed within the path validation logic for
symlinks.
CVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan
FontParser
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution. Apple is aware of reports that an exploit for this
issue exists in the wild.
CVE-2020-27930: Google Project Zero
FontParser
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab
Foundation
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to read arbitrary files
Description: A logic issue was addressed with improved state
management.
CVE-2020-10002: James Hutchins
ImageIO
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab
IOAcceleratorFamily
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-27905: Mohamed Ghannam (@_simo36)
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to disclose kernel
memory. Apple is aware of reports that an exploit for this issue
exists in the wild.
CVE-2020-27950: Google Project Zero
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-9974: Tommy Muir (@Muirey03)
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-10016: Alex Helie
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges. Apple is aware of reports that an exploit for
this issue exists in the wild.
CVE-2020-27932: Google Project Zero
Keyboard
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A person with physical access to an iOS device may be able to
access stored passwords without authentication
Description: An authentication issue was addressed with improved
state management.
CVE-2020-27902: Connor Ford (@connorford2)
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27917: found by OSS-Fuzz
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-27911: found by OSS-Fuzz
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27926: found by OSS-Fuzz
Logging
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local attacker may be able to elevate their privileges
Description: A path handling issue was addressed with improved
validation.
CVE-2020-10010: Tommy Muir (@Muirey03)
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-10004: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-13524: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-10011: Aleksandar Nikolic of Cisco Talos
WebKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27918: an anonymous researcher
Safari
We would like to acknowledge Gabriel Corona for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.2 and iPadOS 14.2".
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+khmUACgkQZcsbuWJ6
jjA/cxAArQHJ0PJZVPQ5gF3071ZxAlwu7iHuphiiYzM9JYskEJYymSxaRxm3mPaK
sT+1znbSDecwZLwFM5Luepkk3DHuj2sFRMZvYDfVvxvCvCob2b5ZQTsjfAimxemz
nrGFcZp/fRGSu1vG1l/wZRta3J6n1WogIvYw+belthcnJHjJ+KThmXL/iDOTRXev
KgS2K94G6tRAkgIUPuuLFnnrxHNyplzhECJXe55YBnkZxGcOBg0ZF7itF8F4q9sQ
TtnfgGxgKbkxXXGKID/ihgByEOI1iSSiiCMsKm2OoltaCB1kcOuT0PwuygRBZaDA
j+HdamnxBErgsQeTvaJPRlIEJFJgVrmr8/nHfKqxNSpF2LxDK+NTXQqo4iAHjy0j
QN4vmKueIN2j6IQmey3zwlkpao8Wg0mYNt9auWHC/S3aNCFVCEKLwUC9e74Ckbzk
5kWpUgtQsUdZDkHZRfPhEntB69KFGfaBAv+fZNewtnsVtoiqx8uxSDCsS8FY6qZL
X/wb2BKgqqmKfketffhihTKGKbBd045tyfjPd1Bodp753U6SKnhPMIQ283uHglEc
auWTj5YBeFtszLYaDvNi4DMci5olBd6n61kuSt8W+hy9vGPIREfPihsZFSGOwB53
ItcJGAqRgwlUEy4O3HUVugUXIJ3qhoHhV+SPaKcWomW3pJgzpg8=
=9YuD
-----END PGP SIGNATURE-----
| VAR-202012-0757 | CVE-2020-27909 | plural Apple Out-of-bounds read vulnerability in product |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the AudioCodecs module. Crafted data in an MP4 file can trigger a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2
iOS 14.2 and iPadOS 14.2 are now available and address the following
issues. Information about the security content is also available at
https://support.apple.com/HT211929.
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab
CallKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A user may answer two calls simultaneously without indication
they have answered a second call
Description: An issue existed in the handling of incoming calls. The
issue was addressed with additional state checks.
CVE-2020-27925: Nick Tangri
CoreAudio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Security Light-Year Lab
CoreAudio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27909: Anonymous working with Trend Micro Zero Day
Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year
Lab
Crash Reporter
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local attacker may be able to elevate their privileges
Description: An issue existed within the path validation logic for
symlinks.
CVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan
FontParser
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution. Apple is aware of reports that an exploit for this
issue exists in the wild.
CVE-2020-27930: Google Project Zero
FontParser
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab
Foundation
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to read arbitrary files
Description: A logic issue was addressed with improved state
management.
CVE-2020-10002: James Hutchins
ImageIO
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab
IOAcceleratorFamily
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-27905: Mohamed Ghannam (@_simo36)
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to disclose kernel
memory. Apple is aware of reports that an exploit for this issue
exists in the wild.
Description: A memory initialization issue was addressed.
CVE-2020-27950: Google Project Zero
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-9974: Tommy Muir (@Muirey03)
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-10016: Alex Helie
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges. Apple is aware of reports that an exploit for
this issue exists in the wild.
Description: A type confusion issue was addressed with improved state
handling.
CVE-2020-27932: Google Project Zero
Keyboard
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A person with physical access to an iOS device may be able to
access stored passwords without authentication
Description: An authentication issue was addressed with improved
state management.
CVE-2020-27902: Connor Ford (@connorford2)
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27917: found by OSS-Fuzz
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-27911: found by OSS-Fuzz
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27926: found by OSS-Fuzz
Logging
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local attacker may be able to elevate their privileges
Description: A path handling issue was addressed with improved
validation.
CVE-2020-10010: Tommy Muir (@Muirey03)
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-10004: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-13524: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-10011: Aleksandar Nikolic of Cisco Talos
WebKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27918: an anonymous researcher
Safari
We would like to acknowledge Gabriel Corona for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.2 and iPadOS 14.2".
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+khmUACgkQZcsbuWJ6
jjA/cxAArQHJ0PJZVPQ5gF3071ZxAlwu7iHuphiiYzM9JYskEJYymSxaRxm3mPaK
sT+1znbSDecwZLwFM5Luepkk3DHuj2sFRMZvYDfVvxvCvCob2b5ZQTsjfAimxemz
nrGFcZp/fRGSu1vG1l/wZRta3J6n1WogIvYw+belthcnJHjJ+KThmXL/iDOTRXev
KgS2K94G6tRAkgIUPuuLFnnrxHNyplzhECJXe55YBnkZxGcOBg0ZF7itF8F4q9sQ
TtnfgGxgKbkxXXGKID/ihgByEOI1iSSiiCMsKm2OoltaCB1kcOuT0PwuygRBZaDA
j+HdamnxBErgsQeTvaJPRlIEJFJgVrmr8/nHfKqxNSpF2LxDK+NTXQqo4iAHjy0j
QN4vmKueIN2j6IQmey3zwlkpao8Wg0mYNt9auWHC/S3aNCFVCEKLwUC9e74Ckbzk
5kWpUgtQsUdZDkHZRfPhEntB69KFGfaBAv+fZNewtnsVtoiqx8uxSDCsS8FY6qZL
X/wb2BKgqqmKfketffhihTKGKbBd045tyfjPd1Bodp753U6SKnhPMIQ283uHglEc
auWTj5YBeFtszLYaDvNi4DMci5olBd6n61kuSt8W+hy9vGPIREfPihsZFSGOwB53
ItcJGAqRgwlUEy4O3HUVugUXIJ3qhoHhV+SPaKcWomW3pJgzpg8=
=9YuD
-----END PGP SIGNATURE-----
| VAR-202012-0752 | CVE-2020-27902 | iOS and iPadOS Authentication vulnerabilities in |
CVSS V2: 2.1 CVSS V3: 4.6 Severity: MEDIUM |
An authentication issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2. A person with physical access to an iOS device may be able to access stored passwords without authentication. This vulnerability number has been assigned, and the vulnerability details will be updated soon. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2
iOS 14.2 and iPadOS 14.2 are now available and address the following
issues. Information about the security content is also available at
https://support.apple.com/HT211929.
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab
CallKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A user may answer two calls simultaneously without indication
they have answered a second call
Description: An issue existed in the handling of incoming calls.
CVE-2020-27925: Nick Tangri
CoreAudio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Security Light-Year Lab
CoreAudio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27909: Anonymous working with Trend Micro Zero Day
Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year
Lab
Crash Reporter
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local attacker may be able to elevate their privileges
Description: An issue existed within the path validation logic for
symlinks.
CVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan
FontParser
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution. Apple is aware of reports that an exploit for this
issue exists in the wild.
CVE-2020-27930: Google Project Zero
FontParser
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab
Foundation
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to read arbitrary files
Description: A logic issue was addressed with improved state
management.
CVE-2020-10002: James Hutchins
ImageIO
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab
IOAcceleratorFamily
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-27905: Mohamed Ghannam (@_simo36)
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to disclose kernel
memory. Apple is aware of reports that an exploit for this issue
exists in the wild.
CVE-2020-27950: Google Project Zero
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-9974: Tommy Muir (@Muirey03)
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-10016: Alex Helie
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges. Apple is aware of reports that an exploit for
this issue exists in the wild.
CVE-2020-27902: Connor Ford (@connorford2)
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27917: found by OSS-Fuzz
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-27911: found by OSS-Fuzz
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27926: found by OSS-Fuzz
Logging
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local attacker may be able to elevate their privileges
Description: A path handling issue was addressed with improved
validation.
CVE-2020-10010: Tommy Muir (@Muirey03)
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-10004: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-13524: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-10011: Aleksandar Nikolic of Cisco Talos
WebKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27918: an anonymous researcher
Safari
We would like to acknowledge Gabriel Corona for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.2 and iPadOS 14.2".
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+khmUACgkQZcsbuWJ6
jjA/cxAArQHJ0PJZVPQ5gF3071ZxAlwu7iHuphiiYzM9JYskEJYymSxaRxm3mPaK
sT+1znbSDecwZLwFM5Luepkk3DHuj2sFRMZvYDfVvxvCvCob2b5ZQTsjfAimxemz
nrGFcZp/fRGSu1vG1l/wZRta3J6n1WogIvYw+belthcnJHjJ+KThmXL/iDOTRXev
KgS2K94G6tRAkgIUPuuLFnnrxHNyplzhECJXe55YBnkZxGcOBg0ZF7itF8F4q9sQ
TtnfgGxgKbkxXXGKID/ihgByEOI1iSSiiCMsKm2OoltaCB1kcOuT0PwuygRBZaDA
j+HdamnxBErgsQeTvaJPRlIEJFJgVrmr8/nHfKqxNSpF2LxDK+NTXQqo4iAHjy0j
QN4vmKueIN2j6IQmey3zwlkpao8Wg0mYNt9auWHC/S3aNCFVCEKLwUC9e74Ckbzk
5kWpUgtQsUdZDkHZRfPhEntB69KFGfaBAv+fZNewtnsVtoiqx8uxSDCsS8FY6qZL
X/wb2BKgqqmKfketffhihTKGKbBd045tyfjPd1Bodp753U6SKnhPMIQ283uHglEc
auWTj5YBeFtszLYaDvNi4DMci5olBd6n61kuSt8W+hy9vGPIREfPihsZFSGOwB53
ItcJGAqRgwlUEy4O3HUVugUXIJ3qhoHhV+SPaKcWomW3pJgzpg8=
=9YuD
-----END PGP SIGNATURE-----
| VAR-202012-0755 | CVE-2020-27905 | plural Apple Memory corruption vulnerability in the product |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to execute arbitrary code with system privileges. This vulnerability number has been assigned, and the vulnerability details will be updated soon. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2
iOS 14.2 and iPadOS 14.2 are now available and address the following
issues. Information about the security content is also available at
https://support.apple.com/HT211929.
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab
CallKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A user may answer two calls simultaneously without indication
they have answered a second call
Description: An issue existed in the handling of incoming calls.
CVE-2020-27925: Nick Tangri
CoreAudio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Security Light-Year Lab
CoreAudio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27909: Anonymous working with Trend Micro Zero Day
Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year
Lab
Crash Reporter
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local attacker may be able to elevate their privileges
Description: An issue existed within the path validation logic for
symlinks.
CVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan
FontParser
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution. Apple is aware of reports that an exploit for this
issue exists in the wild.
CVE-2020-27930: Google Project Zero
FontParser
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab
Foundation
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to read arbitrary files
Description: A logic issue was addressed with improved state
management.
CVE-2020-10002: James Hutchins
ImageIO
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab
IOAcceleratorFamily
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-27905: Mohamed Ghannam (@_simo36)
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to disclose kernel
memory. Apple is aware of reports that an exploit for this issue
exists in the wild.
CVE-2020-27950: Google Project Zero
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-9974: Tommy Muir (@Muirey03)
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-10016: Alex Helie
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges. Apple is aware of reports that an exploit for
this issue exists in the wild.
CVE-2020-27932: Google Project Zero
Keyboard
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A person with physical access to an iOS device may be able to
access stored passwords without authentication
Description: An authentication issue was addressed with improved
state management.
CVE-2020-27902: Connor Ford (@connorford2)
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27917: found by OSS-Fuzz
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-27911: found by OSS-Fuzz
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27926: found by OSS-Fuzz
Logging
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local attacker may be able to elevate their privileges
Description: A path handling issue was addressed with improved
validation.
CVE-2020-10010: Tommy Muir (@Muirey03)
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-10004: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-13524: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-10011: Aleksandar Nikolic of Cisco Talos
WebKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27918: an anonymous researcher
Safari
We would like to acknowledge Gabriel Corona for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.2 and iPadOS 14.2".
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+khmUACgkQZcsbuWJ6
jjA/cxAArQHJ0PJZVPQ5gF3071ZxAlwu7iHuphiiYzM9JYskEJYymSxaRxm3mPaK
sT+1znbSDecwZLwFM5Luepkk3DHuj2sFRMZvYDfVvxvCvCob2b5ZQTsjfAimxemz
nrGFcZp/fRGSu1vG1l/wZRta3J6n1WogIvYw+belthcnJHjJ+KThmXL/iDOTRXev
KgS2K94G6tRAkgIUPuuLFnnrxHNyplzhECJXe55YBnkZxGcOBg0ZF7itF8F4q9sQ
TtnfgGxgKbkxXXGKID/ihgByEOI1iSSiiCMsKm2OoltaCB1kcOuT0PwuygRBZaDA
j+HdamnxBErgsQeTvaJPRlIEJFJgVrmr8/nHfKqxNSpF2LxDK+NTXQqo4iAHjy0j
QN4vmKueIN2j6IQmey3zwlkpao8Wg0mYNt9auWHC/S3aNCFVCEKLwUC9e74Ckbzk
5kWpUgtQsUdZDkHZRfPhEntB69KFGfaBAv+fZNewtnsVtoiqx8uxSDCsS8FY6qZL
X/wb2BKgqqmKfketffhihTKGKbBd045tyfjPd1Bodp753U6SKnhPMIQ283uHglEc
auWTj5YBeFtszLYaDvNi4DMci5olBd6n61kuSt8W+hy9vGPIREfPihsZFSGOwB53
ItcJGAqRgwlUEy4O3HUVugUXIJ3qhoHhV+SPaKcWomW3pJgzpg8=
=9YuD
-----END PGP SIGNATURE-----
| VAR-202012-0761 | CVE-2020-27916 | plural Apple Out-of-bounds write vulnerabilities in the product |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001
Catalina, Security Update 2020-007 Mojave
macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security
Update 2020-007 Mojave addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT212011.
AMD
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-27914: Yu Wang of Didi Research America
CVE-2020-27915: Yu Wang of Didi Research America
App Store
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable
code.
CVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
AppleGraphicsControl
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A validation issue was addressed with improved logic.
CVE-2020-27941: shrek_wzw
AppleMobileFileIntegrity
Available for: macOS Big Sur 11.0.1
Impact: A malicious application may be able to bypass Privacy
preferences
Description: This issue was addressed with improved checks.
CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
Audio
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9943: JunDong Xie of Ant Security Light-Year Lab
Audio
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab
Bluetooth
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause unexpected application
termination or heap corruption
Description: Multiple integer overflows were addressed with improved
input validation.
CVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
CoreAudio
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9960: JunDong Xie and XingWei Lin of Ant Security Light-Year
Lab
CVE-2020-27908: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
CoreAudio
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Security Light-Year Lab
CoreText
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-27922: Mickey Jin of Trend Micro
FontParser
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-27946: Mateusz Jurczyk of Google Project Zero
FontParser
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of
Trend Micro
FontParser
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile
Security Research Team working with Trend Micro’s Zero Day Initiative
FontParser
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files.
CVE-2020-27931: Apple
CVE-2020-27943: Mateusz Jurczyk of Google Project Zero
CVE-2020-27944: Mateusz Jurczyk of Google Project Zero
Foundation
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A local user may be able to read arbitrary files
Description: A logic issue was addressed with improved state
management.
CVE-2020-10002: James Hutchins
Graphics Drivers
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-27947: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
Graphics Drivers
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-29612: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
HomeKit
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An attacker in a privileged network position may be able to
unexpectedly alter application state
Description: This issue was addressed with improved setting
propagation.
CVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana
University Bloomington, Yan Jia of Xidian University and University
of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University
of Science and Technology
Image Processing
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei
Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-29616: zhouat working with Trend Micro Zero Day Initiative
ImageIO
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27924: Lei Sun
CVE-2020-29618: XingWei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-29611: Ivan Fratric of Google Project Zero
ImageIO
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to heap
corruption
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-29617: XingWei Lin of Ant Security Light-Year Lab
CVE-2020-29619: XingWei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab
CVE-2020-27923: Lei Sun
Intel Graphics Driver
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
CVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc.
and Luyi Xing of Indiana University Bloomington
Intel Graphics Driver
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-9974: Tommy Muir (@Muirey03)
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-10016: Alex Helie
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2020-9967: Alex Plaskett (@alexjplaskett)
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9975: Tielei Wang of Pangu Lab
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed with improved state
handling.
CVE-2020-27921: Linus Henze (pinauten.de)
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: A malicious application may cause unexpected changes in
memory belonging to processes traced by DTrace
Description: This issue was addressed with improved checks to prevent
unauthorized actions.
CVE-2020-27949: Steffen Klee (@_kleest) of TU Darmstadt, Secure
Mobile Networking Lab
Kernel
Available for: macOS Big Sur 11.0.1
Impact: A malicious application may be able to elevate privileges
Description: This issue was addressed with improved entitlements.
CVE-2020-29620: Csaba Fitzl (@theevilbit) of Offensive Security
libxml2
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-27911: found by OSS-Fuzz
libxml2
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27920: found by OSS-Fuzz
libxml2
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27926: found by OSS-Fuzz
libxpc
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to break out of its
sandbox
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Logging
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A local attacker may be able to elevate their privileges
Description: A path handling issue was addressed with improved
validation.
CVE-2020-10010: Tommy Muir (@Muirey03)
Model I/O
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-13524: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-10004: Aleksandar Nikolic of Cisco Talos
NSRemoteView
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved restrictions.
CVE-2020-27901: Thijs Alkemade of Computest Research Division
Power Management
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-10007: singi@theori working with Trend Micro Zero Day
Initiative
Quick Look
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted document may lead to a cross
site scripting attack
Description: An access issue was addressed with improved access
restrictions.
CVE-2020-10012: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu
of Palo Alto Networks (paloaltonetworks.com)
Ruby
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A remote attacker may be able to modify the file system
Description: A path handling issue was addressed with improved
validation.
CVE-2020-27896: an anonymous researcher
System Preferences
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved state
management.
CVE-2020-10009: Thijs Alkemade of Computest Research Division
WebRTC
Available for: macOS Big Sur 11.0.1
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-15969: an anonymous researcher
Wi-Fi
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An attacker may be able to bypass Managed Frame Protection
Description: A denial of service issue was addressed with improved
state handling.
CVE-2020-27898: Stephan Marais of University of Johannesburg
Installation note:
macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security
Update 2020-007 Mojave may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl/YBj8ACgkQZcsbuWJ6
jjCVjw//QGrhMvU+nyuS1UwWs7rcqDJDNh0Zb7yUJali2Bdc9/l++i2pLFbmAwes
7AYCag+T3h3aP7YJAN13zb8KBmUcmnWkWupfx8kEGqHxSXnQTXvaEI59RyCobOCj
OVPtboPMH1d94+6dABMp9kiLAHoZezm3hdF8ShT2Hqgq2TB16wZsa/EvhJVSaduA
7RttG6EHBTin6UU3M/+vcfJWqkg4O0YuZpQaconDa5Pd81jpUMeduzfRvS5i+PVS
cehtHPWjCN15+sQ29q11yhP3v+sYh0DJEl2LWaBnDo2TlC1gHx70H5ZsAFLHChcd
rXkl1tm6GV3UWVhFq0jQc1DP+IwbuL6jHI/wIjYx7itk9XECppyhhiuImOaLiIUH
CBgAjwVHY1GUdTH97iPEQFF61v3sjpRLleLMZW7+9ZTt4pEDwMVHk9vKgVK5BUa6
lrKWtBHL3AtaXtxC9y8XGe3IYEBLAszHMUJfF1BR+D/niDRlztvoj72/3PPwtk2t
tuUE9RGzpSXCQ1CX6vW7zS2ddVmQfJqcPX721k4OVpFNlMXkjZkm2Q/xwr5qq99v
Up9BA+ITksthGYfGAY5bBV1LsjK1NtdNHQGpZe4l9bu4ONgUvmL8iBb/LnS6wKB1
HGcdHEmXvbx+Akl/fvTdG8RSvyoYuFJHkuYv0DMWiri8yN1q+C4=
=osnP
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2
iOS 14.2 and iPadOS 14.2 are now available and address the following
issues. Apple is aware of reports that an exploit for this
issue exists in the wild. Apple is aware of reports that an exploit for this issue
exists in the wild. Apple is aware of reports that an exploit for
this issue exists in the wild.
CVE-2020-27918: an anonymous researcher
Safari
We would like to acknowledge Gabriel Corona for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.2 and iPadOS 14.2"
| VAR-202012-0746 | CVE-2020-27950 | plural Apple Memory initialization vulnerability in product |
CVSS V2: 7.1 CVSS V3: 5.5 Severity: MEDIUM |
A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to disclose kernel memory. plural Apple The product contains a memory initialization vulnerability.Kernel memory can be exposed through malicious applications. This vulnerability number has been assigned, and the vulnerability details will be updated soon. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2
iOS 14.2 and iPadOS 14.2 are now available and address the following
issues. Information about the security content is also available at
https://support.apple.com/HT211929.
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab
CallKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A user may answer two calls simultaneously without indication
they have answered a second call
Description: An issue existed in the handling of incoming calls.
CVE-2020-27925: Nick Tangri
CoreAudio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Security Light-Year Lab
CoreAudio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27909: Anonymous working with Trend Micro Zero Day
Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year
Lab
Crash Reporter
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local attacker may be able to elevate their privileges
Description: An issue existed within the path validation logic for
symlinks.
CVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan
FontParser
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution. Apple is aware of reports that an exploit for this
issue exists in the wild.
CVE-2020-27930: Google Project Zero
FontParser
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab
Foundation
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to read arbitrary files
Description: A logic issue was addressed with improved state
management.
CVE-2020-10002: James Hutchins
ImageIO
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab
IOAcceleratorFamily
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-27905: Mohamed Ghannam (@_simo36)
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to disclose kernel
memory. Apple is aware of reports that an exploit for this issue
exists in the wild.
CVE-2020-27950: Google Project Zero
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-9974: Tommy Muir (@Muirey03)
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-10016: Alex Helie
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges. Apple is aware of reports that an exploit for
this issue exists in the wild.
Description: A type confusion issue was addressed with improved state
handling.
CVE-2020-27932: Google Project Zero
Keyboard
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A person with physical access to an iOS device may be able to
access stored passwords without authentication
Description: An authentication issue was addressed with improved
state management.
CVE-2020-27902: Connor Ford (@connorford2)
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27917: found by OSS-Fuzz
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-27911: found by OSS-Fuzz
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27926: found by OSS-Fuzz
Logging
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local attacker may be able to elevate their privileges
Description: A path handling issue was addressed with improved
validation.
CVE-2020-10010: Tommy Muir (@Muirey03)
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-10004: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-13524: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-10011: Aleksandar Nikolic of Cisco Talos
WebKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27918: an anonymous researcher
Safari
We would like to acknowledge Gabriel Corona for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.2 and iPadOS 14.2".
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+khmUACgkQZcsbuWJ6
jjA/cxAArQHJ0PJZVPQ5gF3071ZxAlwu7iHuphiiYzM9JYskEJYymSxaRxm3mPaK
sT+1znbSDecwZLwFM5Luepkk3DHuj2sFRMZvYDfVvxvCvCob2b5ZQTsjfAimxemz
nrGFcZp/fRGSu1vG1l/wZRta3J6n1WogIvYw+belthcnJHjJ+KThmXL/iDOTRXev
KgS2K94G6tRAkgIUPuuLFnnrxHNyplzhECJXe55YBnkZxGcOBg0ZF7itF8F4q9sQ
TtnfgGxgKbkxXXGKID/ihgByEOI1iSSiiCMsKm2OoltaCB1kcOuT0PwuygRBZaDA
j+HdamnxBErgsQeTvaJPRlIEJFJgVrmr8/nHfKqxNSpF2LxDK+NTXQqo4iAHjy0j
QN4vmKueIN2j6IQmey3zwlkpao8Wg0mYNt9auWHC/S3aNCFVCEKLwUC9e74Ckbzk
5kWpUgtQsUdZDkHZRfPhEntB69KFGfaBAv+fZNewtnsVtoiqx8uxSDCsS8FY6qZL
X/wb2BKgqqmKfketffhihTKGKbBd045tyfjPd1Bodp753U6SKnhPMIQ283uHglEc
auWTj5YBeFtszLYaDvNi4DMci5olBd6n61kuSt8W+hy9vGPIREfPihsZFSGOwB53
ItcJGAqRgwlUEy4O3HUVugUXIJ3qhoHhV+SPaKcWomW3pJgzpg8=
=9YuD
-----END PGP SIGNATURE-----
| VAR-202012-0759 | CVE-2020-27911 | plural Apple Integer overflow vulnerability in product |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An integer overflow was addressed through improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. Apple watchOS is a smart watch operating system developed by Apple (Apple). This vulnerability number has been assigned, and the vulnerability details will be updated soon. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001
Catalina, Security Update 2020-007 Mojave
macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security
Update 2020-007 Mojave addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT212011.
AMD
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-27914: Yu Wang of Didi Research America
CVE-2020-27915: Yu Wang of Didi Research America
App Store
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable
code.
CVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
AppleGraphicsControl
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A validation issue was addressed with improved logic.
CVE-2020-27941: shrek_wzw
AppleMobileFileIntegrity
Available for: macOS Big Sur 11.0.1
Impact: A malicious application may be able to bypass Privacy
preferences
Description: This issue was addressed with improved checks.
CVE-2020-29621: Wojciech Reguła (@_r3ggi) of SecuRing
Audio
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
Audio
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9943: JunDong Xie of Ant Security Light-Year Lab
Audio
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9944: JunDong Xie of Ant Security Light-Year Lab
Audio
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab
Bluetooth
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause unexpected application
termination or heap corruption
Description: Multiple integer overflows were addressed with improved
input validation.
CVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
CoreAudio
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-27948: JunDong Xie of Ant Security Light-Year Lab
CoreAudio
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9960: JunDong Xie and XingWei Lin of Ant Security Light-Year
Lab
CVE-2020-27908: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
CoreAudio
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Security Light-Year Lab
CoreText
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-27922: Mickey Jin of Trend Micro
FontParser
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-27946: Mateusz Jurczyk of Google Project Zero
FontParser
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-9962: Yiğit Can YILMAZ (@yilmazcanyigit)
FontParser
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of
Trend Micro
FontParser
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile
Security Research Team working with Trend Micro’s Zero Day Initiative
FontParser
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files.
CVE-2020-27931: Apple
CVE-2020-27943: Mateusz Jurczyk of Google Project Zero
CVE-2020-27944: Mateusz Jurczyk of Google Project Zero
Foundation
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A local user may be able to read arbitrary files
Description: A logic issue was addressed with improved state
management.
CVE-2020-10002: James Hutchins
Graphics Drivers
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-27947: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
Graphics Drivers
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-29612: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
HomeKit
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An attacker in a privileged network position may be able to
unexpectedly alter application state
Description: This issue was addressed with improved setting
propagation.
CVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana
University Bloomington, Yan Jia of Xidian University and University
of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University
of Science and Technology
Image Processing
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei
Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-29616: zhouat working with Trend Micro Zero Day Initiative
ImageIO
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27924: Lei Sun
CVE-2020-29618: XingWei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-29611: Ivan Fratric of Google Project Zero
ImageIO
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to heap
corruption
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-29617: XingWei Lin of Ant Security Light-Year Lab
CVE-2020-29619: XingWei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab
CVE-2020-27923: Lei Sun
Intel Graphics Driver
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
CVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc.
and Luyi Xing of Indiana University Bloomington
Intel Graphics Driver
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-9974: Tommy Muir (@Muirey03)
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-10016: Alex Helie
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2020-9967: Alex Plaskett (@alexjplaskett)
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9975: Tielei Wang of Pangu Lab
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed with improved state
handling.
CVE-2020-27921: Linus Henze (pinauten.de)
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: A malicious application may cause unexpected changes in
memory belonging to processes traced by DTrace
Description: This issue was addressed with improved checks to prevent
unauthorized actions.
CVE-2020-27949: Steffen Klee (@_kleest) of TU Darmstadt, Secure
Mobile Networking Lab
Kernel
Available for: macOS Big Sur 11.0.1
Impact: A malicious application may be able to elevate privileges
Description: This issue was addressed with improved entitlements.
CVE-2020-27911: found by OSS-Fuzz
libxml2
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27920: found by OSS-Fuzz
libxml2
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27926: found by OSS-Fuzz
libxpc
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to break out of its
sandbox
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Logging
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A local attacker may be able to elevate their privileges
Description: A path handling issue was addressed with improved
validation.
CVE-2020-10010: Tommy Muir (@Muirey03)
Model I/O
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-13524: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-10004: Aleksandar Nikolic of Cisco Talos
NSRemoteView
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved restrictions.
CVE-2020-27901: Thijs Alkemade of Computest Research Division
Power Management
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-10007: singi@theori working with Trend Micro Zero Day
Initiative
Quick Look
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted document may lead to a cross
site scripting attack
Description: An access issue was addressed with improved access
restrictions.
CVE-2020-10012: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu
of Palo Alto Networks (paloaltonetworks.com)
Ruby
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A remote attacker may be able to modify the file system
Description: A path handling issue was addressed with improved
validation.
CVE-2020-27896: an anonymous researcher
System Preferences
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved state
management.
CVE-2020-10009: Thijs Alkemade of Computest Research Division
WebRTC
Available for: macOS Big Sur 11.0.1
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-15969: an anonymous researcher
Wi-Fi
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An attacker may be able to bypass Managed Frame Protection
Description: A denial of service issue was addressed with improved
state handling.
CVE-2020-27898: Stephan Marais of University of Johannesburg
Installation note:
macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security
Update 2020-007 Mojave may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl/YBj8ACgkQZcsbuWJ6
jjCVjw//QGrhMvU+nyuS1UwWs7rcqDJDNh0Zb7yUJali2Bdc9/l++i2pLFbmAwes
7AYCag+T3h3aP7YJAN13zb8KBmUcmnWkWupfx8kEGqHxSXnQTXvaEI59RyCobOCj
OVPtboPMH1d94+6dABMp9kiLAHoZezm3hdF8ShT2Hqgq2TB16wZsa/EvhJVSaduA
7RttG6EHBTin6UU3M/+vcfJWqkg4O0YuZpQaconDa5Pd81jpUMeduzfRvS5i+PVS
cehtHPWjCN15+sQ29q11yhP3v+sYh0DJEl2LWaBnDo2TlC1gHx70H5ZsAFLHChcd
rXkl1tm6GV3UWVhFq0jQc1DP+IwbuL6jHI/wIjYx7itk9XECppyhhiuImOaLiIUH
CBgAjwVHY1GUdTH97iPEQFF61v3sjpRLleLMZW7+9ZTt4pEDwMVHk9vKgVK5BUa6
lrKWtBHL3AtaXtxC9y8XGe3IYEBLAszHMUJfF1BR+D/niDRlztvoj72/3PPwtk2t
tuUE9RGzpSXCQ1CX6vW7zS2ddVmQfJqcPX721k4OVpFNlMXkjZkm2Q/xwr5qq99v
Up9BA+ITksthGYfGAY5bBV1LsjK1NtdNHQGpZe4l9bu4ONgUvmL8iBb/LnS6wKB1
HGcdHEmXvbx+Akl/fvTdG8RSvyoYuFJHkuYv0DMWiri8yN1q+C4=
=osnP
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2
iOS 14.2 and iPadOS 14.2 are now available and address the following
issues. Apple is aware of reports that an exploit for this
issue exists in the wild. Apple is aware of reports that an exploit for this issue
exists in the wild. Apple is aware of reports that an exploit for
this issue exists in the wild.
CVE-2020-27918: an anonymous researcher
Safari
We would like to acknowledge Gabriel Corona for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.2 and iPadOS 14.2"
| VAR-202012-0760 | CVE-2020-27912 | plural Apple Out-of-bounds write vulnerabilities in the product |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution. Apple watchOS is a smart watch operating system developed by Apple (Apple). -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001
Catalina, Security Update 2020-007 Mojave
macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security
Update 2020-007 Mojave addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT212011.
AMD
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-27914: Yu Wang of Didi Research America
CVE-2020-27915: Yu Wang of Didi Research America
App Store
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable
code.
CVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
AppleGraphicsControl
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A validation issue was addressed with improved logic.
CVE-2020-27941: shrek_wzw
AppleMobileFileIntegrity
Available for: macOS Big Sur 11.0.1
Impact: A malicious application may be able to bypass Privacy
preferences
Description: This issue was addressed with improved checks.
CVE-2020-29621: Wojciech Reguła (@_r3ggi) of SecuRing
Audio
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
Audio
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9943: JunDong Xie of Ant Security Light-Year Lab
Audio
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9944: JunDong Xie of Ant Security Light-Year Lab
Audio
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab
Bluetooth
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause unexpected application
termination or heap corruption
Description: Multiple integer overflows were addressed with improved
input validation.
CVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
CoreAudio
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-27948: JunDong Xie of Ant Security Light-Year Lab
CoreAudio
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9960: JunDong Xie and XingWei Lin of Ant Security Light-Year
Lab
CVE-2020-27908: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
CoreAudio
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Security Light-Year Lab
CoreText
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-27922: Mickey Jin of Trend Micro
FontParser
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of
Trend Micro
FontParser
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile
Security Research Team working with Trend Micro’s Zero Day Initiative
FontParser
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files.
CVE-2020-27931: Apple
CVE-2020-27943: Mateusz Jurczyk of Google Project Zero
CVE-2020-27944: Mateusz Jurczyk of Google Project Zero
Foundation
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A local user may be able to read arbitrary files
Description: A logic issue was addressed with improved state
management.
CVE-2020-10002: James Hutchins
Graphics Drivers
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-27947: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
Graphics Drivers
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-29612: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
HomeKit
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An attacker in a privileged network position may be able to
unexpectedly alter application state
Description: This issue was addressed with improved setting
propagation.
CVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana
University Bloomington, Yan Jia of Xidian University and University
of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University
of Science and Technology
Image Processing
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei
Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-29616: zhouat working with Trend Micro Zero Day Initiative
ImageIO
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27924: Lei Sun
CVE-2020-29618: XingWei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-29611: Ivan Fratric of Google Project Zero
ImageIO
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to heap
corruption
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-29617: XingWei Lin of Ant Security Light-Year Lab
CVE-2020-29619: XingWei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab
CVE-2020-27923: Lei Sun
Intel Graphics Driver
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
CVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc.
and Luyi Xing of Indiana University Bloomington
Intel Graphics Driver
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-9974: Tommy Muir (@Muirey03)
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-10016: Alex Helie
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2020-9967: Alex Plaskett (@alexjplaskett)
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9975: Tielei Wang of Pangu Lab
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed with improved state
handling.
CVE-2020-27921: Linus Henze (pinauten.de)
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: A malicious application may cause unexpected changes in
memory belonging to processes traced by DTrace
Description: This issue was addressed with improved checks to prevent
unauthorized actions.
CVE-2020-27949: Steffen Klee (@_kleest) of TU Darmstadt, Secure
Mobile Networking Lab
Kernel
Available for: macOS Big Sur 11.0.1
Impact: A malicious application may be able to elevate privileges
Description: This issue was addressed with improved entitlements.
CVE-2020-29620: Csaba Fitzl (@theevilbit) of Offensive Security
libxml2
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-27911: found by OSS-Fuzz
libxml2
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27926: found by OSS-Fuzz
libxpc
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to break out of its
sandbox
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Logging
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A local attacker may be able to elevate their privileges
Description: A path handling issue was addressed with improved
validation.
CVE-2020-10010: Tommy Muir (@Muirey03)
Model I/O
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-13524: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-10004: Aleksandar Nikolic of Cisco Talos
NSRemoteView
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved restrictions.
CVE-2020-27901: Thijs Alkemade of Computest Research Division
Power Management
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-10007: singi@theori working with Trend Micro Zero Day
Initiative
Quick Look
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted document may lead to a cross
site scripting attack
Description: An access issue was addressed with improved access
restrictions.
CVE-2020-10012: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu
of Palo Alto Networks (paloaltonetworks.com)
Ruby
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A remote attacker may be able to modify the file system
Description: A path handling issue was addressed with improved
validation.
CVE-2020-27896: an anonymous researcher
System Preferences
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved state
management.
CVE-2020-15969: an anonymous researcher
Wi-Fi
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An attacker may be able to bypass Managed Frame Protection
Description: A denial of service issue was addressed with improved
state handling.
CVE-2020-27898: Stephan Marais of University of Johannesburg
Installation note:
macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security
Update 2020-007 Mojave may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl/YBj8ACgkQZcsbuWJ6
jjCVjw//QGrhMvU+nyuS1UwWs7rcqDJDNh0Zb7yUJali2Bdc9/l++i2pLFbmAwes
7AYCag+T3h3aP7YJAN13zb8KBmUcmnWkWupfx8kEGqHxSXnQTXvaEI59RyCobOCj
OVPtboPMH1d94+6dABMp9kiLAHoZezm3hdF8ShT2Hqgq2TB16wZsa/EvhJVSaduA
7RttG6EHBTin6UU3M/+vcfJWqkg4O0YuZpQaconDa5Pd81jpUMeduzfRvS5i+PVS
cehtHPWjCN15+sQ29q11yhP3v+sYh0DJEl2LWaBnDo2TlC1gHx70H5ZsAFLHChcd
rXkl1tm6GV3UWVhFq0jQc1DP+IwbuL6jHI/wIjYx7itk9XECppyhhiuImOaLiIUH
CBgAjwVHY1GUdTH97iPEQFF61v3sjpRLleLMZW7+9ZTt4pEDwMVHk9vKgVK5BUa6
lrKWtBHL3AtaXtxC9y8XGe3IYEBLAszHMUJfF1BR+D/niDRlztvoj72/3PPwtk2t
tuUE9RGzpSXCQ1CX6vW7zS2ddVmQfJqcPX721k4OVpFNlMXkjZkm2Q/xwr5qq99v
Up9BA+ITksthGYfGAY5bBV1LsjK1NtdNHQGpZe4l9bu4ONgUvmL8iBb/LnS6wKB1
HGcdHEmXvbx+Akl/fvTdG8RSvyoYuFJHkuYv0DMWiri8yN1q+C4=
=osnP
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2
iOS 14.2 and iPadOS 14.2 are now available and address the following
issues. Apple is aware of reports that an exploit for this
issue exists in the wild. Apple is aware of reports that an exploit for this issue
exists in the wild. Apple is aware of reports that an exploit for
this issue exists in the wild.
CVE-2020-27918: an anonymous researcher
Safari
We would like to acknowledge Gabriel Corona for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.2 and iPadOS 14.2"
| VAR-202012-0758 | CVE-2020-27910 | plural Apple Out-of-bounds read vulnerability in product |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001
Catalina, Security Update 2020-007 Mojave
macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security
Update 2020-007 Mojave addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT212011.
AMD
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-27914: Yu Wang of Didi Research America
CVE-2020-27915: Yu Wang of Didi Research America
App Store
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable
code.
CVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
AppleGraphicsControl
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A validation issue was addressed with improved logic.
CVE-2020-27941: shrek_wzw
AppleMobileFileIntegrity
Available for: macOS Big Sur 11.0.1
Impact: A malicious application may be able to bypass Privacy
preferences
Description: This issue was addressed with improved checks.
CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
Audio
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9943: JunDong Xie of Ant Security Light-Year Lab
Audio
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab
Bluetooth
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause unexpected application
termination or heap corruption
Description: Multiple integer overflows were addressed with improved
input validation.
CVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
CoreAudio
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9960: JunDong Xie and XingWei Lin of Ant Security Light-Year
Lab
CVE-2020-27908: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
CoreAudio
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Security Light-Year Lab
CoreText
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-27922: Mickey Jin of Trend Micro
FontParser
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-27946: Mateusz Jurczyk of Google Project Zero
FontParser
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of
Trend Micro
FontParser
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile
Security Research Team working with Trend Micro’s Zero Day Initiative
FontParser
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files.
CVE-2020-27931: Apple
CVE-2020-27943: Mateusz Jurczyk of Google Project Zero
CVE-2020-27944: Mateusz Jurczyk of Google Project Zero
Foundation
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A local user may be able to read arbitrary files
Description: A logic issue was addressed with improved state
management.
CVE-2020-10002: James Hutchins
Graphics Drivers
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-27947: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
Graphics Drivers
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-29612: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
HomeKit
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An attacker in a privileged network position may be able to
unexpectedly alter application state
Description: This issue was addressed with improved setting
propagation.
CVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana
University Bloomington, Yan Jia of Xidian University and University
of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University
of Science and Technology
Image Processing
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei
Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-29616: zhouat working with Trend Micro Zero Day Initiative
ImageIO
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27924: Lei Sun
CVE-2020-29618: XingWei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-29611: Ivan Fratric of Google Project Zero
ImageIO
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to heap
corruption
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-29617: XingWei Lin of Ant Security Light-Year Lab
CVE-2020-29619: XingWei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab
CVE-2020-27923: Lei Sun
Intel Graphics Driver
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
CVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc.
and Luyi Xing of Indiana University Bloomington
Intel Graphics Driver
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-9974: Tommy Muir (@Muirey03)
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-10016: Alex Helie
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2020-9967: Alex Plaskett (@alexjplaskett)
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9975: Tielei Wang of Pangu Lab
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed with improved state
handling.
CVE-2020-27921: Linus Henze (pinauten.de)
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: A malicious application may cause unexpected changes in
memory belonging to processes traced by DTrace
Description: This issue was addressed with improved checks to prevent
unauthorized actions.
CVE-2020-27949: Steffen Klee (@_kleest) of TU Darmstadt, Secure
Mobile Networking Lab
Kernel
Available for: macOS Big Sur 11.0.1
Impact: A malicious application may be able to elevate privileges
Description: This issue was addressed with improved entitlements.
CVE-2020-29620: Csaba Fitzl (@theevilbit) of Offensive Security
libxml2
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-27911: found by OSS-Fuzz
libxml2
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27920: found by OSS-Fuzz
libxml2
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27926: found by OSS-Fuzz
libxpc
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to break out of its
sandbox
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Logging
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A local attacker may be able to elevate their privileges
Description: A path handling issue was addressed with improved
validation.
CVE-2020-10010: Tommy Muir (@Muirey03)
Model I/O
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-13524: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-10004: Aleksandar Nikolic of Cisco Talos
NSRemoteView
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved restrictions.
CVE-2020-27901: Thijs Alkemade of Computest Research Division
Power Management
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-10007: singi@theori working with Trend Micro Zero Day
Initiative
Quick Look
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted document may lead to a cross
site scripting attack
Description: An access issue was addressed with improved access
restrictions.
CVE-2020-10012: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu
of Palo Alto Networks (paloaltonetworks.com)
Ruby
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A remote attacker may be able to modify the file system
Description: A path handling issue was addressed with improved
validation.
CVE-2020-27896: an anonymous researcher
System Preferences
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved state
management.
CVE-2020-10009: Thijs Alkemade of Computest Research Division
WebRTC
Available for: macOS Big Sur 11.0.1
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-15969: an anonymous researcher
Wi-Fi
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An attacker may be able to bypass Managed Frame Protection
Description: A denial of service issue was addressed with improved
state handling.
CVE-2020-27898: Stephan Marais of University of Johannesburg
Installation note:
macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security
Update 2020-007 Mojave may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl/YBj8ACgkQZcsbuWJ6
jjCVjw//QGrhMvU+nyuS1UwWs7rcqDJDNh0Zb7yUJali2Bdc9/l++i2pLFbmAwes
7AYCag+T3h3aP7YJAN13zb8KBmUcmnWkWupfx8kEGqHxSXnQTXvaEI59RyCobOCj
OVPtboPMH1d94+6dABMp9kiLAHoZezm3hdF8ShT2Hqgq2TB16wZsa/EvhJVSaduA
7RttG6EHBTin6UU3M/+vcfJWqkg4O0YuZpQaconDa5Pd81jpUMeduzfRvS5i+PVS
cehtHPWjCN15+sQ29q11yhP3v+sYh0DJEl2LWaBnDo2TlC1gHx70H5ZsAFLHChcd
rXkl1tm6GV3UWVhFq0jQc1DP+IwbuL6jHI/wIjYx7itk9XECppyhhiuImOaLiIUH
CBgAjwVHY1GUdTH97iPEQFF61v3sjpRLleLMZW7+9ZTt4pEDwMVHk9vKgVK5BUa6
lrKWtBHL3AtaXtxC9y8XGe3IYEBLAszHMUJfF1BR+D/niDRlztvoj72/3PPwtk2t
tuUE9RGzpSXCQ1CX6vW7zS2ddVmQfJqcPX721k4OVpFNlMXkjZkm2Q/xwr5qq99v
Up9BA+ITksthGYfGAY5bBV1LsjK1NtdNHQGpZe4l9bu4ONgUvmL8iBb/LnS6wKB1
HGcdHEmXvbx+Akl/fvTdG8RSvyoYuFJHkuYv0DMWiri8yN1q+C4=
=osnP
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2
iOS 14.2 and iPadOS 14.2 are now available and address the following
issues. Apple is aware of reports that an exploit for this
issue exists in the wild. Apple is aware of reports that an exploit for this issue
exists in the wild. Apple is aware of reports that an exploit for
this issue exists in the wild.
CVE-2020-27918: an anonymous researcher
Safari
We would like to acknowledge Gabriel Corona for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.2 and iPadOS 14.2"
| VAR-202012-0763 | CVE-2020-27918 | plural Apple Product Free Memory Usage Vulnerability |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. This vulnerability number has been assigned, and the vulnerability details will be updated soon. A security issue exists in WebKitGTK prior to 2.30.6 and WPE WebKit prior to 2.30.6. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: GNOME security, bug fix, and enhancement update
Advisory ID: RHSA-2021:4381-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4381
Issue date: 2021-11-09
CVE Names: CVE-2020-13558 CVE-2020-24870 CVE-2020-27918
CVE-2020-29623 CVE-2020-36241 CVE-2021-1765
CVE-2021-1788 CVE-2021-1789 CVE-2021-1799
CVE-2021-1801 CVE-2021-1844 CVE-2021-1870
CVE-2021-1871 CVE-2021-21775 CVE-2021-21779
CVE-2021-21806 CVE-2021-28650 CVE-2021-30663
CVE-2021-30665 CVE-2021-30682 CVE-2021-30689
CVE-2021-30720 CVE-2021-30734 CVE-2021-30744
CVE-2021-30749 CVE-2021-30758 CVE-2021-30795
CVE-2021-30797 CVE-2021-30799
====================================================================
1. Summary:
An update for GNOME is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
GNOME is the default desktop environment of Red Hat Enterprise Linux.
The following packages have been upgraded to a later upstream version: gdm
(40.0), webkit2gtk3 (2.32.3).
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.5 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
GDM must be restarted for this update to take effect. The GNOME session
must be restarted (log out, then log back in) for this update to take
effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1651378 - [RFE] Provide a mechanism for persistently showing the security level of a machine at login time
1770302 - disable show text in GDM login/lock screen (patched in RHEL 7.8)
1791478 - Cannot completely disable odrs (Gnome Ratings) from the Software application in Gnome Desktop
1813727 - Files copied from NFS4 to Desktop can't be opened
1854679 - [RFE] Disable left edge gesture
1873297 - Gnome-software coredumps when run as root in terminal
1873488 - GTK3 prints errors with overlay scrollbar disabled
1888404 - Updates page hides ongoing updates on refresh
1894613 - [RFE] Re-inclusion of workspace renaming in GNOME 3.
1897932 - JS ERROR: Error: Extension point conflict: there is already a status indicator for role ...
1904139 - Automatic Logout Feature not working
1905000 - Desktop refresh broken after unlock
1909300 - gdm isn't killing the login screen on login after all, should rebase to latest release
1914925 - RFE: add patch to set grub boot_success flag on shutdown/reboot
1924725 - [Wayland] Double-touch desktop icons fails sometimes
1925640 - CVE-2020-36241 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory
1928794 - CVE-2020-24870 LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp
1928886 - CVE-2020-13558 webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution
1935261 - [RFE] Enable connecting to WiFI and VPN connections at the GDM login
1937416 - Rebase WebKitGTK to 2.32
1937866 - Unable to disable onscreen keyboard in touch screen machine [rhel-8.5.0]
1938937 - Mutter: mouse click doesn't work when using 10-bit graphic monitor [rhel-8.5.0]
1940026 - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix)
1944323 - CVE-2020-27918 webkitgtk: Use-after-free leading to arbitrary code execution
1944329 - CVE-2020-29623 webkitgtk: User may be unable to fully delete browsing history
1944333 - CVE-2021-1765 webkitgtk: IFrame sandboxing policy violation
1944337 - CVE-2021-1789 webkitgtk: Type confusion issue leading to arbitrary code execution
1944340 - CVE-2021-1799 webkitgtk: Access to restricted ports on arbitrary servers via port redirection
1944343 - CVE-2021-1801 webkitgtk: IFrame sandboxing policy violation
1944350 - CVE-2021-1870 webkitgtk: Logic issue leading to arbitrary code execution
1944859 - CVE-2021-1788 webkitgtk: Use-after-free leading to arbitrary code execution
1944862 - CVE-2021-1844 webkitgtk: Memory corruption issue leading to arbitrary code execution
1944867 - CVE-2021-1871 webkitgtk: Logic issue leading to arbitrary code execution
1949176 - GNOME Shell on Wayland does not generate xauth data, needed for X forwarding over SSH
1951086 - Disable the Facebook provider
1952136 - Disable the Foursquare provider
1955754 - gnome-session kiosk-session support still isn't up to muster
1957705 - RFE: make gnome-calculator internet access attemps configurable system-wide
1960705 - Vino nonfunctional in FIPS mode
1962049 - [Hyper-V][RHEL8.5]gdm: Guest with 1 vcpu start GUI failed on Hyper-V
1971507 - gnome-shell JS ERROR Error calling onComplete: TypeError this._dialog.actor is undefined _hideLockScreenComplete updateTweens
1971534 - gnome-shell[2343]: gsignal.c:2642: instance '0x5583c61f9280' has no handler with id '23831'
1972545 - flatpak: Prefer runtime from the same origin as the application
1978287 - gnome-shell to include / Documented - PolicyKit-authentication-agent
1978505 - Gnome Software development package is missing important header files.
1978612 - pt_BR translations for "Register System" panel
1980441 - CVE-2021-21806 webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution
1980661 - "Screen Lock disabled" notification appears on first login after disabling gdm and notification pop-up. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
LibRaw-0.19.5-3.el8.src.rpm
accountsservice-0.6.55-2.el8.src.rpm
gdm-40.0-15.el8.src.rpm
gnome-autoar-0.2.3-2.el8.src.rpm
gnome-calculator-3.28.2-2.el8.src.rpm
gnome-control-center-3.28.2-28.el8.src.rpm
gnome-online-accounts-3.28.2-3.el8.src.rpm
gnome-session-3.28.1-13.el8.src.rpm
gnome-settings-daemon-3.32.0-16.el8.src.rpm
gnome-shell-3.32.2-40.el8.src.rpm
gnome-shell-extensions-3.32.1-20.el8.src.rpm
gnome-software-3.36.1-10.el8.src.rpm
gtk3-3.22.30-8.el8.src.rpm
mutter-3.32.2-60.el8.src.rpm
vino-3.22.0-11.el8.src.rpm
webkit2gtk3-2.32.3-2.el8.src.rpm
aarch64:
accountsservice-0.6.55-2.el8.aarch64.rpm
accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm
accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm
accountsservice-libs-0.6.55-2.el8.aarch64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm
gdm-40.0-15.el8.aarch64.rpm
gdm-debuginfo-40.0-15.el8.aarch64.rpm
gdm-debugsource-40.0-15.el8.aarch64.rpm
gnome-autoar-0.2.3-2.el8.aarch64.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.aarch64.rpm
gnome-autoar-debugsource-0.2.3-2.el8.aarch64.rpm
gnome-calculator-3.28.2-2.el8.aarch64.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.aarch64.rpm
gnome-calculator-debugsource-3.28.2-2.el8.aarch64.rpm
gnome-control-center-3.28.2-28.el8.aarch64.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.aarch64.rpm
gnome-control-center-debugsource-3.28.2-28.el8.aarch64.rpm
gnome-online-accounts-3.28.2-3.el8.aarch64.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.aarch64.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.aarch64.rpm
gnome-online-accounts-devel-3.28.2-3.el8.aarch64.rpm
gnome-session-3.28.1-13.el8.aarch64.rpm
gnome-session-debuginfo-3.28.1-13.el8.aarch64.rpm
gnome-session-debugsource-3.28.1-13.el8.aarch64.rpm
gnome-session-kiosk-session-3.28.1-13.el8.aarch64.rpm
gnome-session-wayland-session-3.28.1-13.el8.aarch64.rpm
gnome-session-xsession-3.28.1-13.el8.aarch64.rpm
gnome-settings-daemon-3.32.0-16.el8.aarch64.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.aarch64.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.aarch64.rpm
gnome-shell-3.32.2-40.el8.aarch64.rpm
gnome-shell-debuginfo-3.32.2-40.el8.aarch64.rpm
gnome-shell-debugsource-3.32.2-40.el8.aarch64.rpm
gnome-software-3.36.1-10.el8.aarch64.rpm
gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm
gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.aarch64.rpm
gtk-update-icon-cache-3.22.30-8.el8.aarch64.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-3.22.30-8.el8.aarch64.rpm
gtk3-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-debugsource-3.22.30-8.el8.aarch64.rpm
gtk3-devel-3.22.30-8.el8.aarch64.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-immodule-xim-3.22.30-8.el8.aarch64.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.aarch64.rpm
mutter-3.32.2-60.el8.aarch64.rpm
mutter-debuginfo-3.32.2-60.el8.aarch64.rpm
mutter-debugsource-3.32.2-60.el8.aarch64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm
vino-3.22.0-11.el8.aarch64.rpm
vino-debuginfo-3.22.0-11.el8.aarch64.rpm
vino-debugsource-3.22.0-11.el8.aarch64.rpm
webkit2gtk3-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-devel-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.aarch64.rpm
noarch:
gnome-classic-session-3.32.1-20.el8.noarch.rpm
gnome-control-center-filesystem-3.28.2-28.el8.noarch.rpm
gnome-shell-extension-apps-menu-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-auto-move-windows-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-common-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-dash-to-dock-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-desktop-icons-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-disable-screenshield-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-drive-menu-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-launch-new-instance-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-native-window-placement-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-no-hot-corner-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-panel-favorites-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-places-menu-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-systemMonitor-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-top-icons-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-updates-dialog-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-user-theme-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-window-grouper-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-window-list-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-windowsNavigator-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-workspace-indicator-3.32.1-20.el8.noarch.rpm
ppc64le:
LibRaw-0.19.5-3.el8.ppc64le.rpm
LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm
LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm
accountsservice-0.6.55-2.el8.ppc64le.rpm
accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm
accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm
accountsservice-libs-0.6.55-2.el8.ppc64le.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm
gdm-40.0-15.el8.ppc64le.rpm
gdm-debuginfo-40.0-15.el8.ppc64le.rpm
gdm-debugsource-40.0-15.el8.ppc64le.rpm
gnome-autoar-0.2.3-2.el8.ppc64le.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.ppc64le.rpm
gnome-autoar-debugsource-0.2.3-2.el8.ppc64le.rpm
gnome-calculator-3.28.2-2.el8.ppc64le.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.ppc64le.rpm
gnome-calculator-debugsource-3.28.2-2.el8.ppc64le.rpm
gnome-control-center-3.28.2-28.el8.ppc64le.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.ppc64le.rpm
gnome-control-center-debugsource-3.28.2-28.el8.ppc64le.rpm
gnome-online-accounts-3.28.2-3.el8.ppc64le.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.ppc64le.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.ppc64le.rpm
gnome-online-accounts-devel-3.28.2-3.el8.ppc64le.rpm
gnome-session-3.28.1-13.el8.ppc64le.rpm
gnome-session-debuginfo-3.28.1-13.el8.ppc64le.rpm
gnome-session-debugsource-3.28.1-13.el8.ppc64le.rpm
gnome-session-kiosk-session-3.28.1-13.el8.ppc64le.rpm
gnome-session-wayland-session-3.28.1-13.el8.ppc64le.rpm
gnome-session-xsession-3.28.1-13.el8.ppc64le.rpm
gnome-settings-daemon-3.32.0-16.el8.ppc64le.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.ppc64le.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.ppc64le.rpm
gnome-shell-3.32.2-40.el8.ppc64le.rpm
gnome-shell-debuginfo-3.32.2-40.el8.ppc64le.rpm
gnome-shell-debugsource-3.32.2-40.el8.ppc64le.rpm
gnome-software-3.36.1-10.el8.ppc64le.rpm
gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm
gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.ppc64le.rpm
gtk-update-icon-cache-3.22.30-8.el8.ppc64le.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-3.22.30-8.el8.ppc64le.rpm
gtk3-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-debugsource-3.22.30-8.el8.ppc64le.rpm
gtk3-devel-3.22.30-8.el8.ppc64le.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-immodule-xim-3.22.30-8.el8.ppc64le.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.ppc64le.rpm
mutter-3.32.2-60.el8.ppc64le.rpm
mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm
mutter-debugsource-3.32.2-60.el8.ppc64le.rpm
mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm
vino-3.22.0-11.el8.ppc64le.rpm
vino-debuginfo-3.22.0-11.el8.ppc64le.rpm
vino-debugsource-3.22.0-11.el8.ppc64le.rpm
webkit2gtk3-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-devel-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm
s390x:
accountsservice-0.6.55-2.el8.s390x.rpm
accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm
accountsservice-debugsource-0.6.55-2.el8.s390x.rpm
accountsservice-libs-0.6.55-2.el8.s390x.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm
gdm-40.0-15.el8.s390x.rpm
gdm-debuginfo-40.0-15.el8.s390x.rpm
gdm-debugsource-40.0-15.el8.s390x.rpm
gnome-autoar-0.2.3-2.el8.s390x.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.s390x.rpm
gnome-autoar-debugsource-0.2.3-2.el8.s390x.rpm
gnome-calculator-3.28.2-2.el8.s390x.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.s390x.rpm
gnome-calculator-debugsource-3.28.2-2.el8.s390x.rpm
gnome-control-center-3.28.2-28.el8.s390x.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.s390x.rpm
gnome-control-center-debugsource-3.28.2-28.el8.s390x.rpm
gnome-online-accounts-3.28.2-3.el8.s390x.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.s390x.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.s390x.rpm
gnome-online-accounts-devel-3.28.2-3.el8.s390x.rpm
gnome-session-3.28.1-13.el8.s390x.rpm
gnome-session-debuginfo-3.28.1-13.el8.s390x.rpm
gnome-session-debugsource-3.28.1-13.el8.s390x.rpm
gnome-session-kiosk-session-3.28.1-13.el8.s390x.rpm
gnome-session-wayland-session-3.28.1-13.el8.s390x.rpm
gnome-session-xsession-3.28.1-13.el8.s390x.rpm
gnome-settings-daemon-3.32.0-16.el8.s390x.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.s390x.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.s390x.rpm
gnome-shell-3.32.2-40.el8.s390x.rpm
gnome-shell-debuginfo-3.32.2-40.el8.s390x.rpm
gnome-shell-debugsource-3.32.2-40.el8.s390x.rpm
gnome-software-3.36.1-10.el8.s390x.rpm
gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm
gnome-software-debugsource-3.36.1-10.el8.s390x.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.s390x.rpm
gtk-update-icon-cache-3.22.30-8.el8.s390x.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-3.22.30-8.el8.s390x.rpm
gtk3-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-debugsource-3.22.30-8.el8.s390x.rpm
gtk3-devel-3.22.30-8.el8.s390x.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-immodule-xim-3.22.30-8.el8.s390x.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.s390x.rpm
mutter-3.32.2-60.el8.s390x.rpm
mutter-debuginfo-3.32.2-60.el8.s390x.rpm
mutter-debugsource-3.32.2-60.el8.s390x.rpm
mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm
vino-3.22.0-11.el8.s390x.rpm
vino-debuginfo-3.22.0-11.el8.s390x.rpm
vino-debugsource-3.22.0-11.el8.s390x.rpm
webkit2gtk3-2.32.3-2.el8.s390x.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.s390x.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.s390x.rpm
webkit2gtk3-devel-2.32.3-2.el8.s390x.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.s390x.rpm
x86_64:
LibRaw-0.19.5-3.el8.i686.rpm
LibRaw-0.19.5-3.el8.x86_64.rpm
LibRaw-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm
LibRaw-debugsource-0.19.5-3.el8.i686.rpm
LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm
accountsservice-0.6.55-2.el8.x86_64.rpm
accountsservice-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm
accountsservice-debugsource-0.6.55-2.el8.i686.rpm
accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm
accountsservice-libs-0.6.55-2.el8.i686.rpm
accountsservice-libs-0.6.55-2.el8.x86_64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm
gdm-40.0-15.el8.i686.rpm
gdm-40.0-15.el8.x86_64.rpm
gdm-debuginfo-40.0-15.el8.i686.rpm
gdm-debuginfo-40.0-15.el8.x86_64.rpm
gdm-debugsource-40.0-15.el8.i686.rpm
gdm-debugsource-40.0-15.el8.x86_64.rpm
gnome-autoar-0.2.3-2.el8.i686.rpm
gnome-autoar-0.2.3-2.el8.x86_64.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.i686.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.x86_64.rpm
gnome-autoar-debugsource-0.2.3-2.el8.i686.rpm
gnome-autoar-debugsource-0.2.3-2.el8.x86_64.rpm
gnome-calculator-3.28.2-2.el8.x86_64.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.x86_64.rpm
gnome-calculator-debugsource-3.28.2-2.el8.x86_64.rpm
gnome-control-center-3.28.2-28.el8.x86_64.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.x86_64.rpm
gnome-control-center-debugsource-3.28.2-28.el8.x86_64.rpm
gnome-online-accounts-3.28.2-3.el8.i686.rpm
gnome-online-accounts-3.28.2-3.el8.x86_64.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.i686.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.x86_64.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.i686.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.x86_64.rpm
gnome-online-accounts-devel-3.28.2-3.el8.i686.rpm
gnome-online-accounts-devel-3.28.2-3.el8.x86_64.rpm
gnome-session-3.28.1-13.el8.x86_64.rpm
gnome-session-debuginfo-3.28.1-13.el8.x86_64.rpm
gnome-session-debugsource-3.28.1-13.el8.x86_64.rpm
gnome-session-kiosk-session-3.28.1-13.el8.x86_64.rpm
gnome-session-wayland-session-3.28.1-13.el8.x86_64.rpm
gnome-session-xsession-3.28.1-13.el8.x86_64.rpm
gnome-settings-daemon-3.32.0-16.el8.x86_64.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.x86_64.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.x86_64.rpm
gnome-shell-3.32.2-40.el8.x86_64.rpm
gnome-shell-debuginfo-3.32.2-40.el8.x86_64.rpm
gnome-shell-debugsource-3.32.2-40.el8.x86_64.rpm
gnome-software-3.36.1-10.el8.x86_64.rpm
gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm
gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm
gsettings-desktop-schemas-3.32.0-6.el8.i686.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.i686.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.x86_64.rpm
gtk-update-icon-cache-3.22.30-8.el8.x86_64.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.i686.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-3.22.30-8.el8.i686.rpm
gtk3-3.22.30-8.el8.x86_64.rpm
gtk3-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-debugsource-3.22.30-8.el8.i686.rpm
gtk3-debugsource-3.22.30-8.el8.x86_64.rpm
gtk3-devel-3.22.30-8.el8.i686.rpm
gtk3-devel-3.22.30-8.el8.x86_64.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-immodule-xim-3.22.30-8.el8.x86_64.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.x86_64.rpm
mutter-3.32.2-60.el8.i686.rpm
mutter-3.32.2-60.el8.x86_64.rpm
mutter-debuginfo-3.32.2-60.el8.i686.rpm
mutter-debuginfo-3.32.2-60.el8.x86_64.rpm
mutter-debugsource-3.32.2-60.el8.i686.rpm
mutter-debugsource-3.32.2-60.el8.x86_64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm
mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm
vino-3.22.0-11.el8.x86_64.rpm
vino-debuginfo-3.22.0-11.el8.x86_64.rpm
vino-debugsource-3.22.0-11.el8.x86_64.rpm
webkit2gtk3-2.32.3-2.el8.i686.rpm
webkit2gtk3-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.i686.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-devel-2.32.3-2.el8.i686.rpm
webkit2gtk3-devel-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
gsettings-desktop-schemas-3.32.0-6.el8.src.rpm
aarch64:
gsettings-desktop-schemas-3.32.0-6.el8.aarch64.rpm
ppc64le:
gsettings-desktop-schemas-3.32.0-6.el8.ppc64le.rpm
s390x:
gsettings-desktop-schemas-3.32.0-6.el8.s390x.rpm
x86_64:
gsettings-desktop-schemas-3.32.0-6.el8.x86_64.rpm
Red Hat Enterprise Linux CRB (v. 8):
aarch64:
accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm
accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm
accountsservice-devel-0.6.55-2.el8.aarch64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm
gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm
gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm
gnome-software-devel-3.36.1-10.el8.aarch64.rpm
mutter-debuginfo-3.32.2-60.el8.aarch64.rpm
mutter-debugsource-3.32.2-60.el8.aarch64.rpm
mutter-devel-3.32.2-60.el8.aarch64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm
ppc64le:
LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm
LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm
LibRaw-devel-0.19.5-3.el8.ppc64le.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm
accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm
accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm
accountsservice-devel-0.6.55-2.el8.ppc64le.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm
gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm
gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm
gnome-software-devel-3.36.1-10.el8.ppc64le.rpm
mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm
mutter-debugsource-3.32.2-60.el8.ppc64le.rpm
mutter-devel-3.32.2-60.el8.ppc64le.rpm
mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm
s390x:
accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm
accountsservice-debugsource-0.6.55-2.el8.s390x.rpm
accountsservice-devel-0.6.55-2.el8.s390x.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm
gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm
gnome-software-debugsource-3.36.1-10.el8.s390x.rpm
gnome-software-devel-3.36.1-10.el8.s390x.rpm
mutter-debuginfo-3.32.2-60.el8.s390x.rpm
mutter-debugsource-3.32.2-60.el8.s390x.rpm
mutter-devel-3.32.2-60.el8.s390x.rpm
mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm
x86_64:
LibRaw-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm
LibRaw-debugsource-0.19.5-3.el8.i686.rpm
LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm
LibRaw-devel-0.19.5-3.el8.i686.rpm
LibRaw-devel-0.19.5-3.el8.x86_64.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm
accountsservice-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm
accountsservice-debugsource-0.6.55-2.el8.i686.rpm
accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm
accountsservice-devel-0.6.55-2.el8.i686.rpm
accountsservice-devel-0.6.55-2.el8.x86_64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm
gnome-software-3.36.1-10.el8.i686.rpm
gnome-software-debuginfo-3.36.1-10.el8.i686.rpm
gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm
gnome-software-debugsource-3.36.1-10.el8.i686.rpm
gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm
gnome-software-devel-3.36.1-10.el8.i686.rpm
gnome-software-devel-3.36.1-10.el8.x86_64.rpm
mutter-debuginfo-3.32.2-60.el8.i686.rpm
mutter-debuginfo-3.32.2-60.el8.x86_64.rpm
mutter-debugsource-3.32.2-60.el8.i686.rpm
mutter-debugsource-3.32.2-60.el8.x86_64.rpm
mutter-devel-3.32.2-60.el8.i686.rpm
mutter-devel-3.32.2-60.el8.x86_64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm
mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-13558
https://access.redhat.com/security/cve/CVE-2020-24870
https://access.redhat.com/security/cve/CVE-2020-27918
https://access.redhat.com/security/cve/CVE-2020-29623
https://access.redhat.com/security/cve/CVE-2020-36241
https://access.redhat.com/security/cve/CVE-2021-1765
https://access.redhat.com/security/cve/CVE-2021-1788
https://access.redhat.com/security/cve/CVE-2021-1789
https://access.redhat.com/security/cve/CVE-2021-1799
https://access.redhat.com/security/cve/CVE-2021-1801
https://access.redhat.com/security/cve/CVE-2021-1844
https://access.redhat.com/security/cve/CVE-2021-1870
https://access.redhat.com/security/cve/CVE-2021-1871
https://access.redhat.com/security/cve/CVE-2021-21775
https://access.redhat.com/security/cve/CVE-2021-21779
https://access.redhat.com/security/cve/CVE-2021-21806
https://access.redhat.com/security/cve/CVE-2021-28650
https://access.redhat.com/security/cve/CVE-2021-30663
https://access.redhat.com/security/cve/CVE-2021-30665
https://access.redhat.com/security/cve/CVE-2021-30682
https://access.redhat.com/security/cve/CVE-2021-30689
https://access.redhat.com/security/cve/CVE-2021-30720
https://access.redhat.com/security/cve/CVE-2021-30734
https://access.redhat.com/security/cve/CVE-2021-30744
https://access.redhat.com/security/cve/CVE-2021-30749
https://access.redhat.com/security/cve/CVE-2021-30758
https://access.redhat.com/security/cve/CVE-2021-30795
https://access.redhat.com/security/cve/CVE-2021-30797
https://access.redhat.com/security/cve/CVE-2021-30799
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. Summary:
The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate
Kubernetes resources, persistent volume data, and internal container images
between OpenShift Container Platform clusters, using the MTC web console or
the Kubernetes API.
Security Fix(es):
* mig-controller: incorrect namespaces handling may lead to not authorized
usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
2019088 - "MigrationController" CR displays syntax error when unquiescing applications
2021666 - Route name longer than 63 characters causes direct volume migration to fail
2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes
2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)
2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image
2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console
2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout
2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error
2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource
2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef"
5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202104-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebkitGTK+: Multiple vulnerabilities
Date: April 30, 2021
Bugs: #770793, #773193
ID: 202104-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebkitGTK+, the worst of
which could result in the arbitrary execution of code.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from
hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.30.6 >= 2.30.6
Description
===========
Multiple vulnerabilities have been discovered in WebkitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.30.6"
References
==========
[ 1 ] CVE-2020-13558
https://nvd.nist.gov/vuln/detail/CVE-2020-13558
[ 2 ] CVE-2020-27918
https://nvd.nist.gov/vuln/detail/CVE-2020-27918
[ 3 ] CVE-2020-29623
https://nvd.nist.gov/vuln/detail/CVE-2020-29623
[ 4 ] CVE-2020-9947
https://nvd.nist.gov/vuln/detail/CVE-2020-9947
[ 5 ] CVE-2021-1765
https://nvd.nist.gov/vuln/detail/CVE-2021-1765
[ 6 ] CVE-2021-1789
https://nvd.nist.gov/vuln/detail/CVE-2021-1789
[ 7 ] CVE-2021-1799
https://nvd.nist.gov/vuln/detail/CVE-2021-1799
[ 8 ] CVE-2021-1801
https://nvd.nist.gov/vuln/detail/CVE-2021-1801
[ 9 ] CVE-2021-1870
https://nvd.nist.gov/vuln/detail/CVE-2021-1870
[ 10 ] WSA-2021-0001
https://webkitgtk.org/security/WSA-2021-0001.html
[ 11 ] WSA-2021-0002
https://webkitgtk.org/security/WSA-2021-0002.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202104-03
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2021 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. ==========================================================================
Ubuntu Security Notice USN-4894-1
March 29, 2021
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in WebKitGTK.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK Web and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
libjavascriptcoregtk-4.0-18 2.30.6-0ubuntu0.20.10.1
libwebkit2gtk-4.0-37 2.30.6-0ubuntu0.20.10.1
Ubuntu 20.04 LTS:
libjavascriptcoregtk-4.0-18 2.30.6-0ubuntu0.20.04.1
libwebkit2gtk-4.0-37 2.30.6-0ubuntu0.20.04.1
Ubuntu 18.04 LTS:
libjavascriptcoregtk-4.0-18 2.30.6-0ubuntu0.18.04.1
libwebkit2gtk-4.0-37 2.30.6-0ubuntu0.18.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2
iOS 14.2 and iPadOS 14.2 are now available and address the following
issues. Information about the security content is also available at
https://support.apple.com/HT211929.
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
Audio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab
CallKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A user may answer two calls simultaneously without indication
they have answered a second call
Description: An issue existed in the handling of incoming calls.
CVE-2020-27925: Nick Tangri
CoreAudio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Security Light-Year Lab
CoreAudio
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27909: Anonymous working with Trend Micro Zero Day
Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year
Lab
Crash Reporter
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local attacker may be able to elevate their privileges
Description: An issue existed within the path validation logic for
symlinks.
CVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan
FontParser
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution. Apple is aware of reports that an exploit for this
issue exists in the wild.
CVE-2020-27930: Google Project Zero
FontParser
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab
Foundation
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to read arbitrary files
Description: A logic issue was addressed with improved state
management.
CVE-2020-10002: James Hutchins
ImageIO
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab
IOAcceleratorFamily
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-27905: Mohamed Ghannam (@_simo36)
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to disclose kernel
memory. Apple is aware of reports that an exploit for this issue
exists in the wild.
CVE-2020-27950: Google Project Zero
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-9974: Tommy Muir (@Muirey03)
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-10016: Alex Helie
Kernel
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges. Apple is aware of reports that an exploit for
this issue exists in the wild.
CVE-2020-27932: Google Project Zero
Keyboard
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A person with physical access to an iOS device may be able to
access stored passwords without authentication
Description: An authentication issue was addressed with improved
state management.
CVE-2020-27902: Connor Ford (@connorford2)
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27917: found by OSS-Fuzz
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-27911: found by OSS-Fuzz
libxml2
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27926: found by OSS-Fuzz
Logging
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local attacker may be able to elevate their privileges
Description: A path handling issue was addressed with improved
validation.
CVE-2020-10010: Tommy Muir (@Muirey03)
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-10004: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-13524: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-10011: Aleksandar Nikolic of Cisco Talos
WebKit
Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27918: an anonymous researcher
Safari
We would like to acknowledge Gabriel Corona for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.2 and iPadOS 14.2".
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+khmUACgkQZcsbuWJ6
jjA/cxAArQHJ0PJZVPQ5gF3071ZxAlwu7iHuphiiYzM9JYskEJYymSxaRxm3mPaK
sT+1znbSDecwZLwFM5Luepkk3DHuj2sFRMZvYDfVvxvCvCob2b5ZQTsjfAimxemz
nrGFcZp/fRGSu1vG1l/wZRta3J6n1WogIvYw+belthcnJHjJ+KThmXL/iDOTRXev
KgS2K94G6tRAkgIUPuuLFnnrxHNyplzhECJXe55YBnkZxGcOBg0ZF7itF8F4q9sQ
TtnfgGxgKbkxXXGKID/ihgByEOI1iSSiiCMsKm2OoltaCB1kcOuT0PwuygRBZaDA
j+HdamnxBErgsQeTvaJPRlIEJFJgVrmr8/nHfKqxNSpF2LxDK+NTXQqo4iAHjy0j
QN4vmKueIN2j6IQmey3zwlkpao8Wg0mYNt9auWHC/S3aNCFVCEKLwUC9e74Ckbzk
5kWpUgtQsUdZDkHZRfPhEntB69KFGfaBAv+fZNewtnsVtoiqx8uxSDCsS8FY6qZL
X/wb2BKgqqmKfketffhihTKGKbBd045tyfjPd1Bodp753U6SKnhPMIQ283uHglEc
auWTj5YBeFtszLYaDvNi4DMci5olBd6n61kuSt8W+hy9vGPIREfPihsZFSGOwB53
ItcJGAqRgwlUEy4O3HUVugUXIJ3qhoHhV+SPaKcWomW3pJgzpg8=
=9YuD
-----END PGP SIGNATURE-----
.
CVE-2020-29623
Simon Hunt discovered that users may be unable to fully delete
their browsing history under some circumstances.
CVE-2021-1799
Gregory Vishnepolsky, Ben Seri and Samy Kamkar discovered that a
malicious website may be able to access restricted ports on
arbitrary servers.
For the stable distribution (buster), these problems have been fixed in
version 2.30.6-1~deb10u1.
We recommend that you upgrade your webkit2gtk packages
| VAR-202012-0007 | CVE-2020-10011 | plural Apple Out-of-bounds read vulnerability in product |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. This vulnerability number has been assigned, and the vulnerability details will be updated soon. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-12-14-4 Additional information for
APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1
macOS Big Sur 11.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT211931.
AMD
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-27914: Yu Wang of Didi Research America
CVE-2020-27915: Yu Wang of Didi Research America
Entry added December 14, 2020
App Store
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable
code.
CVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab
Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab
Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab
Bluetooth
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause unexpected application
termination or heap corruption
Description: Multiple integer overflows were addressed with improved
input validation.
CVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
CoreAudio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27908: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
CVE-2020-27909: Anonymous working with Trend Micro Zero Day
Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year
Lab
CVE-2020-9960: JunDong Xie and XingWei Lin of Ant Security Light-Year
Lab
Entry added December 14, 2020
CoreAudio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Security Light-Year Lab
CoreCapture
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9949: Proteas
CoreGraphics
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro
Crash Reporter
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local attacker may be able to elevate their privileges
Description: An issue existed within the path validation logic for
symlinks.
CVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan
CoreText
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-27922: Mickey Jin of Trend Micro
Entry added December 14, 2020
CoreText
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9999: Apple
Entry updated December 14, 2020
Disk Images
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9965: Proteas
CVE-2020-9966: Proteas
Finder
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Users may be unable to remove metadata indicating where files
were downloaded from
Description: The issue was addressed with additional user controls.
CVE-2020-27894: Manuel Trezza of Shuggr (shuggr.com)
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-9962: Yiğit Can YILMAZ (@yilmazcanyigit)
Entry added December 14, 2020
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of
Trend Micro
Entry added December 14, 2020
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile
Security Research Team working with Trend Micro’s Zero Day Initiative
Entry added December 14, 2020
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files.
CVE-2020-27931: Apple
Entry added December 14, 2020
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution. Apple is aware of reports that an exploit for this
issue exists in the wild.
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-27930: Google Project Zero
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab
Foundation
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local user may be able to read arbitrary files
Description: A logic issue was addressed with improved state
management.
CVE-2020-10002: James Hutchins
HomeKit
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An attacker in a privileged network position may be able to
unexpectedly alter application state
Description: This issue was addressed with improved setting
propagation.
CVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana
University Bloomington, Yan Jia of Xidian University and University
of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University
of Science and Technology
Entry added December 14, 2020
ImageIO
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9955: Mickey Jin of Trend Micro, Xingwei Lin of Ant Security
Light-Year Lab
Entry added December 14, 2020
ImageIO
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27924: Lei Sun
Entry added December 14, 2020
ImageIO
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab
CVE-2020-27923: Lei Sun
Entry updated December 14, 2020
ImageIO
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9876: Mickey Jin of Trend Micro
Intel Graphics Driver
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
CVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc.,
and Luyi Xing of Indiana University Bloomington
Entry added December 14, 2020
Intel Graphics Driver
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
Entry added December 14, 2020
Image Processing
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei
Lin of Ant Security Light-Year Lab
Entry added December 14, 2020
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2020-9967: Alex Plaskett (@alexjplaskett)
Entry added December 14, 2020
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9975: Tielei Wang of Pangu Lab
Entry added December 14, 2020
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed with improved state
handling.
CVE-2020-27921: Linus Henze (pinauten.de)
Entry added December 14, 2020
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue existed resulting in memory corruption.
CVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqong
Security Lab
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An attacker in a privileged network position may be able to
inject into active connections within a VPN tunnel
Description: A routing issue was addressed with improved
restrictions.
CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R.
Crandall
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to disclose kernel
memory. Apple is aware of reports that an exploit for this issue
exists in the wild.
Description: A memory initialization issue was addressed.
CVE-2020-27950: Google Project Zero
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-9974: Tommy Muir (@Muirey03)
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-10016: Alex Helie
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges. Apple is aware of reports that an exploit for
this issue exists in the wild.
Description: A type confusion issue was addressed with improved state
handling.
CVE-2020-27932: Google Project Zero
libxml2
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27917: found by OSS-Fuzz
CVE-2020-27920: found by OSS-Fuzz
Entry updated December 14, 2020
libxml2
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-27911: found by OSS-Fuzz
libxpc
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved validation.
CVE-2020-9971: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Entry added December 14, 2020
libxpc
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to break out of its
sandbox
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Logging
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local attacker may be able to elevate their privileges
Description: A path handling issue was addressed with improved
validation.
CVE-2020-10010: Tommy Muir (@Muirey03)
Mail
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to unexpectedly alter
application state
Description: This issue was addressed with improved checks.
CVE-2020-9941: Fabian Ising of FH Münster University of Applied
Sciences and Damian Poddebniak of FH Münster University of Applied
Sciences
Messages
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local user may be able to discover a user’s deleted
messages
Description: The issue was addressed with improved deletion.
CVE-2020-9988: William Breuer of the Netherlands
CVE-2020-9989: von Brunn Media
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-10011: Aleksandar Nikolic of Cisco Talos
Entry added December 14, 2020
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-13524: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-10004: Aleksandar Nikolic of Cisco Talos
NetworkExtension
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to elevate privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and
Mickey Jin of Trend Micro
NSRemoteView
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved restrictions.
CVE-2020-27901: Thijs Alkemade of Computest Research Division
Entry added December 14, 2020
NSRemoteView
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to preview files it does
not have access to
Description: An issue existed in the handling of snapshots. The issue
was resolved with improved permissions logic.
CVE-2020-27900: Thijs Alkemade of Computest Research Division
PCRE
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Multiple issues in pcre
Description: Multiple issues were addressed by updating to version
8.44.
CVE-2019-20838
CVE-2020-14155
Power Management
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-10007: singi@theori working with Trend Micro Zero Day
Initiative
python
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Cookies belonging to one origin may be sent to another origin
Description: Multiple issues were addressed with improved logic.
CVE-2020-27896: an anonymous researcher
Quick Look
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious app may be able to determine the existence of
files on the computer
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security
Quick Look
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted document may lead to a cross
site scripting attack
Description: An access issue was addressed with improved access
restrictions.
CVE-2020-10012: Heige of KnownSec 404 Team
(https://www.knownsec.com/) and Bo Qu of Palo Alto Networks
(https://www.paloaltonetworks.com/)
Ruby
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to modify the file system
Description: A path handling issue was addressed with improved
validation.
CVE-2020-27896: an anonymous researcher
Ruby
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: When parsing certain JSON documents, the json gem can be
coerced into creating arbitrary objects in the target system
Description: This issue was addressed with improved checks.
CVE-2020-10663: Jeremy Evans
Safari
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A spoofing issue existed in the handling of URLs.
CVE-2020-9945: Narendra Bhati From Suma Soft Pvt. Ltd. Pune (India)
@imnarendrabhati
Safari
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to determine a user's
open tabs in Safari
Description: A validation issue existed in the entitlement
verification.
CVE-2020-9977: Josh Parnham (@joshparnham)
Safari
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2020-9942: an anonymous researcher, Rahul d Kankrale
(servicenger.com), Rayyan Bijoora (@Bijoora) of The City School, PAF
Chapter, Ruilin Yang of Tencent Security Xuanwu Lab, YoKo Kho
(@YoKoAcc) of PT Telekomunikasi Indonesia (Persero) Tbk, Zhiyang
Zeng(@Wester) of OPPO ZIWU Security Lab
Sandbox
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local user may be able to view senstive user information
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-9969: Wojciech Reguła of SecuRing (wojciechregula.blog)
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-9991
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to leak memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9849
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating SQLite to
version 3.32.3.
CVE-2020-15358
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A maliciously crafted SQL query may lead to data corruption
Description: This issue was addressed with improved checks.
CVE-2020-13631
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-13434
CVE-2020-13435
CVE-2020-9991
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-13630
Symptom Framework
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local attacker may be able to elevate their privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27899: 08Tc3wBB working with ZecOps
Entry added December 14, 2020
System Preferences
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved state
management.
CVE-2020-10009: Thijs Alkemade of Computest Research Division
TCC
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application with root privileges may be able to
access private information
Description: A logic issue was addressed with improved restrictions.
CVE-2020-10008: Wojciech Reguła of SecuRing (wojciechregula.blog)
Entry added December 14, 2020
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27918: Liu Long of Ant Security Light-Year Lab
Entry updated December 14, 2020
Wi-Fi
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An attacker may be able to bypass Managed Frame Protection
Description: A denial of service issue was addressed with improved
state handling.
CVE-2020-27898: Stephan Marais of University of Johannesburg
Xsan
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to access restricted
files
Description: This issue was addressed with improved entitlements.
CVE-2020-10006: Wojciech Reguła (@_r3ggi) of SecuRing
Additional recognition
802.1X
We would like to acknowledge Kenana Dalle of Hamad bin Khalifa
University and Ryan Riley of Carnegie Mellon University in Qatar for
their assistance.
Entry added December 14, 2020
Audio
We would like to acknowledge JunDong Xie and XingWei Lin of Ant-
financial Light-Year Security Lab, an anonymous researcher for their
assistance.
Bluetooth
We would like to acknowledge Andy Davis of NCC Group, Dennis Heinze
(@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their
assistance.
Entry updated December 14, 2020
Clang
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Core Location
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
Crash Reporter
We would like to acknowledge Artur Byszko of AFINE for their
assistance.
Entry added December 14, 2020
Directory Utility
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.
iAP
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero,
Stephen Röttger of Google for their assistance.
libxml2
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added December 14, 2020
Login Window
We would like to acknowledge Rob Morton of Leidos for their
assistance.
Photos Storage
We would like to acknowledge Paulos Yibelo of LimeHats for their
assistance.
Quick Look
We would like to acknowledge Csaba Fitzl (@theevilbit) and Wojciech
Reguła of SecuRing (wojciechregula.blog) for their assistance.
Safari
We would like to acknowledge Gabriel Corona and Narendra Bhati From
Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati for their
assistance.
Security
We would like to acknowledge Christian Starkjohann of Objective
Development Software GmbH for their assistance.
System Preferences
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl/YDPwACgkQZcsbuWJ6
jjANmhAAoj+ZHNnH2pGDFl2/jrAtvWBtXg8mqw6NtNbGqWDZFhnY5q7Lp8WTx/Pi
x64A4F8bU5xcybnmaDpK5PMwAAIiAg4g1BhpOq3pGyeHEasNx7D9damfqFGKiivS
p8nl62XE74ayfxdZGa+2tOVFTFwqixfr0aALVoQUhAWNeYuvVSgJXlgdGjj+QSL+
9vW86kbQypOqT5TPDg6tpJy3g5s4hotkfzCfxA9mIKOg5e/nnoRNhw0c1dzfeTRO
INzGxnajKGGYy2C3MH6t0cKG0B6cH7aePZCHYJ1jmuAVd0SD3PfmoT76DeRGC4Ri
c8fGD+5pvSF6/+5E+MbH3t3D6bLiCGRFJtYNMpr46gUKKt27EonSiheYCP9xR6lU
ChpYdcgHMOHX4a07/Oo8vEwQrtJ4JryhI9tfBel1ewdSoxk2iCFKzLLYkDMihD6B
1x/9MlaqEpLYBnuKkrRzFINW23TzFPTI/+i2SbUscRQtK0qE7Up5C+IUkRvBGhEs
MuEmEnn5spnVG2EBcKeLtJxtf/h5WaRFrev72EvSVR+Ko8Cj0MgK6IATu6saq8bV
kURL5empvpexFAvVQWRDaLgGBHKM+uArBz2OP6t7wFvD2p1Vq5M+dMrEPna1JO/S
AXZYC9Y9bBRZfYQAv7nxa+uIXy2rGTuQKQY8ldu4eEHtJ0OhaB8=
=T5Y8
-----END PGP SIGNATURE-----
.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.2 and iPadOS 14.2"
| VAR-202012-0014 | CVE-2020-10003 | plural Apple Product vulnerabilities related to symbolic link path validation logic |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges. plural Apple The product contains a vulnerability in the path validation logic of symbolic links due to a flaw in the path sanitization process.A local attacker could elevate privileges. Apple watchOS is a smart watch operating system developed by Apple (Apple).
Information about the security content is also available at
https://support.apple.com/HT211931.
AMD
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-27914: Yu Wang of Didi Research America
CVE-2020-27915: Yu Wang of Didi Research America
Entry added December 14, 2020
App Store
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable
code.
CVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab
Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab
Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab
Bluetooth
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause unexpected application
termination or heap corruption
Description: Multiple integer overflows were addressed with improved
input validation.
CVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
CoreAudio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27908: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
CVE-2020-27909: Anonymous working with Trend Micro Zero Day
Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year
Lab
CVE-2020-9960: JunDong Xie and XingWei Lin of Ant Security Light-Year
Lab
Entry added December 14, 2020
CoreAudio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Security Light-Year Lab
CoreCapture
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9949: Proteas
CoreGraphics
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro
Crash Reporter
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local attacker may be able to elevate their privileges
Description: An issue existed within the path validation logic for
symlinks.
CVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan
CoreText
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-27922: Mickey Jin of Trend Micro
Entry added December 14, 2020
CoreText
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9999: Apple
Entry updated December 14, 2020
Disk Images
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9965: Proteas
CVE-2020-9966: Proteas
Finder
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Users may be unable to remove metadata indicating where files
were downloaded from
Description: The issue was addressed with additional user controls.
CVE-2020-27894: Manuel Trezza of Shuggr (shuggr.com)
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-9962: Yiğit Can YILMAZ (@yilmazcanyigit)
Entry added December 14, 2020
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of
Trend Micro
Entry added December 14, 2020
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile
Security Research Team working with Trend Micro’s Zero Day Initiative
Entry added December 14, 2020
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files.
CVE-2020-27931: Apple
Entry added December 14, 2020
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution. Apple is aware of reports that an exploit for this
issue exists in the wild.
CVE-2020-27930: Google Project Zero
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab
Foundation
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local user may be able to read arbitrary files
Description: A logic issue was addressed with improved state
management.
CVE-2020-10002: James Hutchins
HomeKit
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An attacker in a privileged network position may be able to
unexpectedly alter application state
Description: This issue was addressed with improved setting
propagation.
CVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana
University Bloomington, Yan Jia of Xidian University and University
of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University
of Science and Technology
Entry added December 14, 2020
ImageIO
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9955: Mickey Jin of Trend Micro, Xingwei Lin of Ant Security
Light-Year Lab
Entry added December 14, 2020
ImageIO
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27924: Lei Sun
Entry added December 14, 2020
ImageIO
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab
CVE-2020-27923: Lei Sun
Entry updated December 14, 2020
ImageIO
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9876: Mickey Jin of Trend Micro
Intel Graphics Driver
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
CVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc.,
and Luyi Xing of Indiana University Bloomington
Entry added December 14, 2020
Intel Graphics Driver
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
Entry added December 14, 2020
Image Processing
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei
Lin of Ant Security Light-Year Lab
Entry added December 14, 2020
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2020-9967: Alex Plaskett (@alexjplaskett)
Entry added December 14, 2020
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9975: Tielei Wang of Pangu Lab
Entry added December 14, 2020
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed with improved state
handling.
CVE-2020-27921: Linus Henze (pinauten.de)
Entry added December 14, 2020
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue existed resulting in memory corruption.
CVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqong
Security Lab
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An attacker in a privileged network position may be able to
inject into active connections within a VPN tunnel
Description: A routing issue was addressed with improved
restrictions.
CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R.
Crandall
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to disclose kernel
memory. Apple is aware of reports that an exploit for this issue
exists in the wild.
CVE-2020-27950: Google Project Zero
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-9974: Tommy Muir (@Muirey03)
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-10016: Alex Helie
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges. Apple is aware of reports that an exploit for
this issue exists in the wild.
CVE-2020-27932: Google Project Zero
libxml2
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27917: found by OSS-Fuzz
CVE-2020-27920: found by OSS-Fuzz
Entry updated December 14, 2020
libxml2
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-27911: found by OSS-Fuzz
libxpc
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved validation.
CVE-2020-9971: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Entry added December 14, 2020
libxpc
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to break out of its
sandbox
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Logging
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local attacker may be able to elevate their privileges
Description: A path handling issue was addressed with improved
validation.
CVE-2020-10010: Tommy Muir (@Muirey03)
Mail
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to unexpectedly alter
application state
Description: This issue was addressed with improved checks.
CVE-2020-9941: Fabian Ising of FH Münster University of Applied
Sciences and Damian Poddebniak of FH Münster University of Applied
Sciences
Messages
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local user may be able to discover a user’s deleted
messages
Description: The issue was addressed with improved deletion.
CVE-2020-9988: William Breuer of the Netherlands
CVE-2020-9989: von Brunn Media
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-10011: Aleksandar Nikolic of Cisco Talos
Entry added December 14, 2020
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-13524: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-10004: Aleksandar Nikolic of Cisco Talos
NetworkExtension
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to elevate privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and
Mickey Jin of Trend Micro
NSRemoteView
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved restrictions.
CVE-2020-27901: Thijs Alkemade of Computest Research Division
Entry added December 14, 2020
NSRemoteView
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to preview files it does
not have access to
Description: An issue existed in the handling of snapshots.
CVE-2020-27900: Thijs Alkemade of Computest Research Division
PCRE
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Multiple issues in pcre
Description: Multiple issues were addressed by updating to version
8.44.
CVE-2019-20838
CVE-2020-14155
Power Management
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-10007: singi@theori working with Trend Micro Zero Day
Initiative
python
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Cookies belonging to one origin may be sent to another origin
Description: Multiple issues were addressed with improved logic.
CVE-2020-27896: an anonymous researcher
Quick Look
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious app may be able to determine the existence of
files on the computer
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security
Quick Look
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted document may lead to a cross
site scripting attack
Description: An access issue was addressed with improved access
restrictions.
CVE-2020-10012: Heige of KnownSec 404 Team
(https://www.knownsec.com/) and Bo Qu of Palo Alto Networks
(https://www.paloaltonetworks.com/)
Ruby
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to modify the file system
Description: A path handling issue was addressed with improved
validation.
CVE-2020-27896: an anonymous researcher
Ruby
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: When parsing certain JSON documents, the json gem can be
coerced into creating arbitrary objects in the target system
Description: This issue was addressed with improved checks.
CVE-2020-10663: Jeremy Evans
Safari
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A spoofing issue existed in the handling of URLs.
CVE-2020-9945: Narendra Bhati From Suma Soft Pvt. Ltd. Pune (India)
@imnarendrabhati
Safari
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to determine a user's
open tabs in Safari
Description: A validation issue existed in the entitlement
verification.
CVE-2020-9977: Josh Parnham (@joshparnham)
Safari
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2020-9942: an anonymous researcher, Rahul d Kankrale
(servicenger.com), Rayyan Bijoora (@Bijoora) of The City School, PAF
Chapter, Ruilin Yang of Tencent Security Xuanwu Lab, YoKo Kho
(@YoKoAcc) of PT Telekomunikasi Indonesia (Persero) Tbk, Zhiyang
Zeng(@Wester) of OPPO ZIWU Security Lab
Sandbox
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local user may be able to view senstive user information
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-9969: Wojciech Reguła of SecuRing (wojciechregula.blog)
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-9991
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to leak memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9849
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating SQLite to
version 3.32.3.
CVE-2020-15358
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A maliciously crafted SQL query may lead to data corruption
Description: This issue was addressed with improved checks.
CVE-2020-13631
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-13434
CVE-2020-13435
CVE-2020-9991
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-13630
Symptom Framework
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local attacker may be able to elevate their privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27899: 08Tc3wBB working with ZecOps
Entry added December 14, 2020
System Preferences
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved state
management.
CVE-2020-10009: Thijs Alkemade of Computest Research Division
TCC
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application with root privileges may be able to
access private information
Description: A logic issue was addressed with improved restrictions.
CVE-2020-10008: Wojciech Reguła of SecuRing (wojciechregula.blog)
Entry added December 14, 2020
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27918: Liu Long of Ant Security Light-Year Lab
Entry updated December 14, 2020
Wi-Fi
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An attacker may be able to bypass Managed Frame Protection
Description: A denial of service issue was addressed with improved
state handling.
CVE-2020-27898: Stephan Marais of University of Johannesburg
Xsan
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to access restricted
files
Description: This issue was addressed with improved entitlements.
CVE-2020-10006: Wojciech Reguła (@_r3ggi) of SecuRing
Additional recognition
802.1X
We would like to acknowledge Kenana Dalle of Hamad bin Khalifa
University and Ryan Riley of Carnegie Mellon University in Qatar for
their assistance.
Entry added December 14, 2020
Audio
We would like to acknowledge JunDong Xie and XingWei Lin of Ant-
financial Light-Year Security Lab, an anonymous researcher for their
assistance.
Bluetooth
We would like to acknowledge Andy Davis of NCC Group, Dennis Heinze
(@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their
assistance.
Entry updated December 14, 2020
Clang
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Core Location
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
Crash Reporter
We would like to acknowledge Artur Byszko of AFINE for their
assistance.
Entry added December 14, 2020
Directory Utility
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.
iAP
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero,
Stephen Röttger of Google for their assistance.
libxml2
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added December 14, 2020
Login Window
We would like to acknowledge Rob Morton of Leidos for their
assistance.
Photos Storage
We would like to acknowledge Paulos Yibelo of LimeHats for their
assistance.
Quick Look
We would like to acknowledge Csaba Fitzl (@theevilbit) and Wojciech
Reguła of SecuRing (wojciechregula.blog) for their assistance.
Safari
We would like to acknowledge Gabriel Corona and Narendra Bhati From
Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati for their
assistance.
Security
We would like to acknowledge Christian Starkjohann of Objective
Development Software GmbH for their assistance.
System Preferences
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl/YDPwACgkQZcsbuWJ6
jjANmhAAoj+ZHNnH2pGDFl2/jrAtvWBtXg8mqw6NtNbGqWDZFhnY5q7Lp8WTx/Pi
x64A4F8bU5xcybnmaDpK5PMwAAIiAg4g1BhpOq3pGyeHEasNx7D9damfqFGKiivS
p8nl62XE74ayfxdZGa+2tOVFTFwqixfr0aALVoQUhAWNeYuvVSgJXlgdGjj+QSL+
9vW86kbQypOqT5TPDg6tpJy3g5s4hotkfzCfxA9mIKOg5e/nnoRNhw0c1dzfeTRO
INzGxnajKGGYy2C3MH6t0cKG0B6cH7aePZCHYJ1jmuAVd0SD3PfmoT76DeRGC4Ri
c8fGD+5pvSF6/+5E+MbH3t3D6bLiCGRFJtYNMpr46gUKKt27EonSiheYCP9xR6lU
ChpYdcgHMOHX4a07/Oo8vEwQrtJ4JryhI9tfBel1ewdSoxk2iCFKzLLYkDMihD6B
1x/9MlaqEpLYBnuKkrRzFINW23TzFPTI/+i2SbUscRQtK0qE7Up5C+IUkRvBGhEs
MuEmEnn5spnVG2EBcKeLtJxtf/h5WaRFrev72EvSVR+Ko8Cj0MgK6IATu6saq8bV
kURL5empvpexFAvVQWRDaLgGBHKM+uArBz2OP6t7wFvD2p1Vq5M+dMrEPna1JO/S
AXZYC9Y9bBRZfYQAv7nxa+uIXy2rGTuQKQY8ldu4eEHtJ0OhaB8=
=T5Y8
-----END PGP SIGNATURE-----
.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.2 and iPadOS 14.2"
| VAR-202012-0039 | CVE-2020-13524 | Pixar OpenUSD Buffer Error Vulnerability |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. Pixar OpenUSD Is vulnerable to a buffer error.Denial of service (DoS) It may be put into a state. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. This vulnerability number has been assigned, and the vulnerability details will be updated soon. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-12-14-4 Additional information for
APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1
macOS Big Sur 11.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT211931.
AMD
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-27914: Yu Wang of Didi Research America
CVE-2020-27915: Yu Wang of Didi Research America
Entry added December 14, 2020
App Store
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable
code.
CVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab
Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab
Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab
Bluetooth
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause unexpected application
termination or heap corruption
Description: Multiple integer overflows were addressed with improved
input validation.
CVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
CoreAudio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27908: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
CVE-2020-27909: Anonymous working with Trend Micro Zero Day
Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year
Lab
CVE-2020-9960: JunDong Xie and XingWei Lin of Ant Security Light-Year
Lab
Entry added December 14, 2020
CoreAudio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Security Light-Year Lab
CoreCapture
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9949: Proteas
CoreGraphics
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro
Crash Reporter
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local attacker may be able to elevate their privileges
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed with improved path sanitization.
CVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan
CoreText
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-27922: Mickey Jin of Trend Micro
Entry added December 14, 2020
CoreText
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9999: Apple
Entry updated December 14, 2020
Disk Images
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9965: Proteas
CVE-2020-9966: Proteas
Finder
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Users may be unable to remove metadata indicating where files
were downloaded from
Description: The issue was addressed with additional user controls.
CVE-2020-27894: Manuel Trezza of Shuggr (shuggr.com)
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-9962: Yiğit Can YILMAZ (@yilmazcanyigit)
Entry added December 14, 2020
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of
Trend Micro
Entry added December 14, 2020
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile
Security Research Team working with Trend Micro’s Zero Day Initiative
Entry added December 14, 2020
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed with improved input validation.
CVE-2020-27931: Apple
Entry added December 14, 2020
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution. Apple is aware of reports that an exploit for this
issue exists in the wild.
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-27930: Google Project Zero
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab
Foundation
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local user may be able to read arbitrary files
Description: A logic issue was addressed with improved state
management.
CVE-2020-10002: James Hutchins
HomeKit
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An attacker in a privileged network position may be able to
unexpectedly alter application state
Description: This issue was addressed with improved setting
propagation.
CVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana
University Bloomington, Yan Jia of Xidian University and University
of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University
of Science and Technology
Entry added December 14, 2020
ImageIO
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9955: Mickey Jin of Trend Micro, Xingwei Lin of Ant Security
Light-Year Lab
Entry added December 14, 2020
ImageIO
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27924: Lei Sun
Entry added December 14, 2020
ImageIO
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab
CVE-2020-27923: Lei Sun
Entry updated December 14, 2020
ImageIO
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9876: Mickey Jin of Trend Micro
Intel Graphics Driver
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
CVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc.,
and Luyi Xing of Indiana University Bloomington
Entry added December 14, 2020
Intel Graphics Driver
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
Entry added December 14, 2020
Image Processing
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei
Lin of Ant Security Light-Year Lab
Entry added December 14, 2020
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2020-9967: Alex Plaskett (@alexjplaskett)
Entry added December 14, 2020
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9975: Tielei Wang of Pangu Lab
Entry added December 14, 2020
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed with improved state
handling.
CVE-2020-27921: Linus Henze (pinauten.de)
Entry added December 14, 2020
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue existed resulting in memory corruption.
This was addressed with improved state management.
CVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqong
Security Lab
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An attacker in a privileged network position may be able to
inject into active connections within a VPN tunnel
Description: A routing issue was addressed with improved
restrictions.
CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R.
Crandall
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to disclose kernel
memory. Apple is aware of reports that an exploit for this issue
exists in the wild.
Description: A memory initialization issue was addressed.
CVE-2020-27950: Google Project Zero
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-9974: Tommy Muir (@Muirey03)
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-10016: Alex Helie
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges. Apple is aware of reports that an exploit for
this issue exists in the wild.
Description: A type confusion issue was addressed with improved state
handling.
CVE-2020-27932: Google Project Zero
libxml2
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27917: found by OSS-Fuzz
CVE-2020-27920: found by OSS-Fuzz
Entry updated December 14, 2020
libxml2
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-27911: found by OSS-Fuzz
libxpc
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved validation.
CVE-2020-9971: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Entry added December 14, 2020
libxpc
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to break out of its
sandbox
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Logging
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local attacker may be able to elevate their privileges
Description: A path handling issue was addressed with improved
validation.
CVE-2020-10010: Tommy Muir (@Muirey03)
Mail
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to unexpectedly alter
application state
Description: This issue was addressed with improved checks.
CVE-2020-9941: Fabian Ising of FH Münster University of Applied
Sciences and Damian Poddebniak of FH Münster University of Applied
Sciences
Messages
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local user may be able to discover a user’s deleted
messages
Description: The issue was addressed with improved deletion.
CVE-2020-9988: William Breuer of the Netherlands
CVE-2020-9989: von Brunn Media
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-10011: Aleksandar Nikolic of Cisco Talos
Entry added December 14, 2020
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-13524: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-10004: Aleksandar Nikolic of Cisco Talos
NetworkExtension
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to elevate privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and
Mickey Jin of Trend Micro
NSRemoteView
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved restrictions.
CVE-2020-27901: Thijs Alkemade of Computest Research Division
Entry added December 14, 2020
NSRemoteView
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to preview files it does
not have access to
Description: An issue existed in the handling of snapshots. The issue
was resolved with improved permissions logic.
CVE-2020-27900: Thijs Alkemade of Computest Research Division
PCRE
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Multiple issues in pcre
Description: Multiple issues were addressed by updating to version
8.44.
CVE-2019-20838
CVE-2020-14155
Power Management
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-10007: singi@theori working with Trend Micro Zero Day
Initiative
python
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Cookies belonging to one origin may be sent to another origin
Description: Multiple issues were addressed with improved logic.
CVE-2020-27896: an anonymous researcher
Quick Look
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious app may be able to determine the existence of
files on the computer
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security
Quick Look
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted document may lead to a cross
site scripting attack
Description: An access issue was addressed with improved access
restrictions.
CVE-2020-10012: Heige of KnownSec 404 Team
(https://www.knownsec.com/) and Bo Qu of Palo Alto Networks
(https://www.paloaltonetworks.com/)
Ruby
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to modify the file system
Description: A path handling issue was addressed with improved
validation.
CVE-2020-27896: an anonymous researcher
Ruby
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: When parsing certain JSON documents, the json gem can be
coerced into creating arbitrary objects in the target system
Description: This issue was addressed with improved checks.
CVE-2020-10663: Jeremy Evans
Safari
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A spoofing issue existed in the handling of URLs. This
issue was addressed with improved input validation.
CVE-2020-9945: Narendra Bhati From Suma Soft Pvt. Ltd. Pune (India)
@imnarendrabhati
Safari
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to determine a user's
open tabs in Safari
Description: A validation issue existed in the entitlement
verification. This issue was addressed with improved validation of
the process entitlement.
CVE-2020-9977: Josh Parnham (@joshparnham)
Safari
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2020-9942: an anonymous researcher, Rahul d Kankrale
(servicenger.com), Rayyan Bijoora (@Bijoora) of The City School, PAF
Chapter, Ruilin Yang of Tencent Security Xuanwu Lab, YoKo Kho
(@YoKoAcc) of PT Telekomunikasi Indonesia (Persero) Tbk, Zhiyang
Zeng(@Wester) of OPPO ZIWU Security Lab
Sandbox
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local user may be able to view senstive user information
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-9969: Wojciech Reguła of SecuRing (wojciechregula.blog)
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-9991
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to leak memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9849
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating SQLite to
version 3.32.3.
CVE-2020-15358
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A maliciously crafted SQL query may lead to data corruption
Description: This issue was addressed with improved checks.
CVE-2020-13631
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-13434
CVE-2020-13435
CVE-2020-9991
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-13630
Symptom Framework
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local attacker may be able to elevate their privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27899: 08Tc3wBB working with ZecOps
Entry added December 14, 2020
System Preferences
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved state
management.
CVE-2020-10009: Thijs Alkemade of Computest Research Division
TCC
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application with root privileges may be able to
access private information
Description: A logic issue was addressed with improved restrictions.
CVE-2020-10008: Wojciech Reguła of SecuRing (wojciechregula.blog)
Entry added December 14, 2020
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27918: Liu Long of Ant Security Light-Year Lab
Entry updated December 14, 2020
Wi-Fi
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An attacker may be able to bypass Managed Frame Protection
Description: A denial of service issue was addressed with improved
state handling.
CVE-2020-27898: Stephan Marais of University of Johannesburg
Xsan
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to access restricted
files
Description: This issue was addressed with improved entitlements.
CVE-2020-10006: Wojciech Reguła (@_r3ggi) of SecuRing
Additional recognition
802.1X
We would like to acknowledge Kenana Dalle of Hamad bin Khalifa
University and Ryan Riley of Carnegie Mellon University in Qatar for
their assistance.
Entry added December 14, 2020
Audio
We would like to acknowledge JunDong Xie and XingWei Lin of Ant-
financial Light-Year Security Lab, an anonymous researcher for their
assistance.
Bluetooth
We would like to acknowledge Andy Davis of NCC Group, Dennis Heinze
(@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their
assistance.
Entry updated December 14, 2020
Clang
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Core Location
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
Crash Reporter
We would like to acknowledge Artur Byszko of AFINE for their
assistance.
Entry added December 14, 2020
Directory Utility
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.
iAP
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero,
Stephen Röttger of Google for their assistance.
libxml2
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added December 14, 2020
Login Window
We would like to acknowledge Rob Morton of Leidos for their
assistance.
Photos Storage
We would like to acknowledge Paulos Yibelo of LimeHats for their
assistance.
Quick Look
We would like to acknowledge Csaba Fitzl (@theevilbit) and Wojciech
Reguła of SecuRing (wojciechregula.blog) for their assistance.
Safari
We would like to acknowledge Gabriel Corona and Narendra Bhati From
Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati for their
assistance.
Security
We would like to acknowledge Christian Starkjohann of Objective
Development Software GmbH for their assistance.
System Preferences
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl/YDPwACgkQZcsbuWJ6
jjANmhAAoj+ZHNnH2pGDFl2/jrAtvWBtXg8mqw6NtNbGqWDZFhnY5q7Lp8WTx/Pi
x64A4F8bU5xcybnmaDpK5PMwAAIiAg4g1BhpOq3pGyeHEasNx7D9damfqFGKiivS
p8nl62XE74ayfxdZGa+2tOVFTFwqixfr0aALVoQUhAWNeYuvVSgJXlgdGjj+QSL+
9vW86kbQypOqT5TPDg6tpJy3g5s4hotkfzCfxA9mIKOg5e/nnoRNhw0c1dzfeTRO
INzGxnajKGGYy2C3MH6t0cKG0B6cH7aePZCHYJ1jmuAVd0SD3PfmoT76DeRGC4Ri
c8fGD+5pvSF6/+5E+MbH3t3D6bLiCGRFJtYNMpr46gUKKt27EonSiheYCP9xR6lU
ChpYdcgHMOHX4a07/Oo8vEwQrtJ4JryhI9tfBel1ewdSoxk2iCFKzLLYkDMihD6B
1x/9MlaqEpLYBnuKkrRzFINW23TzFPTI/+i2SbUscRQtK0qE7Up5C+IUkRvBGhEs
MuEmEnn5spnVG2EBcKeLtJxtf/h5WaRFrev72EvSVR+Ko8Cj0MgK6IATu6saq8bV
kURL5empvpexFAvVQWRDaLgGBHKM+uArBz2OP6t7wFvD2p1Vq5M+dMrEPna1JO/S
AXZYC9Y9bBRZfYQAv7nxa+uIXy2rGTuQKQY8ldu4eEHtJ0OhaB8=
=T5Y8
-----END PGP SIGNATURE-----
.
CVE-2020-27941: shrek_wzw
AppleMobileFileIntegrity
Available for: macOS Big Sur 11.0.1
Impact: A malicious application may be able to bypass Privacy
preferences
Description: This issue was addressed with improved checks. working with Trend Micro Zero Day
Initiative
CVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc.
CVE-2020-27921: Linus Henze (pinauten.de)
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: A malicious application may cause unexpected changes in
memory belonging to processes traced by DTrace
Description: This issue was addressed with improved checks to prevent
unauthorized actions.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.2 and iPadOS 14.2"
| VAR-202012-0013 | CVE-2020-10002 | plural Apple Product Logic vulnerability in |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A local user may be able to read arbitrary files. plural Apple Product Contains a logic vulnerability due to a flaw in state management.Any file can be read by a local user.
CVE-2020-27941: shrek_wzw
AppleMobileFileIntegrity
Available for: macOS Big Sur 11.0.1
Impact: A malicious application may be able to bypass Privacy
preferences
Description: This issue was addressed with improved checks. working with Trend Micro Zero Day
Initiative
CVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc.
CVE-2020-27921: Linus Henze (pinauten.de)
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS
Big Sur 11.0.1
Impact: A malicious application may cause unexpected changes in
memory belonging to processes traced by DTrace
Description: This issue was addressed with improved checks to prevent
unauthorized actions. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-12-14-4 Additional information for
APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1
macOS Big Sur 11.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT211931.
AMD
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-27914: Yu Wang of Didi Research America
CVE-2020-27915: Yu Wang of Didi Research America
Entry added December 14, 2020
App Store
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable
code.
CVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab
Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab
Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab
Bluetooth
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause unexpected application
termination or heap corruption
Description: Multiple integer overflows were addressed with improved
input validation.
CVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
CoreAudio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27908: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
CVE-2020-27909: Anonymous working with Trend Micro Zero Day
Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year
Lab
CVE-2020-9960: JunDong Xie and XingWei Lin of Ant Security Light-Year
Lab
Entry added December 14, 2020
CoreAudio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Security Light-Year Lab
CoreCapture
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9949: Proteas
CoreGraphics
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro
Crash Reporter
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local attacker may be able to elevate their privileges
Description: An issue existed within the path validation logic for
symlinks.
CVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan
CoreText
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-27922: Mickey Jin of Trend Micro
Entry added December 14, 2020
CoreText
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9999: Apple
Entry updated December 14, 2020
Disk Images
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9965: Proteas
CVE-2020-9966: Proteas
Finder
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Users may be unable to remove metadata indicating where files
were downloaded from
Description: The issue was addressed with additional user controls.
CVE-2020-27894: Manuel Trezza of Shuggr (shuggr.com)
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-9962: Yiğit Can YILMAZ (@yilmazcanyigit)
Entry added December 14, 2020
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of
Trend Micro
Entry added December 14, 2020
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile
Security Research Team working with Trend Micro’s Zero Day Initiative
Entry added December 14, 2020
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files.
CVE-2020-27931: Apple
Entry added December 14, 2020
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution. Apple is aware of reports that an exploit for this
issue exists in the wild.
CVE-2020-27930: Google Project Zero
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab
Foundation
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local user may be able to read arbitrary files
Description: A logic issue was addressed with improved state
management.
CVE-2020-10002: James Hutchins
HomeKit
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An attacker in a privileged network position may be able to
unexpectedly alter application state
Description: This issue was addressed with improved setting
propagation.
CVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana
University Bloomington, Yan Jia of Xidian University and University
of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University
of Science and Technology
Entry added December 14, 2020
ImageIO
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9955: Mickey Jin of Trend Micro, Xingwei Lin of Ant Security
Light-Year Lab
Entry added December 14, 2020
ImageIO
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27924: Lei Sun
Entry added December 14, 2020
ImageIO
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab
CVE-2020-27923: Lei Sun
Entry updated December 14, 2020
ImageIO
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9876: Mickey Jin of Trend Micro
Intel Graphics Driver
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
CVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc.,
and Luyi Xing of Indiana University Bloomington
Entry added December 14, 2020
Intel Graphics Driver
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
Entry added December 14, 2020
Image Processing
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei
Lin of Ant Security Light-Year Lab
Entry added December 14, 2020
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2020-9967: Alex Plaskett (@alexjplaskett)
Entry added December 14, 2020
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9975: Tielei Wang of Pangu Lab
Entry added December 14, 2020
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed with improved state
handling.
CVE-2020-27921: Linus Henze (pinauten.de)
Entry added December 14, 2020
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue existed resulting in memory corruption.
CVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqong
Security Lab
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An attacker in a privileged network position may be able to
inject into active connections within a VPN tunnel
Description: A routing issue was addressed with improved
restrictions.
CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R.
Crandall
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to disclose kernel
memory. Apple is aware of reports that an exploit for this issue
exists in the wild.
CVE-2020-27950: Google Project Zero
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-9974: Tommy Muir (@Muirey03)
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-10016: Alex Helie
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges. Apple is aware of reports that an exploit for
this issue exists in the wild.
CVE-2020-27932: Google Project Zero
libxml2
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27917: found by OSS-Fuzz
CVE-2020-27920: found by OSS-Fuzz
Entry updated December 14, 2020
libxml2
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-27911: found by OSS-Fuzz
libxpc
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved validation.
CVE-2020-9971: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Entry added December 14, 2020
libxpc
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to break out of its
sandbox
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Logging
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local attacker may be able to elevate their privileges
Description: A path handling issue was addressed with improved
validation.
CVE-2020-10010: Tommy Muir (@Muirey03)
Mail
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to unexpectedly alter
application state
Description: This issue was addressed with improved checks.
CVE-2020-9941: Fabian Ising of FH Münster University of Applied
Sciences and Damian Poddebniak of FH Münster University of Applied
Sciences
Messages
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local user may be able to discover a user’s deleted
messages
Description: The issue was addressed with improved deletion.
CVE-2020-9988: William Breuer of the Netherlands
CVE-2020-9989: von Brunn Media
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-10011: Aleksandar Nikolic of Cisco Talos
Entry added December 14, 2020
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-13524: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-10004: Aleksandar Nikolic of Cisco Talos
NetworkExtension
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to elevate privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and
Mickey Jin of Trend Micro
NSRemoteView
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved restrictions.
CVE-2020-27901: Thijs Alkemade of Computest Research Division
Entry added December 14, 2020
NSRemoteView
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to preview files it does
not have access to
Description: An issue existed in the handling of snapshots.
CVE-2020-27900: Thijs Alkemade of Computest Research Division
PCRE
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Multiple issues in pcre
Description: Multiple issues were addressed by updating to version
8.44.
CVE-2019-20838
CVE-2020-14155
Power Management
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-10007: singi@theori working with Trend Micro Zero Day
Initiative
python
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Cookies belonging to one origin may be sent to another origin
Description: Multiple issues were addressed with improved logic.
CVE-2020-27896: an anonymous researcher
Quick Look
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious app may be able to determine the existence of
files on the computer
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security
Quick Look
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted document may lead to a cross
site scripting attack
Description: An access issue was addressed with improved access
restrictions.
CVE-2020-10012: Heige of KnownSec 404 Team
(https://www.knownsec.com/) and Bo Qu of Palo Alto Networks
(https://www.paloaltonetworks.com/)
Ruby
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to modify the file system
Description: A path handling issue was addressed with improved
validation.
CVE-2020-27896: an anonymous researcher
Ruby
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: When parsing certain JSON documents, the json gem can be
coerced into creating arbitrary objects in the target system
Description: This issue was addressed with improved checks.
CVE-2020-10663: Jeremy Evans
Safari
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A spoofing issue existed in the handling of URLs.
CVE-2020-9945: Narendra Bhati From Suma Soft Pvt. Ltd. Pune (India)
@imnarendrabhati
Safari
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to determine a user's
open tabs in Safari
Description: A validation issue existed in the entitlement
verification.
CVE-2020-9977: Josh Parnham (@joshparnham)
Safari
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2020-9942: an anonymous researcher, Rahul d Kankrale
(servicenger.com), Rayyan Bijoora (@Bijoora) of The City School, PAF
Chapter, Ruilin Yang of Tencent Security Xuanwu Lab, YoKo Kho
(@YoKoAcc) of PT Telekomunikasi Indonesia (Persero) Tbk, Zhiyang
Zeng(@Wester) of OPPO ZIWU Security Lab
Sandbox
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local user may be able to view senstive user information
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-9969: Wojciech Reguła of SecuRing (wojciechregula.blog)
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-9991
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to leak memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9849
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating SQLite to
version 3.32.3.
CVE-2020-15358
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A maliciously crafted SQL query may lead to data corruption
Description: This issue was addressed with improved checks.
CVE-2020-13631
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-13434
CVE-2020-13435
CVE-2020-9991
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-13630
Symptom Framework
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local attacker may be able to elevate their privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27899: 08Tc3wBB working with ZecOps
Entry added December 14, 2020
System Preferences
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved state
management.
CVE-2020-10009: Thijs Alkemade of Computest Research Division
TCC
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application with root privileges may be able to
access private information
Description: A logic issue was addressed with improved restrictions.
CVE-2020-10008: Wojciech Reguła of SecuRing (wojciechregula.blog)
Entry added December 14, 2020
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27918: Liu Long of Ant Security Light-Year Lab
Entry updated December 14, 2020
Wi-Fi
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An attacker may be able to bypass Managed Frame Protection
Description: A denial of service issue was addressed with improved
state handling.
CVE-2020-27898: Stephan Marais of University of Johannesburg
Xsan
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to access restricted
files
Description: This issue was addressed with improved entitlements.
CVE-2020-10006: Wojciech Reguła (@_r3ggi) of SecuRing
Additional recognition
802.1X
We would like to acknowledge Kenana Dalle of Hamad bin Khalifa
University and Ryan Riley of Carnegie Mellon University in Qatar for
their assistance.
Entry added December 14, 2020
Audio
We would like to acknowledge JunDong Xie and XingWei Lin of Ant-
financial Light-Year Security Lab, an anonymous researcher for their
assistance.
Bluetooth
We would like to acknowledge Andy Davis of NCC Group, Dennis Heinze
(@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their
assistance.
Entry updated December 14, 2020
Clang
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Core Location
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
Crash Reporter
We would like to acknowledge Artur Byszko of AFINE for their
assistance.
Entry added December 14, 2020
Directory Utility
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing
for their assistance.
iAP
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero,
Stephen Röttger of Google for their assistance.
libxml2
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added December 14, 2020
Login Window
We would like to acknowledge Rob Morton of Leidos for their
assistance.
Photos Storage
We would like to acknowledge Paulos Yibelo of LimeHats for their
assistance.
Quick Look
We would like to acknowledge Csaba Fitzl (@theevilbit) and Wojciech
Reguła of SecuRing (wojciechregula.blog) for their assistance.
Safari
We would like to acknowledge Gabriel Corona and Narendra Bhati From
Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati for their
assistance.
Security
We would like to acknowledge Christian Starkjohann of Objective
Development Software GmbH for their assistance.
System Preferences
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl/YDPwACgkQZcsbuWJ6
jjANmhAAoj+ZHNnH2pGDFl2/jrAtvWBtXg8mqw6NtNbGqWDZFhnY5q7Lp8WTx/Pi
x64A4F8bU5xcybnmaDpK5PMwAAIiAg4g1BhpOq3pGyeHEasNx7D9damfqFGKiivS
p8nl62XE74ayfxdZGa+2tOVFTFwqixfr0aALVoQUhAWNeYuvVSgJXlgdGjj+QSL+
9vW86kbQypOqT5TPDg6tpJy3g5s4hotkfzCfxA9mIKOg5e/nnoRNhw0c1dzfeTRO
INzGxnajKGGYy2C3MH6t0cKG0B6cH7aePZCHYJ1jmuAVd0SD3PfmoT76DeRGC4Ri
c8fGD+5pvSF6/+5E+MbH3t3D6bLiCGRFJtYNMpr46gUKKt27EonSiheYCP9xR6lU
ChpYdcgHMOHX4a07/Oo8vEwQrtJ4JryhI9tfBel1ewdSoxk2iCFKzLLYkDMihD6B
1x/9MlaqEpLYBnuKkrRzFINW23TzFPTI/+i2SbUscRQtK0qE7Up5C+IUkRvBGhEs
MuEmEnn5spnVG2EBcKeLtJxtf/h5WaRFrev72EvSVR+Ko8Cj0MgK6IATu6saq8bV
kURL5empvpexFAvVQWRDaLgGBHKM+uArBz2OP6t7wFvD2p1Vq5M+dMrEPna1JO/S
AXZYC9Y9bBRZfYQAv7nxa+uIXy2rGTuQKQY8ldu4eEHtJ0OhaB8=
=T5Y8
-----END PGP SIGNATURE-----
.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.2 and iPadOS 14.2"