VARIoT IoT vulnerabilities database
| VAR-202006-1643 | CVE-2020-9855 | macOS Catalina In symlinks Vulnerability of processing verification deficiency |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.5. A local attacker may be able to elevate their privileges. macOS Catalina Due to a flaw in the verification of symbolic links symlinks There is a processing verification vulnerability.A local attacker could elevate privileges. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. Find My is one of the components that supports tracking the location of Apple devices. A security vulnerability exists in the Find My component of Apple macOS Catalina versions prior to 10.15.5
| VAR-202006-1642 | CVE-2020-9852 | plural Apple Integer overflow vulnerability in product |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple macOS Catalina is a dedicated operating system developed for Mac computers. Kernel is one of the kernel components. Kernel components in several Apple products have security vulnerabilities. The following products and versions are affected: Apple iOS prior to 13.5; iPadOS prior to 13.5; macOS Catalina prior to 10.15.5; tvOS prior to 13.4.5; watchOS prior to 6.2.5
| VAR-202006-1641 | CVE-2020-9851 | macOS Catalina Access vulnerabilities in |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to modify protected parts of the file system. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. PackageKit is one of the open source application software suites, which is mainly used for the installation and upgrade of Linux software. A security vulnerability exists in the PackageKit component of Apple macOS Catalina versions prior to 10.15.5
| VAR-202006-1658 | CVE-2020-9813 | plural Apple Logic vulnerabilities in the product |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple macOS Catalina is a dedicated operating system developed for Mac computers. Kernel is one of the kernel components. Kernel components in several Apple products have security vulnerabilities. The following products and versions are affected: Apple iOS prior to 13.5; iPadOS prior to 13.5; macOS Catalina prior to 10.15.5; tvOS prior to 13.4.5; watchOS prior to 6.2.5.
CVE-2020-9842: Linus Henze (pinauten.de)
AppleUSBNetworking
Available for: macOS Catalina 10.15.4
Impact: Inserting a USB device that sends invalid messages may cause
a kernel panic
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9831: Yu Wang of Didi Research America
Calendar
Available for: macOS Catalina 10.15.4
Impact: Importing a maliciously crafted calendar invitation may
exfiltrate user information
Description: This issue was addressed with improved checks.
CVE-2020-9847: Zhuo Liang of Qihoo 360 Vulcan Team
Find My
Available for: macOS Catalina 10.15.4
Impact: A local attacker may be able to elevate their privileges
Description: A validation issue existed in the handling of symlinks.
CVE-2020-9809: Benjamin Randazzo (@____benjamin)
ksh
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A local user may be able to execute arbitrary shell commands
Description: An issue existed in the handling of environment
variables.
CVE-2019-14868
NSURL
Available for: macOS Mojave 10.14.6
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari
Description: An issue existed in the parsing of URLs.
CVE-2020-9825: Sreejith Krishnan R (@skr0x1C0)
Security
Available for: macOS Catalina 10.15.4
Impact: A file may be incorrectly rendered to execute JavaScript
Description: A validation issue was addressed with improved input
sanitization.
CVE-2020-9841: ABC Research s.r.o.
Installation note:
macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security
Update 2020-003 High Sierra may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJezZcfAAoJEAc+Lhnt8tDNIQYP/0YN+/T85WC7RJjAlRrUDduD
ZO0e76d2C1jNgZWsYmXnrEPwfRYAEPLcKgb/SxAlwlRNFqex9CNu2sD1aA3GZBIO
MaektARuncqh06rl8BjbakS4HQs675vUEjoJS9H2d0pq2dSEIjOtH1agJwtGIeNS
wHBFlUnQzI42hurYeq7fxRdiByf+Z3mKEBt6wlVtaWjqcMfG9sroj9H58RLiqSNm
VNfU4eZNPrG49kbTf4IC2JvvKg18hrUZqIcjbV/56+kPBl4+USIxh/5ECJHV/cDD
BEe64M2I1LiY0lq6neoOeHvBiiIvUq9EUW2PBnfcbo3V1D35mm6td+WnO3Buqo6f
EEkjfIwtq7fI10ZPYYjiUayrQyfqmM3x14JcxDsHzlerT6NNRTg3g2ls0seQK9Lt
8IDbkrseOR0JFukR1njC+cAk4RbDFue5cUJK6Js1nGvFwLN0kHFIhh9jFKgccgH7
bKSLDAdB+kSxBOshDDmYyNS+KRzXEWIsBU8ZbNAbRDANWqm4lcPffKWcG7zIdiMQ
JLUclRURf35AoFmJ0F1BZSRzFuHr1Dvh23SjNK7H9i/mD05+rY6esh5ZKco+6Yqe
pW/EOXEAs/J06xUytABH3SkFmQSzlIPuFrXa8qAskHhFp/E8yLehyefoY+AZJjal
sLrLBIOxQCTskSFoExP8
=2eah
-----END PGP SIGNATURE-----
.
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-05-26-1 iOS 13.5 and iPadOS 13.5
iOS 13.5 and iPadOS 13.5 address the following:
Accounts
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause a denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt
AirDrop
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause a denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2020-9826: Dor Hadad of Palo Alto Networks
AppleMobileFileIntegrity
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-9842: Linus Henze (pinauten.de)
Audio
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero
Day Initiative
Audio
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero
Day Initiative
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: An issue existed with the use of a PRNG with low
entropy.
CVE-2020-6616: Jörn Tillmanns (@matedealer) and Jiska Classen
(@naehrdine) of Secure Mobile Networking Lab
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9838: Dennis Heinze (@ttdennis) of TU Darmstadt, Secure
Mobile Networking Lab
CoreText
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted text message may lead to
application denial of service
Description: A validation issue was addressed with improved input
sanitization.
CVE-2020-9829: Aaron Perris (@aaronp613), an anonymous researcher, an
anonymous researcher, Carlos S Tech, Sam Menzies of Sam’s Lounge,
Sufiyan Gouri of Lovely Professional University, India, Suleman Hasan
Rathor of Arabic-Classroom.com
FaceTime
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A user’s video may not be paused in a FaceTime call if they
exit the FaceTime app while the call is ringing
Description: An issue existed in the pausing of FaceTime video.
CVE-2020-9835: Olivier Levesque (@olilevesque)
File System
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to modify the file system
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9820: Thijs Alkemade of Computest
FontParser
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend
Micro Zero Day Initiative
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3878: Samuel Groß of Google Project Zero
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9789: Wenchao Li of VARAS@IIE
CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab
IPSec
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9837: Thijs Alkemade of Computest
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to determine another
application's memory layout
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2020-9797: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A local user may be able to read kernel memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9811: Tielei Wang of Pangu Lab
CVE-2020-9812: Derrek (@derrekr6)
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A logic issue existed resulting in memory corruption.
CVE-2020-9813: Xinru Chi of Pangu Lab
CVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to determine kernel
memory layout
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9809: Benjamin Randazzo (@____benjamin)
Mail
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted mail message may lead to
heap corruption
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2020-9819: ZecOps.com
Mail
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted mail message may lead to
unexpected memory modification or application termination
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9818: ZecOps.com
Messages
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Users removed from an iMessage conversation may still be able
to alter state
Description: This issue was addressed with improved checks.
CVE-2020-9823: Suryansh Mansharamani, student of Community Middle
School, Plainsboro, New
Jersey
Notifications
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A person with physical access to an iOS device may be able to
view notification contents from the lockscreen
Description: An authorization issue was addressed with improved state
management.
CVE-2020-9848: Nima
Python
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-9793
Sandbox
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to bypass Privacy
preferences
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-9825: Sreejith Krishnan R (@skr0x1C0)
SQLite
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9794
System Preferences
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with improved state
handling.
CVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of
@SSLab_Gatech working with Trend Micro’s Zero Day Initiative
USB Audio
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A USB device may be able to cause a denial of service
Description: A validation issue was addressed with improved input
sanitization.
CVE-2020-9792: Andy Davis of NCC Group
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9805: an anonymous researcher
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9802: Samuel Groß of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of
@SSLab_Gatech working with Trend Micro’s Zero Day Initiative
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9843: Ryan Pickren (ryanpickren.com)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2020-9803: Wen Xu of SSLab at Georgia Tech
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9806: Wen Xu of SSLab at Georgia Tech
CVE-2020-9807: Wen Xu of SSLab at Georgia Tech
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro
Zero Day Initiative
WebRTC
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: An access issue was addressed with improved memory
management.
CVE-2019-20503: Natalie Silvanovich of Google Project Zero
Wi-Fi
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A double free issue was addressed with improved memory
management.
CVE-2020-9844: Ian Beer of Google Project Zero
zsh
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A local attacker may be able to elevate their privileges
Description: An authorization issue was addressed with improved state
management.
CVE-2019-20044: Sam Foxman
Additional recognition
Bluetooth
We would like to acknowledge Maximilian von Tschitschnitz of
Technical University Munich and Ludwig Peuckert of Technical
University Munich for their assistance.
CoreText
We would like to acknowledge Jiska Classen (@naehrdine) and Dennis
Heinze (@ttdennis) of Secure Mobile Networking Lab for their
assistance.
Device Analytics
We would like to acknowledge Mohamed Ghannam (@_simo36) for their
assistance.
ImageIO
We would like to acknowledge Lei Sun for their assistance.
IOHIDFamily
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Safari
We would like to acknowledge Jeffball of GRIMM and Luke Walker of
Manchester Metropolitan University for their assistance.
WebKit
We would like to acknowledge Aidan Dunlap of UT Austin for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 13.5 and iPadOS 13.5".
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJezV7MAAoJEAc+Lhnt8tDNdWwP/2NnLRWvziY/ilvylDEczut+
xbSNg719ckFBtvkuXirQdsjfTmW3M/RJXUtjOmRDDEQB0IfmIRkrL49moDLeY0rB
tjrsoVQESwYwbnb0xNzC3Oqr0tP3hitxFUpkKd7L0opo5vWhshBwqzWEtLTPxI1X
T81DCpYiKDMB57bXgRV26QIFgQpHGXV/bMDCksVc12phempeEldP7t4dueDZy526
kWinK9jlwzViWwSmm5VK0t9IbemAZ56Ca829ZmrkT7XfLRyxw0rb+2f9VcQz/kNe
RziJ3RwF2WZTe7yJpz6LV5h3RMo+MoHdVbPCYmcYNPiaHGTMl1POZXkjDHBHCSBY
etboXOyZNOsnTMIVNwwXK/aGsKBz6kkfbWODS2omtz5oZjzGdZJLC/nFZC2GG13E
Pnb0E5ULmA95poi07gWTy31APilQXfAzGJEOebsvH5s2EZ9HcANqrwtonfHSjeOU
ZFH8xfnCTgO37ZgevrjdreD8SYRJR3QfEEf/DDNx2xXgr4wzydgvdyNCI1QpEz5s
PS3JQECoBM9SsgXv02mCkNlK1crEqoxYURjcN3UIPGx8GVxtyiWJoEByxAgTtqv8
RPSqKGvPrznR1SxVNrXB2o08X3LUqK0LREABpuD/wbp8Qj8ma2fo3hLpvdoc9+De
fSLSaEAmjBkF5c4r1O3P
=zOSS
-----END PGP SIGNATURE-----
| VAR-202006-1638 | CVE-2020-9847 | macOS Catalina Out-of-bounds read vulnerability in |
CVSS V2: 6.8 CVSS V3: 8.6 Severity: HIGH |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to break out of its sandbox. macOS Catalina Exists in an out-of-bounds read vulnerability due to a flaw in the handling of bounds checks.It can break the sandbox and run externally through a malicious application. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. DiskArbitration is one of the disk loading and unloading components. A buffer error vulnerability exists in the DiskArbitration component of Apple macOS Catalina prior to 10.15.5
| VAR-202006-1637 | CVE-2020-9844 | plural Apple Product double memory release vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
A double free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple macOS Catalina is a dedicated operating system developed for Mac computers. Wi-Fi is one of the wireless Internet access components. A resource management error vulnerability exists in the Wi-Fi component of Apple iOS versions prior to 13.5, iPadOS versions prior to 13.5, and macOS Catalina versions prior to 10.15.5
| VAR-202006-1635 | CVE-2020-9842 | plural Apple Product vulnerabilities |
CVSS V2: 5.8 CVSS V3: 7.1 Severity: HIGH |
An entitlement parsing issue was addressed with improved parsing. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application could interact with system processes to access private information and perform privileged actions. plural Apple The product contains unspecified vulnerabilities due to imperfect checks.Any entitlement may be used through the application. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple macOS Catalina is a dedicated operating system developed for Mac computers. AppleMobileFileIntegrity is one of the plugins with file integrity checking function. A security vulnerability exists in the AppleMobileFileIntegrity component of several Apple products. The following products and versions are affected: Apple macOS Catalina prior to 10.15.5; iOS prior to 13.5; iPadOS prior to 13.5; tvOS prior to 13.4.5; watchOS prior to 6.2.5
| VAR-202006-1634 | CVE-2020-9841 | macOS Catalina Integer overflow vulnerability in |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An integer overflow was addressed through improved input validation. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges. macOS Catalina Exists in an integer overflow vulnerability due to a flaw in input validation.Kernel privileges can be obtained and arbitrary code can be executed through the application. This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the SkyLight module. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. WindowServer is one of the application window display server components
| VAR-202006-1633 | CVE-2020-9839 | plural Apple Product Race Condition Vulnerabilities |
CVSS V2: 5.1 CVSS V3: 7.0 Severity: HIGH |
A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges. plural Apple The product is vulnerable to race conditions due to flawed state handling.Elevated privileges may be obtained through the application. This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of file permisions. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the root. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple macOS Catalina is a dedicated operating system developed for Mac computers. System Preferences is one of the System Preferences components. A race condition issue exists in the System Preferences component in several Apple products. An attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected: Apple iOS prior to 13.5; iPadOS prior to 13.5; macOS Catalina prior to 10.15.5; tvOS prior to 13.4.5; watchOS prior to 6.2.5
| VAR-202006-1631 | CVE-2020-9837 | iOS and iPadOS Out-of-bounds read vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. A remote attacker may be able to leak memory. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-05-26-4 tvOS 13.4.5
tvOS 13.4.5 addresses the following:
Accounts
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause a denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt
AppleMobileFileIntegrity
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-9842: Linus Henze (pinauten.de)
Audio
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero
Day Initiative
Audio
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero
Day Initiative
CoreText
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted text message may lead to
application denial of service
Description: A validation issue was addressed with improved input
sanitization.
CVE-2020-9829: Aaron Perris (@aaronp613), an anonymous researcher, an
anonymous researcher, Carlos S Tech, Sam Menzies of Sam’s Lounge,
Sufiyan Gouri of Lovely Professional University, India, Suleman Hasan
Rathor of Arabic-Classroom.com
FontParser
Available for: Apple TV 4K and Apple TV HD
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend
Micro Zero Day Initiative
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3878: Samuel Groß of Google Project Zero
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9789: Wenchao Li of VARAS@IIE
CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab
IPSec
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9837: Thijs Alkemade of Computest
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to determine another
application's memory layout
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2020-9797: an anonymous researcher
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A local user may be able to read kernel memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9811: Tielei Wang of Pangu Lab
CVE-2020-9812: Derrek (@derrekr6)
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A logic issue existed resulting in memory corruption.
CVE-2020-9813: Xinru Chi of Pangu Lab
CVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to determine kernel
memory layout
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9809: Benjamin Randazzo (@____benjamin)
Python
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-9793
SQLite
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9794
System Preferences
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with improved state
handling.
CVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of
@SSLab_Gatech working with Trend Micro’s Zero Day Initiative
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9805: an anonymous researcher
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9802: Samuel Groß of Google Project Zero
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of
@SSLab_Gatech working with Trend Micro’s Zero Day Initiative
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9843: Ryan Pickren (ryanpickren.com)
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2020-9803: Wen Xu of SSLab at Georgia Tech
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9806: Wen Xu of SSLab at Georgia Tech
CVE-2020-9807: Wen Xu of SSLab at Georgia Tech
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro
Zero Day Initiative
WebRTC
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: An access issue was addressed with improved memory
management.
CVE-2019-20503: Natalie Silvanovich of Google Project Zero
zsh
Available for: Apple TV 4K and Apple TV HD
Impact: A local attacker may be able to elevate their privileges
Description: An authorization issue was addressed with improved state
management.
CVE-2019-20044: Sam Foxman
Additional recognition
CoreText
We would like to acknowledge Jiska Classen (@naehrdine) and Dennis
Heinze (@ttdennis) of Secure Mobile Networking Lab for their
assistance.
ImageIO
We would like to acknowledge Lei Sun for their assistance.
IOHIDFamily
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Safari
We would like to acknowledge Luke Walker of Manchester Metropolitan
University for their assistance.
WebKit
We would like to acknowledge Aidan Dunlap of UT Austin for their
assistance.
Installation note:
Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software."
To check the current version of software, select
"Settings -> General -> About."
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJezV7eAAoJEAc+Lhnt8tDNGUEQAIqcHvrOcVu90wELj4q9d2Z/
LwyOmEKZu0s5QO5d2XuusXQig7etS+hQg4y4IEBc6+FbeHQ6geksjn4CEs0y1hs2
cIQHtXqOes5QRZx4joMGqC6rsS2U+DoSxtsxyKDrzhWCBJdz18JXG/5AdLQn9Zo4
QvUVVwNX61QiFGlUd5lL9QZWrh+FBxgilex7H9YpCVSzcTN5xcbe48zVjhpU/UFn
KKKRK15aTzGqhmJ1zhvYUVLal4tfWV52QzWNbUW2UlPGxFORNpYKXCmQILk8eQGj
FqIIjGrVcGYPnCDKbMfh24rEilYMzhDrQNg06uokgilPAUXC937lI88+G56Ayl9n
ABOK/i04ni1FrmGkwRf/VEW6WV7k3bpXi5UTUZZCplfk19PoH8MIk1wUZ8AzActr
lxK5DeHPKAG5Pl3dzkqKT8lQ/9aSozken7yQNz7AIo5Ib1ik88er4uu/SjV5CRka
e0t8tkoL8MLIpMqUUpt7j+HgqB/R8VBQ6lBK0Jds2NI84XWXRTHF7UeeVo/BYoTj
gdUqhL1B3vdIizxSemmbx70wVoHLU//JONHLJNE6dfGdNWeKHcqKfzZPbXo/4Hq/
ZDNj/cDOJTmChYqvG/Qi7AHlKACWpYMNnRsa6hMt99z24hdvPg2LP4ANf7Gi6Sq6
CnECyJL8Va3625vOipPF
=ceKY
-----END PGP SIGNATURE-----
| VAR-202006-1657 | CVE-2020-9812 | plural Apple Vulnerabilities that disclose information in products |
CVSS V2: 7.1 CVSS V3: 5.5 Severity: MEDIUM |
An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple macOS Catalina is a dedicated operating system developed for Mac computers. Kernel is one of the kernel components. Kernel components in several Apple products have security vulnerabilities. The following products and versions are affected: Apple iOS prior to 13.5; iPadOS prior to 13.5; macOS Catalina prior to 10.15.5; tvOS prior to 13.4.5; watchOS prior to 6.2.5.
CVE-2020-9842: Linus Henze (pinauten.de)
AppleUSBNetworking
Available for: macOS Catalina 10.15.4
Impact: Inserting a USB device that sends invalid messages may cause
a kernel panic
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9831: Yu Wang of Didi Research America
Calendar
Available for: macOS Catalina 10.15.4
Impact: Importing a maliciously crafted calendar invitation may
exfiltrate user information
Description: This issue was addressed with improved checks.
CVE-2020-9847: Zhuo Liang of Qihoo 360 Vulcan Team
Find My
Available for: macOS Catalina 10.15.4
Impact: A local attacker may be able to elevate their privileges
Description: A validation issue existed in the handling of symlinks.
CVE-2020-9809: Benjamin Randazzo (@____benjamin)
ksh
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A local user may be able to execute arbitrary shell commands
Description: An issue existed in the handling of environment
variables.
CVE-2019-14868
NSURL
Available for: macOS Mojave 10.14.6
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari
Description: An issue existed in the parsing of URLs.
CVE-2020-9825: Sreejith Krishnan R (@skr0x1C0)
Security
Available for: macOS Catalina 10.15.4
Impact: A file may be incorrectly rendered to execute JavaScript
Description: A validation issue was addressed with improved input
sanitization.
CVE-2020-9841: ABC Research s.r.o.
Installation note:
macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security
Update 2020-003 High Sierra may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJezZcfAAoJEAc+Lhnt8tDNIQYP/0YN+/T85WC7RJjAlRrUDduD
ZO0e76d2C1jNgZWsYmXnrEPwfRYAEPLcKgb/SxAlwlRNFqex9CNu2sD1aA3GZBIO
MaektARuncqh06rl8BjbakS4HQs675vUEjoJS9H2d0pq2dSEIjOtH1agJwtGIeNS
wHBFlUnQzI42hurYeq7fxRdiByf+Z3mKEBt6wlVtaWjqcMfG9sroj9H58RLiqSNm
VNfU4eZNPrG49kbTf4IC2JvvKg18hrUZqIcjbV/56+kPBl4+USIxh/5ECJHV/cDD
BEe64M2I1LiY0lq6neoOeHvBiiIvUq9EUW2PBnfcbo3V1D35mm6td+WnO3Buqo6f
EEkjfIwtq7fI10ZPYYjiUayrQyfqmM3x14JcxDsHzlerT6NNRTg3g2ls0seQK9Lt
8IDbkrseOR0JFukR1njC+cAk4RbDFue5cUJK6Js1nGvFwLN0kHFIhh9jFKgccgH7
bKSLDAdB+kSxBOshDDmYyNS+KRzXEWIsBU8ZbNAbRDANWqm4lcPffKWcG7zIdiMQ
JLUclRURf35AoFmJ0F1BZSRzFuHr1Dvh23SjNK7H9i/mD05+rY6esh5ZKco+6Yqe
pW/EOXEAs/J06xUytABH3SkFmQSzlIPuFrXa8qAskHhFp/E8yLehyefoY+AZJjal
sLrLBIOxQCTskSFoExP8
=2eah
-----END PGP SIGNATURE-----
.
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-05-26-1 iOS 13.5 and iPadOS 13.5
iOS 13.5 and iPadOS 13.5 address the following:
Accounts
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause a denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt
AirDrop
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause a denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2020-9826: Dor Hadad of Palo Alto Networks
AppleMobileFileIntegrity
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-9842: Linus Henze (pinauten.de)
Audio
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero
Day Initiative
Audio
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero
Day Initiative
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: An issue existed with the use of a PRNG with low
entropy.
CVE-2020-6616: Jörn Tillmanns (@matedealer) and Jiska Classen
(@naehrdine) of Secure Mobile Networking Lab
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9838: Dennis Heinze (@ttdennis) of TU Darmstadt, Secure
Mobile Networking Lab
CoreText
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted text message may lead to
application denial of service
Description: A validation issue was addressed with improved input
sanitization.
CVE-2020-9829: Aaron Perris (@aaronp613), an anonymous researcher, an
anonymous researcher, Carlos S Tech, Sam Menzies of Sam’s Lounge,
Sufiyan Gouri of Lovely Professional University, India, Suleman Hasan
Rathor of Arabic-Classroom.com
FaceTime
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A user’s video may not be paused in a FaceTime call if they
exit the FaceTime app while the call is ringing
Description: An issue existed in the pausing of FaceTime video.
CVE-2020-9835: Olivier Levesque (@olilevesque)
File System
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to modify the file system
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9820: Thijs Alkemade of Computest
FontParser
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend
Micro Zero Day Initiative
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3878: Samuel Groß of Google Project Zero
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9789: Wenchao Li of VARAS@IIE
CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab
IPSec
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9837: Thijs Alkemade of Computest
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to determine another
application's memory layout
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2020-9797: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A local user may be able to read kernel memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9811: Tielei Wang of Pangu Lab
CVE-2020-9812: Derrek (@derrekr6)
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A logic issue existed resulting in memory corruption.
CVE-2020-9813: Xinru Chi of Pangu Lab
CVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to determine kernel
memory layout
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9809: Benjamin Randazzo (@____benjamin)
Mail
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted mail message may lead to
heap corruption
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2020-9819: ZecOps.com
Mail
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted mail message may lead to
unexpected memory modification or application termination
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9818: ZecOps.com
Messages
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Users removed from an iMessage conversation may still be able
to alter state
Description: This issue was addressed with improved checks.
CVE-2020-9823: Suryansh Mansharamani, student of Community Middle
School, Plainsboro, New
Jersey
Notifications
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A person with physical access to an iOS device may be able to
view notification contents from the lockscreen
Description: An authorization issue was addressed with improved state
management.
CVE-2020-9848: Nima
Python
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-9793
Sandbox
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to bypass Privacy
preferences
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-9825: Sreejith Krishnan R (@skr0x1C0)
SQLite
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9794
System Preferences
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with improved state
handling.
CVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of
@SSLab_Gatech working with Trend Micro’s Zero Day Initiative
USB Audio
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A USB device may be able to cause a denial of service
Description: A validation issue was addressed with improved input
sanitization.
CVE-2020-9792: Andy Davis of NCC Group
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9805: an anonymous researcher
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9802: Samuel Groß of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of
@SSLab_Gatech working with Trend Micro’s Zero Day Initiative
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9843: Ryan Pickren (ryanpickren.com)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2020-9803: Wen Xu of SSLab at Georgia Tech
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9806: Wen Xu of SSLab at Georgia Tech
CVE-2020-9807: Wen Xu of SSLab at Georgia Tech
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro
Zero Day Initiative
WebRTC
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: An access issue was addressed with improved memory
management.
CVE-2019-20503: Natalie Silvanovich of Google Project Zero
Wi-Fi
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A double free issue was addressed with improved memory
management.
CVE-2020-9844: Ian Beer of Google Project Zero
zsh
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A local attacker may be able to elevate their privileges
Description: An authorization issue was addressed with improved state
management.
CVE-2019-20044: Sam Foxman
Additional recognition
Bluetooth
We would like to acknowledge Maximilian von Tschitschnitz of
Technical University Munich and Ludwig Peuckert of Technical
University Munich for their assistance.
CoreText
We would like to acknowledge Jiska Classen (@naehrdine) and Dennis
Heinze (@ttdennis) of Secure Mobile Networking Lab for their
assistance.
Device Analytics
We would like to acknowledge Mohamed Ghannam (@_simo36) for their
assistance.
ImageIO
We would like to acknowledge Lei Sun for their assistance.
IOHIDFamily
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Safari
We would like to acknowledge Jeffball of GRIMM and Luke Walker of
Manchester Metropolitan University for their assistance.
WebKit
We would like to acknowledge Aidan Dunlap of UT Austin for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 13.5 and iPadOS 13.5".
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJezV7MAAoJEAc+Lhnt8tDNdWwP/2NnLRWvziY/ilvylDEczut+
xbSNg719ckFBtvkuXirQdsjfTmW3M/RJXUtjOmRDDEQB0IfmIRkrL49moDLeY0rB
tjrsoVQESwYwbnb0xNzC3Oqr0tP3hitxFUpkKd7L0opo5vWhshBwqzWEtLTPxI1X
T81DCpYiKDMB57bXgRV26QIFgQpHGXV/bMDCksVc12phempeEldP7t4dueDZy526
kWinK9jlwzViWwSmm5VK0t9IbemAZ56Ca829ZmrkT7XfLRyxw0rb+2f9VcQz/kNe
RziJ3RwF2WZTe7yJpz6LV5h3RMo+MoHdVbPCYmcYNPiaHGTMl1POZXkjDHBHCSBY
etboXOyZNOsnTMIVNwwXK/aGsKBz6kkfbWODS2omtz5oZjzGdZJLC/nFZC2GG13E
Pnb0E5ULmA95poi07gWTy31APilQXfAzGJEOebsvH5s2EZ9HcANqrwtonfHSjeOU
ZFH8xfnCTgO37ZgevrjdreD8SYRJR3QfEEf/DDNx2xXgr4wzydgvdyNCI1QpEz5s
PS3JQECoBM9SsgXv02mCkNlK1crEqoxYURjcN3UIPGx8GVxtyiWJoEByxAgTtqv8
RPSqKGvPrznR1SxVNrXB2o08X3LUqK0LREABpuD/wbp8Qj8ma2fo3hLpvdoc9+De
fSLSaEAmjBkF5c4r1O3P
=zOSS
-----END PGP SIGNATURE-----
| VAR-202006-1629 | CVE-2020-9834 | macOS Catalina Memory Corruption Vulnerability in |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. Wi-Fi is one of the wireless Internet access components
| VAR-202006-1627 | CVE-2020-9832 | macOS Catalina Out-of-bounds read vulnerability in |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to determine kernel memory layout. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. Wi-Fi is one of the wireless Internet access components. A security vulnerability exists in the Wi-Fi component of Apple macOS Catalina versions prior to 10.15.5
| VAR-202006-1628 | CVE-2020-9833 | macOS Catalina Memory initialization vulnerability in |
CVSS V2: 4.9 CVSS V3: 5.5 Severity: MEDIUM |
A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.5. A local user may be able to read kernel memory. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. Wi-Fi is one of the wireless Internet access components. A security vulnerability exists in the Wi-Fi component of Apple macOS Catalina versions prior to 10.15.5
| VAR-202006-1626 | CVE-2020-9831 | macOS Catalina Out-of-bounds read vulnerability in |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to determine kernel memory layout. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. Bluetooth is one of the Bluetooth components. A buffer error vulnerability exists in the Bluetooth component of Apple macOS Catalina prior to 10.15.5
| VAR-202006-1625 | CVE-2020-9830 | macOS Catalina Memory Corruption Vulnerability in |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. Wi-Fi is one of the wireless Internet access components
| VAR-202006-1622 | CVE-2020-9826 | plural Apple Service operation interruption in the product (DoS) Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause a denial of service. macOS Catalina , iOS , iPadOS Interferes with service operation due to inadequate processing related to input confirmation (DoS) Vulnerability exists.Service operation disrupted by a remote attacker (DoS) It may be put into a state. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple macOS Catalina is a dedicated operating system developed for Mac computers. AirDrop is one of the wireless file transfer components. A security vulnerability exists in the AirDrop component of Apple macOS Catalina versions prior to 10.15.5, iOS versions prior to 13.5, and iPadOS versions prior to 13.5. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-05-26-3 macOS Catalina 10.15.5, Security Update
2020-003 Mojave, Security Update 2020-003 High Sierra
macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security
Update 2020-003 High Sierra are now available and address the
following:
Accounts
Available for: macOS Catalina 10.15.4
Impact: A remote attacker may be able to cause a denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2020-9826: Dor Hadad of Palo Alto Networks
AppleMobileFileIntegrity
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-9842: Linus Henze (pinauten.de)
AppleUSBNetworking
Available for: macOS Catalina 10.15.4
Impact: Inserting a USB device that sends invalid messages may cause
a kernel panic
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9804: Andy Davis of NCC Group
Audio
Available for: macOS Catalina 10.15.4
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero
Day Initiative
Audio
Available for: macOS Catalina 10.15.4
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero
Day Initiative
Bluetooth
Available for: macOS Catalina 10.15.4
Impact: A malicious application may be able to determine kernel
memory layout
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9831: Yu Wang of Didi Research America
Calendar
Available for: macOS Catalina 10.15.4
Impact: Importing a maliciously crafted calendar invitation may
exfiltrate user information
Description: This issue was addressed with improved checks.
CVE-2020-3882: Andy Grant of NCC Group
CVMS
Available for: macOS Catalina 10.15.4
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed with improved checks.
CVE-2020-9856: @jinmo123, @setuid0x0_, and @insu_yun_en of
@SSLab_Gatech working with Trend Micro’s Zero Day Initiative
DiskArbitration
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to break out of its
sandbox
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9847: Zhuo Liang of Qihoo 360 Vulcan Team
Find My
Available for: macOS Catalina 10.15.4
Impact: A local attacker may be able to elevate their privileges
Description: A validation issue existed in the handling of symlinks.
CVE-2020-9855: Zhongcheng Li(CK01) of Topsec Alpha Team
FontParser
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend
Micro Zero Day Initiative
ImageIO
Available for: macOS Catalina 10.15.4
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3878: Samuel Groß of Google Project Zero
ImageIO
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9789: Wenchao Li of VARAS@IIE
CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab
Intel Graphics Driver
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9822: ABC Research s.r.o
IPSec
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9837: Thijs Alkemade of Computest
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to determine another
application's memory layout
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2020-9797: an anonymous researcher
Kernel
Available for: macOS Catalina 10.15.4
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A local user may be able to read kernel memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9811: Tielei Wang of Pangu Lab
CVE-2020-9812: Derrek (@derrekr6)
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A logic issue existed resulting in memory corruption.
CVE-2020-9813: Xinru Chi of Pangu Lab
CVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to determine kernel
memory layout
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9809: Benjamin Randazzo (@____benjamin)
ksh
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A local user may be able to execute arbitrary shell commands
Description: An issue existed in the handling of environment
variables.
CVE-2019-14868
NSURL
Available for: macOS Mojave 10.14.6
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari
Description: An issue existed in the parsing of URLs.
CVE-2020-9857: Dlive of Tencent Security Xuanwu Lab
PackageKit
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to gain root privileges
Description: A permissions issue existed.
CVE-2020-9817: Andy Grant of NCC Group
PackageKit
Available for: macOS Catalina 10.15.4
Impact: A malicious application may be able to modify protected parts
of the file system
Description: An access issue was addressed with improved access
restrictions.
CVE-2020-9851: Linus Henze (pinauten.de)
Python
Available for: macOS Catalina 10.15.4
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-9793
Sandbox
Available for: macOS Catalina 10.15.4
Impact: A malicious application may be able to bypass Privacy
preferences
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-9825: Sreejith Krishnan R (@skr0x1C0)
Security
Available for: macOS Catalina 10.15.4
Impact: A file may be incorrectly rendered to execute JavaScript
Description: A validation issue was addressed with improved input
sanitization.
CVE-2020-9788: Wojciech Reguła of SecuRing
(https://wojciechregula.blog)
SIP
Available for: macOS Catalina 10.15.4
Impact: A non-privileged user may be able to modify restricted
network settings
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9824: Csaba Fitzl (@theevilbit) of Offensive Security
SQLite
Available for: macOS Catalina 10.15.4
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9794
System Preferences
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with improved state
handling.
CVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of
@SSLab_Gatech working with Trend Micro’s Zero Day Initiative
USB Audio
Available for: macOS Catalina 10.15.4
Impact: A USB device may be able to cause a denial of service
Description: A validation issue was addressed with improved input
sanitization.
CVE-2020-9792: Andy Davis of NCC Group
Wi-Fi
Available for: macOS Catalina 10.15.4
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A double free issue was addressed with improved memory
management.
CVE-2020-9844: Ian Beer of Google Project Zero
Wi-Fi
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9830: Tielei Wang of Pangu Lab
Wi-Fi
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-9834: Yu Wang of Didi Research America
Wi-Fi
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-9833: Yu Wang of Didi Research America
Wi-Fi
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to determine kernel
memory layout
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9832: Yu Wang of Didi Research America
WindowServer
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-9841: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
zsh
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A local attacker may be able to elevate their privileges
Description: An authorization issue was addressed with improved state
management.
CVE-2019-20044: Sam Foxman
Additional recognition
CoreBluetooth
We would like to acknowledge Maximilian von Tschitschnitz of
Technical University Munich and Ludwig Peuckert of Technical
University Munich for their assistance.
CoreText
We would like to acknowledge Jiska Classen (@naehrdine) and Dennis
Heinze (@ttdennis) of Secure Mobile Networking Lab for their
assistance.
Endpoint Security
We would like to acknowledge an anonymous researcher for their
assistance.
ImageIO
We would like to acknowledge Lei Sun for their assistance.
IOHIDFamily
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
IPSec
We would like to acknowledge Thijs Alkemade of Computest for their
assistance.
Login Window
We would like to acknowledge Jon Morby and an anonymous researcher
for their assistance.
Sandbox
We would like to acknowledge Jason L Lang of Optum for their
assistance.
Spotlight
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
Installation note:
macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security
Update 2020-003 High Sierra may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJezZcfAAoJEAc+Lhnt8tDNIQYP/0YN+/T85WC7RJjAlRrUDduD
ZO0e76d2C1jNgZWsYmXnrEPwfRYAEPLcKgb/SxAlwlRNFqex9CNu2sD1aA3GZBIO
MaektARuncqh06rl8BjbakS4HQs675vUEjoJS9H2d0pq2dSEIjOtH1agJwtGIeNS
wHBFlUnQzI42hurYeq7fxRdiByf+Z3mKEBt6wlVtaWjqcMfG9sroj9H58RLiqSNm
VNfU4eZNPrG49kbTf4IC2JvvKg18hrUZqIcjbV/56+kPBl4+USIxh/5ECJHV/cDD
BEe64M2I1LiY0lq6neoOeHvBiiIvUq9EUW2PBnfcbo3V1D35mm6td+WnO3Buqo6f
EEkjfIwtq7fI10ZPYYjiUayrQyfqmM3x14JcxDsHzlerT6NNRTg3g2ls0seQK9Lt
8IDbkrseOR0JFukR1njC+cAk4RbDFue5cUJK6Js1nGvFwLN0kHFIhh9jFKgccgH7
bKSLDAdB+kSxBOshDDmYyNS+KRzXEWIsBU8ZbNAbRDANWqm4lcPffKWcG7zIdiMQ
JLUclRURf35AoFmJ0F1BZSRzFuHr1Dvh23SjNK7H9i/mD05+rY6esh5ZKco+6Yqe
pW/EOXEAs/J06xUytABH3SkFmQSzlIPuFrXa8qAskHhFp/E8yLehyefoY+AZJjal
sLrLBIOxQCTskSFoExP8
=2eah
-----END PGP SIGNATURE-----
| VAR-202006-1621 | CVE-2020-9825 | plural Apple Access vulnerabilities in products |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A malicious application may be able to bypass Privacy preferences. macOS Catalina , iOS , iPadOS Is vulnerable to access due to a flawed sandbox restriction.It is possible to circumvent privacy preferences through malicious applications. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple macOS Catalina is a dedicated operating system developed for Mac computers. Sandbox is one of the sandbox components. A security vulnerability exists in the Sandbox component in Apple iOS versions prior to 13.5, iPadOS versions prior to 13.5, and macOS Catalina versions prior to 10.15.5. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-05-26-3 macOS Catalina 10.15.5, Security Update
2020-003 Mojave, Security Update 2020-003 High Sierra
macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security
Update 2020-003 High Sierra are now available and address the
following:
Accounts
Available for: macOS Catalina 10.15.4
Impact: A remote attacker may be able to cause a denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt
AirDrop
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A remote attacker may be able to cause a denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2020-9826: Dor Hadad of Palo Alto Networks
AppleMobileFileIntegrity
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-9842: Linus Henze (pinauten.de)
AppleUSBNetworking
Available for: macOS Catalina 10.15.4
Impact: Inserting a USB device that sends invalid messages may cause
a kernel panic
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9804: Andy Davis of NCC Group
Audio
Available for: macOS Catalina 10.15.4
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero
Day Initiative
Audio
Available for: macOS Catalina 10.15.4
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero
Day Initiative
Bluetooth
Available for: macOS Catalina 10.15.4
Impact: A malicious application may be able to determine kernel
memory layout
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9831: Yu Wang of Didi Research America
Calendar
Available for: macOS Catalina 10.15.4
Impact: Importing a maliciously crafted calendar invitation may
exfiltrate user information
Description: This issue was addressed with improved checks.
CVE-2020-3882: Andy Grant of NCC Group
CVMS
Available for: macOS Catalina 10.15.4
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed with improved checks.
CVE-2020-9856: @jinmo123, @setuid0x0_, and @insu_yun_en of
@SSLab_Gatech working with Trend Micro’s Zero Day Initiative
DiskArbitration
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to break out of its
sandbox
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9847: Zhuo Liang of Qihoo 360 Vulcan Team
Find My
Available for: macOS Catalina 10.15.4
Impact: A local attacker may be able to elevate their privileges
Description: A validation issue existed in the handling of symlinks.
CVE-2020-9855: Zhongcheng Li(CK01) of Topsec Alpha Team
FontParser
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend
Micro Zero Day Initiative
ImageIO
Available for: macOS Catalina 10.15.4
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3878: Samuel Groß of Google Project Zero
ImageIO
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9789: Wenchao Li of VARAS@IIE
CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab
Intel Graphics Driver
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9822: ABC Research s.r.o
IPSec
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9837: Thijs Alkemade of Computest
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to determine another
application's memory layout
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2020-9797: an anonymous researcher
Kernel
Available for: macOS Catalina 10.15.4
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A local user may be able to read kernel memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9811: Tielei Wang of Pangu Lab
CVE-2020-9812: Derrek (@derrekr6)
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A logic issue existed resulting in memory corruption.
This was addressed with improved state management.
CVE-2020-9813: Xinru Chi of Pangu Lab
CVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to determine kernel
memory layout
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9809: Benjamin Randazzo (@____benjamin)
ksh
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A local user may be able to execute arbitrary shell commands
Description: An issue existed in the handling of environment
variables.
CVE-2019-14868
NSURL
Available for: macOS Mojave 10.14.6
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari
Description: An issue existed in the parsing of URLs.
CVE-2020-9857: Dlive of Tencent Security Xuanwu Lab
PackageKit
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to gain root privileges
Description: A permissions issue existed.
CVE-2020-9817: Andy Grant of NCC Group
PackageKit
Available for: macOS Catalina 10.15.4
Impact: A malicious application may be able to modify protected parts
of the file system
Description: An access issue was addressed with improved access
restrictions.
CVE-2020-9851: Linus Henze (pinauten.de)
Python
Available for: macOS Catalina 10.15.4
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-9825: Sreejith Krishnan R (@skr0x1C0)
Security
Available for: macOS Catalina 10.15.4
Impact: A file may be incorrectly rendered to execute JavaScript
Description: A validation issue was addressed with improved input
sanitization.
CVE-2020-9788: Wojciech Reguła of SecuRing
(https://wojciechregula.blog)
SIP
Available for: macOS Catalina 10.15.4
Impact: A non-privileged user may be able to modify restricted
network settings
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9824: Csaba Fitzl (@theevilbit) of Offensive Security
SQLite
Available for: macOS Catalina 10.15.4
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9794
System Preferences
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with improved state
handling.
CVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of
@SSLab_Gatech working with Trend Micro’s Zero Day Initiative
USB Audio
Available for: macOS Catalina 10.15.4
Impact: A USB device may be able to cause a denial of service
Description: A validation issue was addressed with improved input
sanitization.
CVE-2020-9792: Andy Davis of NCC Group
Wi-Fi
Available for: macOS Catalina 10.15.4
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A double free issue was addressed with improved memory
management.
CVE-2020-9844: Ian Beer of Google Project Zero
Wi-Fi
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9830: Tielei Wang of Pangu Lab
Wi-Fi
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-9834: Yu Wang of Didi Research America
Wi-Fi
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-9833: Yu Wang of Didi Research America
Wi-Fi
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to determine kernel
memory layout
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9832: Yu Wang of Didi Research America
WindowServer
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-9841: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
zsh
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A local attacker may be able to elevate their privileges
Description: An authorization issue was addressed with improved state
management.
CVE-2019-20044: Sam Foxman
Additional recognition
CoreBluetooth
We would like to acknowledge Maximilian von Tschitschnitz of
Technical University Munich and Ludwig Peuckert of Technical
University Munich for their assistance.
CoreText
We would like to acknowledge Jiska Classen (@naehrdine) and Dennis
Heinze (@ttdennis) of Secure Mobile Networking Lab for their
assistance.
Endpoint Security
We would like to acknowledge an anonymous researcher for their
assistance.
ImageIO
We would like to acknowledge Lei Sun for their assistance.
IOHIDFamily
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
IPSec
We would like to acknowledge Thijs Alkemade of Computest for their
assistance.
Login Window
We would like to acknowledge Jon Morby and an anonymous researcher
for their assistance.
Sandbox
We would like to acknowledge Jason L Lang of Optum for their
assistance.
Spotlight
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
Installation note:
macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security
Update 2020-003 High Sierra may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJezZcfAAoJEAc+Lhnt8tDNIQYP/0YN+/T85WC7RJjAlRrUDduD
ZO0e76d2C1jNgZWsYmXnrEPwfRYAEPLcKgb/SxAlwlRNFqex9CNu2sD1aA3GZBIO
MaektARuncqh06rl8BjbakS4HQs675vUEjoJS9H2d0pq2dSEIjOtH1agJwtGIeNS
wHBFlUnQzI42hurYeq7fxRdiByf+Z3mKEBt6wlVtaWjqcMfG9sroj9H58RLiqSNm
VNfU4eZNPrG49kbTf4IC2JvvKg18hrUZqIcjbV/56+kPBl4+USIxh/5ECJHV/cDD
BEe64M2I1LiY0lq6neoOeHvBiiIvUq9EUW2PBnfcbo3V1D35mm6td+WnO3Buqo6f
EEkjfIwtq7fI10ZPYYjiUayrQyfqmM3x14JcxDsHzlerT6NNRTg3g2ls0seQK9Lt
8IDbkrseOR0JFukR1njC+cAk4RbDFue5cUJK6Js1nGvFwLN0kHFIhh9jFKgccgH7
bKSLDAdB+kSxBOshDDmYyNS+KRzXEWIsBU8ZbNAbRDANWqm4lcPffKWcG7zIdiMQ
JLUclRURf35AoFmJ0F1BZSRzFuHr1Dvh23SjNK7H9i/mD05+rY6esh5ZKco+6Yqe
pW/EOXEAs/J06xUytABH3SkFmQSzlIPuFrXa8qAskHhFp/E8yLehyefoY+AZJjal
sLrLBIOxQCTskSFoExP8
=2eah
-----END PGP SIGNATURE-----
| VAR-202006-1620 | CVE-2020-9824 | macOS Catalina Logic vulnerabilities in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. A non-privileged user may be able to modify restricted network settings. macOS Catalina Exists in a logic vulnerability due to a flaw in the processing of restrictions.Unprivileged users may change your restricted network settings. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. SIP is one of the System Integrity Protection components. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-05-26-3 macOS Catalina 10.15.5, Security Update
2020-003 Mojave, Security Update 2020-003 High Sierra
macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security
Update 2020-003 High Sierra are now available and address the
following:
Accounts
Available for: macOS Catalina 10.15.4
Impact: A remote attacker may be able to cause a denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt
AirDrop
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A remote attacker may be able to cause a denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2020-9826: Dor Hadad of Palo Alto Networks
AppleMobileFileIntegrity
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-9842: Linus Henze (pinauten.de)
AppleUSBNetworking
Available for: macOS Catalina 10.15.4
Impact: Inserting a USB device that sends invalid messages may cause
a kernel panic
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9804: Andy Davis of NCC Group
Audio
Available for: macOS Catalina 10.15.4
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero
Day Initiative
Audio
Available for: macOS Catalina 10.15.4
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero
Day Initiative
Bluetooth
Available for: macOS Catalina 10.15.4
Impact: A malicious application may be able to determine kernel
memory layout
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9831: Yu Wang of Didi Research America
Calendar
Available for: macOS Catalina 10.15.4
Impact: Importing a maliciously crafted calendar invitation may
exfiltrate user information
Description: This issue was addressed with improved checks.
CVE-2020-3882: Andy Grant of NCC Group
CVMS
Available for: macOS Catalina 10.15.4
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed with improved checks.
CVE-2020-9856: @jinmo123, @setuid0x0_, and @insu_yun_en of
@SSLab_Gatech working with Trend Micro’s Zero Day Initiative
DiskArbitration
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to break out of its
sandbox
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9847: Zhuo Liang of Qihoo 360 Vulcan Team
Find My
Available for: macOS Catalina 10.15.4
Impact: A local attacker may be able to elevate their privileges
Description: A validation issue existed in the handling of symlinks.
CVE-2020-9855: Zhongcheng Li(CK01) of Topsec Alpha Team
FontParser
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend
Micro Zero Day Initiative
ImageIO
Available for: macOS Catalina 10.15.4
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3878: Samuel Groß of Google Project Zero
ImageIO
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9789: Wenchao Li of VARAS@IIE
CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab
Intel Graphics Driver
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9822: ABC Research s.r.o
IPSec
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9837: Thijs Alkemade of Computest
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to determine another
application's memory layout
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2020-9797: an anonymous researcher
Kernel
Available for: macOS Catalina 10.15.4
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A local user may be able to read kernel memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9811: Tielei Wang of Pangu Lab
CVE-2020-9812: Derrek (@derrekr6)
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A logic issue existed resulting in memory corruption.
CVE-2020-9813: Xinru Chi of Pangu Lab
CVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to determine kernel
memory layout
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9809: Benjamin Randazzo (@____benjamin)
ksh
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A local user may be able to execute arbitrary shell commands
Description: An issue existed in the handling of environment
variables.
CVE-2019-14868
NSURL
Available for: macOS Mojave 10.14.6
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari
Description: An issue existed in the parsing of URLs.
CVE-2020-9857: Dlive of Tencent Security Xuanwu Lab
PackageKit
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to gain root privileges
Description: A permissions issue existed.
CVE-2020-9817: Andy Grant of NCC Group
PackageKit
Available for: macOS Catalina 10.15.4
Impact: A malicious application may be able to modify protected parts
of the file system
Description: An access issue was addressed with improved access
restrictions.
CVE-2020-9851: Linus Henze (pinauten.de)
Python
Available for: macOS Catalina 10.15.4
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-9793
Sandbox
Available for: macOS Catalina 10.15.4
Impact: A malicious application may be able to bypass Privacy
preferences
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-9825: Sreejith Krishnan R (@skr0x1C0)
Security
Available for: macOS Catalina 10.15.4
Impact: A file may be incorrectly rendered to execute JavaScript
Description: A validation issue was addressed with improved input
sanitization.
CVE-2020-9824: Csaba Fitzl (@theevilbit) of Offensive Security
SQLite
Available for: macOS Catalina 10.15.4
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9794
System Preferences
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with improved state
handling.
CVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of
@SSLab_Gatech working with Trend Micro’s Zero Day Initiative
USB Audio
Available for: macOS Catalina 10.15.4
Impact: A USB device may be able to cause a denial of service
Description: A validation issue was addressed with improved input
sanitization.
CVE-2020-9792: Andy Davis of NCC Group
Wi-Fi
Available for: macOS Catalina 10.15.4
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A double free issue was addressed with improved memory
management.
CVE-2020-9844: Ian Beer of Google Project Zero
Wi-Fi
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9830: Tielei Wang of Pangu Lab
Wi-Fi
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-9834: Yu Wang of Didi Research America
Wi-Fi
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-9833: Yu Wang of Didi Research America
Wi-Fi
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to determine kernel
memory layout
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9832: Yu Wang of Didi Research America
WindowServer
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-9841: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
zsh
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A local attacker may be able to elevate their privileges
Description: An authorization issue was addressed with improved state
management.
CVE-2019-20044: Sam Foxman
Additional recognition
CoreBluetooth
We would like to acknowledge Maximilian von Tschitschnitz of
Technical University Munich and Ludwig Peuckert of Technical
University Munich for their assistance.
CoreText
We would like to acknowledge Jiska Classen (@naehrdine) and Dennis
Heinze (@ttdennis) of Secure Mobile Networking Lab for their
assistance.
Endpoint Security
We would like to acknowledge an anonymous researcher for their
assistance.
ImageIO
We would like to acknowledge Lei Sun for their assistance.
IOHIDFamily
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
IPSec
We would like to acknowledge Thijs Alkemade of Computest for their
assistance.
Login Window
We would like to acknowledge Jon Morby and an anonymous researcher
for their assistance.
Sandbox
We would like to acknowledge Jason L Lang of Optum for their
assistance.
Spotlight
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
Installation note:
macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security
Update 2020-003 High Sierra may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJezZcfAAoJEAc+Lhnt8tDNIQYP/0YN+/T85WC7RJjAlRrUDduD
ZO0e76d2C1jNgZWsYmXnrEPwfRYAEPLcKgb/SxAlwlRNFqex9CNu2sD1aA3GZBIO
MaektARuncqh06rl8BjbakS4HQs675vUEjoJS9H2d0pq2dSEIjOtH1agJwtGIeNS
wHBFlUnQzI42hurYeq7fxRdiByf+Z3mKEBt6wlVtaWjqcMfG9sroj9H58RLiqSNm
VNfU4eZNPrG49kbTf4IC2JvvKg18hrUZqIcjbV/56+kPBl4+USIxh/5ECJHV/cDD
BEe64M2I1LiY0lq6neoOeHvBiiIvUq9EUW2PBnfcbo3V1D35mm6td+WnO3Buqo6f
EEkjfIwtq7fI10ZPYYjiUayrQyfqmM3x14JcxDsHzlerT6NNRTg3g2ls0seQK9Lt
8IDbkrseOR0JFukR1njC+cAk4RbDFue5cUJK6Js1nGvFwLN0kHFIhh9jFKgccgH7
bKSLDAdB+kSxBOshDDmYyNS+KRzXEWIsBU8ZbNAbRDANWqm4lcPffKWcG7zIdiMQ
JLUclRURf35AoFmJ0F1BZSRzFuHr1Dvh23SjNK7H9i/mD05+rY6esh5ZKco+6Yqe
pW/EOXEAs/J06xUytABH3SkFmQSzlIPuFrXa8qAskHhFp/E8yLehyefoY+AZJjal
sLrLBIOxQCTskSFoExP8
=2eah
-----END PGP SIGNATURE-----
| VAR-202006-1618 | CVE-2020-9822 | macOS Catalina Out-of-bounds write vulnerability in |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to execute arbitrary code with kernel privileges. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. Intel Graphics Driver is one of the integrated graphics drivers. A security vulnerability exists in the Intel Graphics Driver component of Apple macOS Catalina prior to 10.15.5. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-05-26-3 macOS Catalina 10.15.5, Security Update
2020-003 Mojave, Security Update 2020-003 High Sierra
macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security
Update 2020-003 High Sierra are now available and address the
following:
Accounts
Available for: macOS Catalina 10.15.4
Impact: A remote attacker may be able to cause a denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt
AirDrop
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A remote attacker may be able to cause a denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2020-9826: Dor Hadad of Palo Alto Networks
AppleMobileFileIntegrity
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-9842: Linus Henze (pinauten.de)
AppleUSBNetworking
Available for: macOS Catalina 10.15.4
Impact: Inserting a USB device that sends invalid messages may cause
a kernel panic
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9804: Andy Davis of NCC Group
Audio
Available for: macOS Catalina 10.15.4
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero
Day Initiative
Audio
Available for: macOS Catalina 10.15.4
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero
Day Initiative
Bluetooth
Available for: macOS Catalina 10.15.4
Impact: A malicious application may be able to determine kernel
memory layout
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9831: Yu Wang of Didi Research America
Calendar
Available for: macOS Catalina 10.15.4
Impact: Importing a maliciously crafted calendar invitation may
exfiltrate user information
Description: This issue was addressed with improved checks.
CVE-2020-3882: Andy Grant of NCC Group
CVMS
Available for: macOS Catalina 10.15.4
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed with improved checks.
CVE-2020-9856: @jinmo123, @setuid0x0_, and @insu_yun_en of
@SSLab_Gatech working with Trend Micro’s Zero Day Initiative
DiskArbitration
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to break out of its
sandbox
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9847: Zhuo Liang of Qihoo 360 Vulcan Team
Find My
Available for: macOS Catalina 10.15.4
Impact: A local attacker may be able to elevate their privileges
Description: A validation issue existed in the handling of symlinks.
CVE-2020-9855: Zhongcheng Li(CK01) of Topsec Alpha Team
FontParser
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend
Micro Zero Day Initiative
ImageIO
Available for: macOS Catalina 10.15.4
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3878: Samuel Groß of Google Project Zero
ImageIO
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9822: ABC Research s.r.o
IPSec
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to determine another
application's memory layout
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A local user may be able to read kernel memory
Description: An information disclosure issue was addressed with
improved state management.
This was addressed with improved state management.
CVE-2020-9813: Xinru Chi of Pangu Lab
CVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to determine kernel
memory layout
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9809: Benjamin Randazzo (@____benjamin)
ksh
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A local user may be able to execute arbitrary shell commands
Description: An issue existed in the handling of environment
variables.
CVE-2019-14868
NSURL
Available for: macOS Mojave 10.14.6
Impact: A malicious website may be able to exfiltrate autofilled data
in Safari
Description: An issue existed in the parsing of URLs.
CVE-2020-9857: Dlive of Tencent Security Xuanwu Lab
PackageKit
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to gain root privileges
Description: A permissions issue existed.
CVE-2020-9817: Andy Grant of NCC Group
PackageKit
Available for: macOS Catalina 10.15.4
Impact: A malicious application may be able to modify protected parts
of the file system
Description: An access issue was addressed with improved access
restrictions.
CVE-2020-9851: Linus Henze (pinauten.de)
Python
Available for: macOS Catalina 10.15.4
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-9793
Sandbox
Available for: macOS Catalina 10.15.4
Impact: A malicious application may be able to bypass Privacy
preferences
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-9825: Sreejith Krishnan R (@skr0x1C0)
Security
Available for: macOS Catalina 10.15.4
Impact: A file may be incorrectly rendered to execute JavaScript
Description: A validation issue was addressed with improved input
sanitization.
CVE-2020-9788: Wojciech Reguła of SecuRing
(https://wojciechregula.blog)
SIP
Available for: macOS Catalina 10.15.4
Impact: A non-privileged user may be able to modify restricted
network settings
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9824: Csaba Fitzl (@theevilbit) of Offensive Security
SQLite
Available for: macOS Catalina 10.15.4
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9794
System Preferences
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with improved state
handling.
CVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of
@SSLab_Gatech working with Trend Micro’s Zero Day Initiative
USB Audio
Available for: macOS Catalina 10.15.4
Impact: A USB device may be able to cause a denial of service
Description: A validation issue was addressed with improved input
sanitization.
CVE-2020-9792: Andy Davis of NCC Group
Wi-Fi
Available for: macOS Catalina 10.15.4
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A double free issue was addressed with improved memory
management.
CVE-2020-9844: Ian Beer of Google Project Zero
Wi-Fi
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9830: Tielei Wang of Pangu Lab
Wi-Fi
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-9834: Yu Wang of Didi Research America
Wi-Fi
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-9833: Yu Wang of Didi Research America
Wi-Fi
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A malicious application may be able to determine kernel
memory layout
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9832: Yu Wang of Didi Research America
WindowServer
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-9841: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
zsh
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.4
Impact: A local attacker may be able to elevate their privileges
Description: An authorization issue was addressed with improved state
management.
CVE-2019-20044: Sam Foxman
Additional recognition
CoreBluetooth
We would like to acknowledge Maximilian von Tschitschnitz of
Technical University Munich and Ludwig Peuckert of Technical
University Munich for their assistance.
CoreText
We would like to acknowledge Jiska Classen (@naehrdine) and Dennis
Heinze (@ttdennis) of Secure Mobile Networking Lab for their
assistance.
Endpoint Security
We would like to acknowledge an anonymous researcher for their
assistance.
ImageIO
We would like to acknowledge Lei Sun for their assistance.
IOHIDFamily
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
IPSec
We would like to acknowledge Thijs Alkemade of Computest for their
assistance.
Login Window
We would like to acknowledge Jon Morby and an anonymous researcher
for their assistance.
Sandbox
We would like to acknowledge Jason L Lang of Optum for their
assistance.
Spotlight
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
Installation note:
macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security
Update 2020-003 High Sierra may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJezZcfAAoJEAc+Lhnt8tDNIQYP/0YN+/T85WC7RJjAlRrUDduD
ZO0e76d2C1jNgZWsYmXnrEPwfRYAEPLcKgb/SxAlwlRNFqex9CNu2sD1aA3GZBIO
MaektARuncqh06rl8BjbakS4HQs675vUEjoJS9H2d0pq2dSEIjOtH1agJwtGIeNS
wHBFlUnQzI42hurYeq7fxRdiByf+Z3mKEBt6wlVtaWjqcMfG9sroj9H58RLiqSNm
VNfU4eZNPrG49kbTf4IC2JvvKg18hrUZqIcjbV/56+kPBl4+USIxh/5ECJHV/cDD
BEe64M2I1LiY0lq6neoOeHvBiiIvUq9EUW2PBnfcbo3V1D35mm6td+WnO3Buqo6f
EEkjfIwtq7fI10ZPYYjiUayrQyfqmM3x14JcxDsHzlerT6NNRTg3g2ls0seQK9Lt
8IDbkrseOR0JFukR1njC+cAk4RbDFue5cUJK6Js1nGvFwLN0kHFIhh9jFKgccgH7
bKSLDAdB+kSxBOshDDmYyNS+KRzXEWIsBU8ZbNAbRDANWqm4lcPffKWcG7zIdiMQ
JLUclRURf35AoFmJ0F1BZSRzFuHr1Dvh23SjNK7H9i/mD05+rY6esh5ZKco+6Yqe
pW/EOXEAs/J06xUytABH3SkFmQSzlIPuFrXa8qAskHhFp/E8yLehyefoY+AZJjal
sLrLBIOxQCTskSFoExP8
=2eah
-----END PGP SIGNATURE-----