VARIoT IoT vulnerabilities database
| VAR-202004-1991 | CVE-2020-3881 | macOS Catalina Logic vulnerabilities in |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to view sensitive user information. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. FaceTime is one of those video calling software. An information disclosure vulnerability exists in the FaceTime component of Apple macOS Catalina prior to 10.15.4. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-03-24-2 macOS Catalina 10.15.4, Security Update
2020-002 Mojave, Security Update 2020-002 High Sierra
macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security
Update 2020-002 High Sierra are now available and address the
following:
Apple HSSPI Support
Available for: macOS Catalina 10.15.3
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3903: Proteas of Qihoo 360 Nirvan Team
AppleGraphicsControl
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved state management.
CVE-2020-3904: Proteas of Qihoo 360 Nirvan Team
AppleMobileFileIntegrity
Available for: macOS Catalina 10.15.3
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-3883: Linus Henze (pinauten.de)
Bluetooth
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3907: Yu Wang of Didi Research America
CVE-2020-3908: Yu Wang of Didi Research America
CVE-2020-3912: Yu Wang of Didi Research America
Bluetooth
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2019-8853: Jianjun Dai of Qihoo 360 Alpha Lab
Bluetooth
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-3892: Yu Wang of Didi Research America
CVE-2020-3893: Yu Wang of Didi Research America
CVE-2020-3905: Yu Wang of Didi Research America
Call History
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to access a user's call
history
Description: This issue was addressed with a new entitlement.
CVE-2020-9776: Benjamin Randazzo (@____benjamin)
CoreFoundation
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to elevate privileges
Description: A permissions issue existed.
CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co.
CVE-2020-3881: Yuval Ron, Amichai Shulman and Eli Biham of Technion -
Israel Institute of Technology
Icons
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs
Intel Graphics Driver
Available for: macOS Catalina 10.15.3
Impact: A malicious application may disclose restricted memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2019-14615: Wenjian HE of Hong Kong University of Science and
Technology, Wei Zhang of Hong Kong University of Science and
Technology, Sharad Sinha of Indian Institute of Technology Goa, and
Sanjeev Das of University of North Carolina
IOHIDFamily
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3919: an anonymous researcher
IOThunderboltFamily
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: An application may be able to gain elevated privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and
Luyi Xing of Indiana University Bloomington
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3914: pattern-f (@pattern_F_) of WaCai
Kernel
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved state management.
CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2020-3909: LGTM.com
CVE-2020-3911: found by OSS-Fuzz
libxml2
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-3910: LGTM.com
Mail
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.3
Impact: A remote attacker may be able to cause arbitrary javascript
code execution
Description: An injection issue was addressed with improved
validation.
CVE-2020-3884: Apple
sudo
Available for: macOS Catalina 10.15.3
Impact: An attacker may be able to run commands as a non-existent
user
Description: This issue was addressed by updating to sudo version
1.8.31.
CVE-2019-19232
TCC
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.3
Impact: A maliciously crafted application may be able to bypass code
signing enforcement
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3906: Patrick Wardle of Jamf
Vim
Available for: macOS Catalina 10.15.3
Impact: Multiple issues in Vim
Description: Multiple issues were addressed by updating to version
8.1.1850.
CVE-2020-9769: Steve Hahn from LinkedIn
Additional recognition
CoreText
We would like to acknowledge an anonymous researcher for their
assistance.
FireWire Audio
We would like to acknowledge Xiaolong Bai and Min (Spark) Zheng of
Alibaba Inc. and Luyi Xing of Indiana University Bloomington for
their assistance.
FontParser
We would like to acknowledge Matthew Denton of Google Chrome for
their assistance.
Install Framework Legacy
We would like to acknowledge Pris Sears of Virginia Tech, Tom Lynch
of UAL Creative Computing Institute, and an anonymous researcher for
their assistance.
LinkPresentation
We would like to acknowledge Travis for their assistance.
OpenSSH
We would like to acknowledge an anonymous researcher for their
assistance.
rapportd
We would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of
Technische Universität Darmstadt for their assistance.
Sidecar
We would like to acknowledge Rick Backley (@rback_sec) for their
assistance.
Installation note:
macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security
Update 2020-002 High Sierra may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJeejDOAAoJEAc+Lhnt8tDNTtkP/RRnnsXeWXRjFHoRf7P+npKE
Je0ZSoqv08Tgmv+Q0voSdCFZjFAqKXviVgZTGFT7LsuUWqdZEATxkB1fevt7t3Bl
qXWNGpna3mGqWl6I2cWKxVOHT9fysO/31ADgFIwgOWSodvImNdp/JBpOcyRqcFJc
B3TpNq8xtKSpWBVrq0TVHRWMu87VJHkGi78jAJ4x7qgXyWICf3usa9ajqYqzV99m
6/DrIH4s2Um2zJVi4YyzK0+rR2B2Q1eO8CFuzUB9D1HKCEnRXoRfALFC8v83p7cC
m46CarISSrnMEYkxNhxsOGQbcMyBR3GDNZlo8/Y+Syqgwp3AKWbRFUDDM9vbCv6F
z1fkWBmGftcd6G8dqO0dMAR6asglg9z2/GF/+3pZh5Mmmd7EBX+YeA84BhDTTsTs
671Af+F8OxSqgRV8qe+dbiFbD9qylM1luJD98PzoiFMO3h29fS41ofpuA6BTrdQN
JPWY0NwTS11xQb11LHhXm7nF9vsrCIIspauOfkLbpCx6AWJQ/FpPyIXBYUEJ50ho
NWWv4jmT+v8PSC2tSM0yMeI4OJX/+yd91uKLqzGGr1x2zshrXoMx0VDpg8HJkLfT
y7CSgFrBGO8AgrcsZ6I8nDleoBsrEpLh2qEil7GexwoyUrVvfxCueW0shv4Oo4gf
ZHp7Jd+FZIoCP69dNnxG
=AUHy
-----END PGP SIGNATURE-----
| VAR-202004-1988 | CVE-2020-3916 | plural Apple Access vulnerabilities in products |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. Setting an alternate app icon may disclose a photo without needing permission to access photos. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Icons is one of the system icon components. An information disclosure vulnerability exists in the Icons component of Apple iOS versions prior to 13.4, iPadOS versions prior to 13.4, and watchOS versions prior to 6.2. Attackers can exploit this vulnerability to obtain images without corresponding permissions.
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-03-24-1 iOS 13.4 and iPadOS 13.4
iOS 13.4 and iPadOS 13.4 are now available and address the following:
ActionKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to use an SSH client provided by
private frameworks
Description: This issue was addressed with a new entitlement.
CVE-2020-3917: Steven Troughton-Smith (@stroughtonsmith)
AppleMobileFileIntegrity
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-3883: Linus Henze (pinauten.de)
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: A logic issue was addressed with improved state
management.
CVE-2020-9770: Jianliang Wu of PurSec Lab of Purdue University,
Xinwen Fu and Yue Zhang of the University of Central Florida
CoreFoundation
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to elevate privileges
Description: A permissions issue existed.
CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co.
CVE-2020-3916: Vitaliy Alekseev (@villy21)
Icons
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs
Image Processing
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9768: Mohamed Ghannam (@_simo36)
IOHIDFamily
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3919: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3914: pattern-f (@pattern_F_) of WaCai
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved state management.
CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-3910: LGTM.com
libxml2
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2020-3909: LGTM.com
CVE-2020-3911: found by OSS-Fuzz
Mail
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A local user may be able to view deleted content in the app
switcher
Description: The issue was resolved by clearing application previews
when content is deleted.
CVE-2020-9780: an anonymous researcher, Dimitris Chaintinis
Mail Attachments
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Cropped videos may not be shared properly via Mail
Description: An issue existed in the selection of video file by Mail.
The issue was fixed by selecting the latest version of a video.
CVE-2020-9777
Messages
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A person with physical access to a locked iOS device may be
able to respond to messages even when replies are disabled
Description: A logic issue was addressed with improved state
management.
CVE-2020-3891: Peter Scott
Messages Composition
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Deleted messages groups may still be suggested as an
autocompletion
Description: The issue was addressed with improved deletion.
CVE-2020-3890: an anonymous researcher
Safari
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A user's private browsing activity may be unexpectedly saved
in Screen Time
Description: An issue existed in the handling of tabs displaying
picture in picture video. The issue was corrected with improved state
handling.
CVE-2020-9775: an anonymous researcher, Marek Wawro
(futurefinance.com) and Sambor Wawro of STO64 School Krakow Poland
Safari
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A user may grant website permissions to a site they didn't
intend to
Description: The issue was addressed by clearing website permission
prompts after navigation.
CVE-2020-9781: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)
Web App
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A maliciously crafted page may interfere with other web
contexts
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3888: Darren Jones of Dappological Ltd.
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to read restricted memory
Description: A race condition was addressed with additional
validation.
CVE-2020-3894: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2020-3899: found by OSS-Fuzz
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-3902: Yiğit Can YILMAZ (@yilmazcanyigit)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3895: grigoritchy
CVE-2020-3900: Dongzhuo Zhao working with ADLab of Venustech
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-3901: Benjamin Randazzo (@____benjamin)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A download's origin may be incorrectly associated
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3887: Ryan Pickren (ryanpickren.com)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9783: Apple
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro’s
Zero Day Initiative
WebKit Page Loading
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A file URL may be incorrectly processed
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3885: Ryan Pickren (ryanpickren.com)
Additional recognition
FontParser
We would like to acknowledge Matthew Denton of Google Chrome for
their assistance.
Kernel
We would like to acknowledge Siguza for their assistance.
LinkPresentation
We would like to acknowledge Travis for their assistance.
Notes
We would like to acknowledge Mike DiLoreto for their assistance.
rapportd
We would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of
Technische Universität Darmstadt for their assistance.
Safari Reader
We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs
(payatu.com) for their assistance.
Sidecar
We would like to acknowledge Rick Backley (@rback_sec) for their
assistance.
SiriKit
We would like to acknowledge Ioan Florescu and Ki Ha Nam for their
assistance.
WebKit
We would like to acknowledge Emilio Cobos Álvarez of Mozilla, Samuel
Groß of Google Project Zero, and an anonymous researcher for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 13.4 and iPadOS 13.4".
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJeekZMAAoJEAc+Lhnt8tDNKCgP/3pVmWn5xSJ/VS0kgOY3XsuF
dy80y4fIR+0y0Gx2t06RY/5fROnZWYpCs7TjWg0ZoWF73wplM6nfR19QaS0evqrK
KJq46grrKHnhgrmSqCzNiar5uYm6/S3BLCueikeqAX2osMOI/rmWGy0/BFxgv6vL
OS6n9n6NO0V9wQQdnOveWMARi0w9M3S07j86T4OUNEw49Z3dNcndP6HYxagQAP1Y
7O26ls+HkgH7mbHxvUN0WqtmTCaOgB4pXeTCrd4d/ev1LTiO4NH00DcaC6a2adhD
c7TZO9Ba5H15XVVpkPQqFfiKVfjvQcPrTmKk0mdaLnDOB2ntUnvKplCeZPTFefGw
ZidI9SYUnPWJ4ITxji48PcRhbHALW59PYnhHvRRfxyqYhwsNus9i3UZNXkjm5U0D
hdDevEztCnkAsqZWq9hvCwDrsIvvlGrueuCC6jqODSNWucod/inOvGZ2N0/rwc/r
UtlGyZtQj9rWvZix0daOEWYnwSoV09XuIhUlcEEG/CU1XlVOCAD01n02zIGcLc2C
Rm/61L08KcRDRvBLsNEYDgfnvxj2Lsyi2wf8L0VGpkHJkoDifLh64fPYshjhL6t5
OeKelaH5yPeTdu2bs4ispTmlUJ9NYVHxyDeWGdtz4sfCFAji+pK9uFHFh3woVs6U
QZLTM48mlSBSN+txWmsZ
=K2in
-----END PGP SIGNATURE-----
| VAR-202004-1989 | CVE-2020-3917 | plural Apple Vulnerability in leaking resources to the wrong area in the product |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
This issue was addressed with a new entitlement. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to use an SSH client provided by private frameworks. plural Apple The product contains a vulnerability related to the leakage of resources to the wrong area due to a flaw in the processing related to entitlements.Provided by a private framework SSH The client may be used. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. ActionKit is one of the target action paradigm wrapper components. A security vulnerability exists in ActionKit components in several Apple products. The following products and versions are affected: Apple iOS prior to 13.4; iPadOS prior to 13.4; tvOS prior to 13.4; watchOS prior to 6.2.
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-03-24-1 iOS 13.4 and iPadOS 13.4
iOS 13.4 and iPadOS 13.4 are now available and address the following:
ActionKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to use an SSH client provided by
private frameworks
Description: This issue was addressed with a new entitlement.
CVE-2020-3917: Steven Troughton-Smith (@stroughtonsmith)
AppleMobileFileIntegrity
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-3883: Linus Henze (pinauten.de)
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: A logic issue was addressed with improved state
management.
CVE-2020-9770: Jianliang Wu of PurSec Lab of Purdue University,
Xinwen Fu and Yue Zhang of the University of Central Florida
CoreFoundation
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to elevate privileges
Description: A permissions issue existed.
CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG
Icons
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Setting an alternate app icon may disclose a photo without
needing permission to access photos
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-3916: Vitaliy Alekseev (@villy21)
Icons
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs
Image Processing
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9768: Mohamed Ghannam (@_simo36)
IOHIDFamily
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3919: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3914: pattern-f (@pattern_F_) of WaCai
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved state management.
CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-3910: LGTM.com
libxml2
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2020-3909: LGTM.com
CVE-2020-3911: found by OSS-Fuzz
Mail
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A local user may be able to view deleted content in the app
switcher
Description: The issue was resolved by clearing application previews
when content is deleted.
CVE-2020-9780: an anonymous researcher, Dimitris Chaintinis
Mail Attachments
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Cropped videos may not be shared properly via Mail
Description: An issue existed in the selection of video file by Mail.
The issue was fixed by selecting the latest version of a video.
CVE-2020-9777
Messages
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A person with physical access to a locked iOS device may be
able to respond to messages even when replies are disabled
Description: A logic issue was addressed with improved state
management.
CVE-2020-3891: Peter Scott
Messages Composition
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Deleted messages groups may still be suggested as an
autocompletion
Description: The issue was addressed with improved deletion.
CVE-2020-3890: an anonymous researcher
Safari
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A user's private browsing activity may be unexpectedly saved
in Screen Time
Description: An issue existed in the handling of tabs displaying
picture in picture video. The issue was corrected with improved state
handling.
CVE-2020-9775: an anonymous researcher, Marek Wawro
(futurefinance.com) and Sambor Wawro of STO64 School Krakow Poland
Safari
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A user may grant website permissions to a site they didn't
intend to
Description: The issue was addressed by clearing website permission
prompts after navigation.
CVE-2020-9781: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)
Web App
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A maliciously crafted page may interfere with other web
contexts
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3888: Darren Jones of Dappological Ltd.
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to read restricted memory
Description: A race condition was addressed with additional
validation.
CVE-2020-3894: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2020-3899: found by OSS-Fuzz
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-3902: Yiğit Can YILMAZ (@yilmazcanyigit)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3895: grigoritchy
CVE-2020-3900: Dongzhuo Zhao working with ADLab of Venustech
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-3901: Benjamin Randazzo (@____benjamin)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A download's origin may be incorrectly associated
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3887: Ryan Pickren (ryanpickren.com)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9783: Apple
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro’s
Zero Day Initiative
WebKit Page Loading
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A file URL may be incorrectly processed
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3885: Ryan Pickren (ryanpickren.com)
Additional recognition
FontParser
We would like to acknowledge Matthew Denton of Google Chrome for
their assistance.
Kernel
We would like to acknowledge Siguza for their assistance.
LinkPresentation
We would like to acknowledge Travis for their assistance.
Notes
We would like to acknowledge Mike DiLoreto for their assistance.
rapportd
We would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of
Technische Universität Darmstadt for their assistance.
Safari Reader
We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs
(payatu.com) for their assistance.
Sidecar
We would like to acknowledge Rick Backley (@rback_sec) for their
assistance.
SiriKit
We would like to acknowledge Ioan Florescu and Ki Ha Nam for their
assistance.
WebKit
We would like to acknowledge Emilio Cobos Álvarez of Mozilla, Samuel
Groß of Google Project Zero, and an anonymous researcher for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 13.4 and iPadOS 13.4".
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJeekZMAAoJEAc+Lhnt8tDNKCgP/3pVmWn5xSJ/VS0kgOY3XsuF
dy80y4fIR+0y0Gx2t06RY/5fROnZWYpCs7TjWg0ZoWF73wplM6nfR19QaS0evqrK
KJq46grrKHnhgrmSqCzNiar5uYm6/S3BLCueikeqAX2osMOI/rmWGy0/BFxgv6vL
OS6n9n6NO0V9wQQdnOveWMARi0w9M3S07j86T4OUNEw49Z3dNcndP6HYxagQAP1Y
7O26ls+HkgH7mbHxvUN0WqtmTCaOgB4pXeTCrd4d/ev1LTiO4NH00DcaC6a2adhD
c7TZO9Ba5H15XVVpkPQqFfiKVfjvQcPrTmKk0mdaLnDOB2ntUnvKplCeZPTFefGw
ZidI9SYUnPWJ4ITxji48PcRhbHALW59PYnhHvRRfxyqYhwsNus9i3UZNXkjm5U0D
hdDevEztCnkAsqZWq9hvCwDrsIvvlGrueuCC6jqODSNWucod/inOvGZ2N0/rwc/r
UtlGyZtQj9rWvZix0daOEWYnwSoV09XuIhUlcEEG/CU1XlVOCAD01n02zIGcLc2C
Rm/61L08KcRDRvBLsNEYDgfnvxj2Lsyi2wf8L0VGpkHJkoDifLh64fPYshjhL6t5
OeKelaH5yPeTdu2bs4ispTmlUJ9NYVHxyDeWGdtz4sfCFAji+pK9uFHFh3woVs6U
QZLTM48mlSBSN+txWmsZ
=K2in
-----END PGP SIGNATURE-----
| VAR-202004-1985 | CVE-2020-3912 | macOS Catalina Out-of-bounds read vulnerability in |
CVSS V2: 6.6 CVSS V3: 7.1 Severity: HIGH |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. Bluetooth is one of the Bluetooth components. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-03-24-2 macOS Catalina 10.15.4, Security Update
2020-002 Mojave, Security Update 2020-002 High Sierra
macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security
Update 2020-002 High Sierra are now available and address the
following:
Apple HSSPI Support
Available for: macOS Catalina 10.15.3
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3903: Proteas of Qihoo 360 Nirvan Team
AppleGraphicsControl
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved state management.
CVE-2020-3904: Proteas of Qihoo 360 Nirvan Team
AppleMobileFileIntegrity
Available for: macOS Catalina 10.15.3
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-3907: Yu Wang of Didi Research America
CVE-2020-3908: Yu Wang of Didi Research America
CVE-2020-3912: Yu Wang of Didi Research America
Bluetooth
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2019-8853: Jianjun Dai of Qihoo 360 Alpha Lab
Bluetooth
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-3892: Yu Wang of Didi Research America
CVE-2020-3893: Yu Wang of Didi Research America
CVE-2020-3905: Yu Wang of Didi Research America
Call History
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to access a user's call
history
Description: This issue was addressed with a new entitlement.
CVE-2020-9776: Benjamin Randazzo (@____benjamin)
CoreFoundation
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to elevate privileges
Description: A permissions issue existed.
CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG
FaceTime
Available for: macOS Catalina 10.15.3
Impact: A local user may be able to view sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2020-3881: Yuval Ron, Amichai Shulman and Eli Biham of Technion -
Israel Institute of Technology
Icons
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs
Intel Graphics Driver
Available for: macOS Catalina 10.15.3
Impact: A malicious application may disclose restricted memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2019-14615: Wenjian HE of Hong Kong University of Science and
Technology, Wei Zhang of Hong Kong University of Science and
Technology, Sharad Sinha of Indian Institute of Technology Goa, and
Sanjeev Das of University of North Carolina
IOHIDFamily
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3919: an anonymous researcher
IOThunderboltFamily
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: An application may be able to gain elevated privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and
Luyi Xing of Indiana University Bloomington
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3914: pattern-f (@pattern_F_) of WaCai
Kernel
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved state management.
CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2020-3909: LGTM.com
CVE-2020-3911: found by OSS-Fuzz
libxml2
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-3910: LGTM.com
Mail
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.3
Impact: A remote attacker may be able to cause arbitrary javascript
code execution
Description: An injection issue was addressed with improved
validation.
CVE-2020-3884: Apple
sudo
Available for: macOS Catalina 10.15.3
Impact: An attacker may be able to run commands as a non-existent
user
Description: This issue was addressed by updating to sudo version
1.8.31.
CVE-2019-19232
TCC
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.3
Impact: A maliciously crafted application may be able to bypass code
signing enforcement
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3906: Patrick Wardle of Jamf
Vim
Available for: macOS Catalina 10.15.3
Impact: Multiple issues in Vim
Description: Multiple issues were addressed by updating to version
8.1.1850.
CVE-2020-9769: Steve Hahn from LinkedIn
Additional recognition
CoreText
We would like to acknowledge an anonymous researcher for their
assistance.
FireWire Audio
We would like to acknowledge Xiaolong Bai and Min (Spark) Zheng of
Alibaba Inc. and Luyi Xing of Indiana University Bloomington for
their assistance.
FontParser
We would like to acknowledge Matthew Denton of Google Chrome for
their assistance.
Install Framework Legacy
We would like to acknowledge Pris Sears of Virginia Tech, Tom Lynch
of UAL Creative Computing Institute, and an anonymous researcher for
their assistance.
LinkPresentation
We would like to acknowledge Travis for their assistance.
OpenSSH
We would like to acknowledge an anonymous researcher for their
assistance.
rapportd
We would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of
Technische Universität Darmstadt for their assistance.
Sidecar
We would like to acknowledge Rick Backley (@rback_sec) for their
assistance.
Installation note:
macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security
Update 2020-002 High Sierra may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJeejDOAAoJEAc+Lhnt8tDNTtkP/RRnnsXeWXRjFHoRf7P+npKE
Je0ZSoqv08Tgmv+Q0voSdCFZjFAqKXviVgZTGFT7LsuUWqdZEATxkB1fevt7t3Bl
qXWNGpna3mGqWl6I2cWKxVOHT9fysO/31ADgFIwgOWSodvImNdp/JBpOcyRqcFJc
B3TpNq8xtKSpWBVrq0TVHRWMu87VJHkGi78jAJ4x7qgXyWICf3usa9ajqYqzV99m
6/DrIH4s2Um2zJVi4YyzK0+rR2B2Q1eO8CFuzUB9D1HKCEnRXoRfALFC8v83p7cC
m46CarISSrnMEYkxNhxsOGQbcMyBR3GDNZlo8/Y+Syqgwp3AKWbRFUDDM9vbCv6F
z1fkWBmGftcd6G8dqO0dMAR6asglg9z2/GF/+3pZh5Mmmd7EBX+YeA84BhDTTsTs
671Af+F8OxSqgRV8qe+dbiFbD9qylM1luJD98PzoiFMO3h29fS41ofpuA6BTrdQN
JPWY0NwTS11xQb11LHhXm7nF9vsrCIIspauOfkLbpCx6AWJQ/FpPyIXBYUEJ50ho
NWWv4jmT+v8PSC2tSM0yMeI4OJX/+yd91uKLqzGGr1x2zshrXoMx0VDpg8HJkLfT
y7CSgFrBGO8AgrcsZ6I8nDleoBsrEpLh2qEil7GexwoyUrVvfxCueW0shv4Oo4gf
ZHp7Jd+FZIoCP69dNnxG
=AUHy
-----END PGP SIGNATURE-----
| VAR-202004-1992 | CVE-2020-3883 | plural Apple Product vulnerabilities |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
This issue was addressed with improved checks. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to use arbitrary entitlements. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. AppleMobileFileIntegrity is one of the plugins with file integrity checking function. A security vulnerability exists in the AppleMobileFileIntegrity component of several Apple products. An attacker could exploit this vulnerability to gain arbitrary privileges. The following products and versions are affected: iOS prior to 13.4; iPadOS prior to 13.4; tvOS prior to 13.4; watchOS prior to 6.2; macOS Catalina prior to 10.15.4.
Alternatively, on your watch, select "My Watch > General > About".
CVE-2020-3892: Yu Wang of Didi Research America
CVE-2020-3893: Yu Wang of Didi Research America
CVE-2020-3905: Yu Wang of Didi Research America
Call History
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to access a user's call
history
Description: This issue was addressed with a new entitlement.
CVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc.
CVE-2020-3884: Apple
sudo
Available for: macOS Catalina 10.15.3
Impact: An attacker may be able to run commands as a non-existent
user
Description: This issue was addressed by updating to sudo version
1.8.31.
CVE-2020-3906: Patrick Wardle of Jamf
Vim
Available for: macOS Catalina 10.15.3
Impact: Multiple issues in Vim
Description: Multiple issues were addressed by updating to version
8.1.1850.
FireWire Audio
We would like to acknowledge Xiaolong Bai and Min (Spark) Zheng of
Alibaba Inc. and Luyi Xing of Indiana University Bloomington for
their assistance.
Install Framework Legacy
We would like to acknowledge Pris Sears of Virginia Tech, Tom Lynch
of UAL Creative Computing Institute, and an anonymous researcher for
their assistance.
Installation note:
macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security
Update 2020-002 High Sierra may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJeejDOAAoJEAc+Lhnt8tDNTtkP/RRnnsXeWXRjFHoRf7P+npKE
Je0ZSoqv08Tgmv+Q0voSdCFZjFAqKXviVgZTGFT7LsuUWqdZEATxkB1fevt7t3Bl
qXWNGpna3mGqWl6I2cWKxVOHT9fysO/31ADgFIwgOWSodvImNdp/JBpOcyRqcFJc
B3TpNq8xtKSpWBVrq0TVHRWMu87VJHkGi78jAJ4x7qgXyWICf3usa9ajqYqzV99m
6/DrIH4s2Um2zJVi4YyzK0+rR2B2Q1eO8CFuzUB9D1HKCEnRXoRfALFC8v83p7cC
m46CarISSrnMEYkxNhxsOGQbcMyBR3GDNZlo8/Y+Syqgwp3AKWbRFUDDM9vbCv6F
z1fkWBmGftcd6G8dqO0dMAR6asglg9z2/GF/+3pZh5Mmmd7EBX+YeA84BhDTTsTs
671Af+F8OxSqgRV8qe+dbiFbD9qylM1luJD98PzoiFMO3h29fS41ofpuA6BTrdQN
JPWY0NwTS11xQb11LHhXm7nF9vsrCIIspauOfkLbpCx6AWJQ/FpPyIXBYUEJ50ho
NWWv4jmT+v8PSC2tSM0yMeI4OJX/+yd91uKLqzGGr1x2zshrXoMx0VDpg8HJkLfT
y7CSgFrBGO8AgrcsZ6I8nDleoBsrEpLh2qEil7GexwoyUrVvfxCueW0shv4Oo4gf
ZHp7Jd+FZIoCP69dNnxG
=AUHy
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-03-24-1 iOS 13.4 and iPadOS 13.4
iOS 13.4 and iPadOS 13.4 are now available and address the following:
ActionKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to use an SSH client provided by
private frameworks
Description: This issue was addressed with a new entitlement.
CVE-2020-3917: Steven Troughton-Smith (@stroughtonsmith)
AppleMobileFileIntegrity
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-3883: Linus Henze (pinauten.de)
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: A logic issue was addressed with improved state
management.
CVE-2020-9770: Jianliang Wu of PurSec Lab of Purdue University,
Xinwen Fu and Yue Zhang of the University of Central Florida
CoreFoundation
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to elevate privileges
Description: A permissions issue existed.
CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG
Icons
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Setting an alternate app icon may disclose a photo without
needing permission to access photos
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-3916: Vitaliy Alekseev (@villy21)
Icons
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs
Image Processing
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9768: Mohamed Ghannam (@_simo36)
IOHIDFamily
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3919: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3914: pattern-f (@pattern_F_) of WaCai
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved state management.
CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-3910: LGTM.com
libxml2
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2020-3909: LGTM.com
CVE-2020-3911: found by OSS-Fuzz
Mail
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A local user may be able to view deleted content in the app
switcher
Description: The issue was resolved by clearing application previews
when content is deleted.
CVE-2020-9780: an anonymous researcher, Dimitris Chaintinis
Mail Attachments
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Cropped videos may not be shared properly via Mail
Description: An issue existed in the selection of video file by Mail.
The issue was fixed by selecting the latest version of a video.
CVE-2020-9777
Messages
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A person with physical access to a locked iOS device may be
able to respond to messages even when replies are disabled
Description: A logic issue was addressed with improved state
management.
CVE-2020-3891: Peter Scott
Messages Composition
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Deleted messages groups may still be suggested as an
autocompletion
Description: The issue was addressed with improved deletion.
CVE-2020-3890: an anonymous researcher
Safari
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A user's private browsing activity may be unexpectedly saved
in Screen Time
Description: An issue existed in the handling of tabs displaying
picture in picture video.
CVE-2020-9775: an anonymous researcher, Marek Wawro
(futurefinance.com) and Sambor Wawro of STO64 School Krakow Poland
Safari
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A user may grant website permissions to a site they didn't
intend to
Description: The issue was addressed by clearing website permission
prompts after navigation.
CVE-2020-9781: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)
Web App
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A maliciously crafted page may interfere with other web
contexts
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3888: Darren Jones of Dappological Ltd.
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to read restricted memory
Description: A race condition was addressed with additional
validation.
CVE-2020-3894: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2020-3899: found by OSS-Fuzz
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-3902: Yiğit Can YILMAZ (@yilmazcanyigit)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3895: grigoritchy
CVE-2020-3900: Dongzhuo Zhao working with ADLab of Venustech
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-3901: Benjamin Randazzo (@____benjamin)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A download's origin may be incorrectly associated
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3887: Ryan Pickren (ryanpickren.com)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9783: Apple
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro’s
Zero Day Initiative
WebKit Page Loading
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A file URL may be incorrectly processed
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3885: Ryan Pickren (ryanpickren.com)
Additional recognition
FontParser
We would like to acknowledge Matthew Denton of Google Chrome for
their assistance.
Kernel
We would like to acknowledge Siguza for their assistance.
LinkPresentation
We would like to acknowledge Travis for their assistance.
Notes
We would like to acknowledge Mike DiLoreto for their assistance.
rapportd
We would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of
Technische Universität Darmstadt for their assistance.
Safari Reader
We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs
(payatu.com) for their assistance.
Sidecar
We would like to acknowledge Rick Backley (@rback_sec) for their
assistance.
SiriKit
We would like to acknowledge Ioan Florescu and Ki Ha Nam for their
assistance.
WebKit
We would like to acknowledge Emilio Cobos Álvarez of Mozilla, Samuel
Groß of Google Project Zero, and an anonymous researcher for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 13.4 and iPadOS 13.4".
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJeekZMAAoJEAc+Lhnt8tDNKCgP/3pVmWn5xSJ/VS0kgOY3XsuF
dy80y4fIR+0y0Gx2t06RY/5fROnZWYpCs7TjWg0ZoWF73wplM6nfR19QaS0evqrK
KJq46grrKHnhgrmSqCzNiar5uYm6/S3BLCueikeqAX2osMOI/rmWGy0/BFxgv6vL
OS6n9n6NO0V9wQQdnOveWMARi0w9M3S07j86T4OUNEw49Z3dNcndP6HYxagQAP1Y
7O26ls+HkgH7mbHxvUN0WqtmTCaOgB4pXeTCrd4d/ev1LTiO4NH00DcaC6a2adhD
c7TZO9Ba5H15XVVpkPQqFfiKVfjvQcPrTmKk0mdaLnDOB2ntUnvKplCeZPTFefGw
ZidI9SYUnPWJ4ITxji48PcRhbHALW59PYnhHvRRfxyqYhwsNus9i3UZNXkjm5U0D
hdDevEztCnkAsqZWq9hvCwDrsIvvlGrueuCC6jqODSNWucod/inOvGZ2N0/rwc/r
UtlGyZtQj9rWvZix0daOEWYnwSoV09XuIhUlcEEG/CU1XlVOCAD01n02zIGcLc2C
Rm/61L08KcRDRvBLsNEYDgfnvxj2Lsyi2wf8L0VGpkHJkoDifLh64fPYshjhL6t5
OeKelaH5yPeTdu2bs4ispTmlUJ9NYVHxyDeWGdtz4sfCFAji+pK9uFHFh3woVs6U
QZLTM48mlSBSN+txWmsZ
=K2in
-----END PGP SIGNATURE-----
| VAR-202004-1995 | CVE-2020-3887 | plural Apple Product logic vulnerabilities |
CVSS V2: 4.3 CVSS V3: 4.3 Severity: MEDIUM |
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download's origin may be incorrectly associated. plural Apple The product contains a logic vulnerability due to a flawed handling of restrictions.Download source may be incorrectly associated. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. WebKit is one of the web browser engine components. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. The following products and versions are affected: Windows-based Apple iCloud versions prior to 7.18 and 10.9.3; Windows-based iTunes versions prior to 12.10.5; iOS versions prior to 13.4; iPadOS versions prior to 13.4; Safari versions prior to 13.1; tvOS Versions prior to 13.4.
Installation note:
Safari 13.1 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-03-24-1 iOS 13.4 and iPadOS 13.4
iOS 13.4 and iPadOS 13.4 are now available and address the following:
ActionKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to use an SSH client provided by
private frameworks
Description: This issue was addressed with a new entitlement.
CVE-2020-3917: Steven Troughton-Smith (@stroughtonsmith)
AppleMobileFileIntegrity
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-3883: Linus Henze (pinauten.de)
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: A logic issue was addressed with improved state
management.
CVE-2020-9770: Jianliang Wu of PurSec Lab of Purdue University,
Xinwen Fu and Yue Zhang of the University of Central Florida
CoreFoundation
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to elevate privileges
Description: A permissions issue existed.
CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG
Icons
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Setting an alternate app icon may disclose a photo without
needing permission to access photos
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-3916: Vitaliy Alekseev (@villy21)
Icons
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs
Image Processing
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9768: Mohamed Ghannam (@_simo36)
IOHIDFamily
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3919: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3914: pattern-f (@pattern_F_) of WaCai
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved state management.
CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-3910: LGTM.com
libxml2
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2020-3909: LGTM.com
CVE-2020-3911: found by OSS-Fuzz
Mail
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A local user may be able to view deleted content in the app
switcher
Description: The issue was resolved by clearing application previews
when content is deleted.
CVE-2020-9780: an anonymous researcher, Dimitris Chaintinis
Mail Attachments
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Cropped videos may not be shared properly via Mail
Description: An issue existed in the selection of video file by Mail.
The issue was fixed by selecting the latest version of a video.
CVE-2020-9777
Messages
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A person with physical access to a locked iOS device may be
able to respond to messages even when replies are disabled
Description: A logic issue was addressed with improved state
management.
CVE-2020-3891: Peter Scott
Messages Composition
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Deleted messages groups may still be suggested as an
autocompletion
Description: The issue was addressed with improved deletion.
CVE-2020-3890: an anonymous researcher
Safari
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A user's private browsing activity may be unexpectedly saved
in Screen Time
Description: An issue existed in the handling of tabs displaying
picture in picture video.
CVE-2020-9775: an anonymous researcher, Marek Wawro
(futurefinance.com) and Sambor Wawro of STO64 School Krakow Poland
Safari
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A user may grant website permissions to a site they didn't
intend to
Description: The issue was addressed by clearing website permission
prompts after navigation.
CVE-2020-9781: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)
Web App
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A maliciously crafted page may interfere with other web
contexts
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3888: Darren Jones of Dappological Ltd.
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to read restricted memory
Description: A race condition was addressed with additional
validation.
CVE-2020-3894: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2020-3899: found by OSS-Fuzz
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-3902: Yiğit Can YILMAZ (@yilmazcanyigit)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3895: grigoritchy
CVE-2020-3900: Dongzhuo Zhao working with ADLab of Venustech
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-3901: Benjamin Randazzo (@____benjamin)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A download's origin may be incorrectly associated
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3887: Ryan Pickren (ryanpickren.com)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9783: Apple
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro’s
Zero Day Initiative
WebKit Page Loading
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A file URL may be incorrectly processed
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3885: Ryan Pickren (ryanpickren.com)
Additional recognition
FontParser
We would like to acknowledge Matthew Denton of Google Chrome for
their assistance.
Kernel
We would like to acknowledge Siguza for their assistance.
LinkPresentation
We would like to acknowledge Travis for their assistance.
Notes
We would like to acknowledge Mike DiLoreto for their assistance.
rapportd
We would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of
Technische Universität Darmstadt for their assistance.
Safari Reader
We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs
(payatu.com) for their assistance.
Sidecar
We would like to acknowledge Rick Backley (@rback_sec) for their
assistance.
SiriKit
We would like to acknowledge Ioan Florescu and Ki Ha Nam for their
assistance.
WebKit
We would like to acknowledge Emilio Cobos Álvarez of Mozilla, Samuel
Groß of Google Project Zero, and an anonymous researcher for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 13.4 and iPadOS 13.4".
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJeekZMAAoJEAc+Lhnt8tDNKCgP/3pVmWn5xSJ/VS0kgOY3XsuF
dy80y4fIR+0y0Gx2t06RY/5fROnZWYpCs7TjWg0ZoWF73wplM6nfR19QaS0evqrK
KJq46grrKHnhgrmSqCzNiar5uYm6/S3BLCueikeqAX2osMOI/rmWGy0/BFxgv6vL
OS6n9n6NO0V9wQQdnOveWMARi0w9M3S07j86T4OUNEw49Z3dNcndP6HYxagQAP1Y
7O26ls+HkgH7mbHxvUN0WqtmTCaOgB4pXeTCrd4d/ev1LTiO4NH00DcaC6a2adhD
c7TZO9Ba5H15XVVpkPQqFfiKVfjvQcPrTmKk0mdaLnDOB2ntUnvKplCeZPTFefGw
ZidI9SYUnPWJ4ITxji48PcRhbHALW59PYnhHvRRfxyqYhwsNus9i3UZNXkjm5U0D
hdDevEztCnkAsqZWq9hvCwDrsIvvlGrueuCC6jqODSNWucod/inOvGZ2N0/rwc/r
UtlGyZtQj9rWvZix0daOEWYnwSoV09XuIhUlcEEG/CU1XlVOCAD01n02zIGcLc2C
Rm/61L08KcRDRvBLsNEYDgfnvxj2Lsyi2wf8L0VGpkHJkoDifLh64fPYshjhL6t5
OeKelaH5yPeTdu2bs4ispTmlUJ9NYVHxyDeWGdtz4sfCFAji+pK9uFHFh3woVs6U
QZLTM48mlSBSN+txWmsZ
=K2in
-----END PGP SIGNATURE-----
| VAR-202004-1990 | CVE-2020-3919 | plural Apple Product Initialization Vulnerability |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges. plural Apple The product has a memory initialization vulnerability due to improper memory processing.Arbitrary code can be executed with kernel privileges. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. IOHIDFamily is one of the kernel extensions (Abstract Interface for Human Interface Devices) component. A security vulnerability exists in the IOHIDFamily component of several Apple products. The following products and versions are affected: Apple iOS prior to 13.4; iPadOS prior to 13.4; watchOS prior to 6.2; tvOS prior to 13.4; macOS Catalina prior to 10.15.4.
Alternatively, on your watch, select "My Watch > General > About".
CVE-2020-3892: Yu Wang of Didi Research America
CVE-2020-3893: Yu Wang of Didi Research America
CVE-2020-3905: Yu Wang of Didi Research America
Call History
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to access a user's call
history
Description: This issue was addressed with a new entitlement.
CVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc.
CVE-2020-3884: Apple
sudo
Available for: macOS Catalina 10.15.3
Impact: An attacker may be able to run commands as a non-existent
user
Description: This issue was addressed by updating to sudo version
1.8.31.
CVE-2020-3906: Patrick Wardle of Jamf
Vim
Available for: macOS Catalina 10.15.3
Impact: Multiple issues in Vim
Description: Multiple issues were addressed by updating to version
8.1.1850.
FireWire Audio
We would like to acknowledge Xiaolong Bai and Min (Spark) Zheng of
Alibaba Inc. and Luyi Xing of Indiana University Bloomington for
their assistance.
Install Framework Legacy
We would like to acknowledge Pris Sears of Virginia Tech, Tom Lynch
of UAL Creative Computing Institute, and an anonymous researcher for
their assistance.
Installation note:
macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security
Update 2020-002 High Sierra may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJeejDOAAoJEAc+Lhnt8tDNTtkP/RRnnsXeWXRjFHoRf7P+npKE
Je0ZSoqv08Tgmv+Q0voSdCFZjFAqKXviVgZTGFT7LsuUWqdZEATxkB1fevt7t3Bl
qXWNGpna3mGqWl6I2cWKxVOHT9fysO/31ADgFIwgOWSodvImNdp/JBpOcyRqcFJc
B3TpNq8xtKSpWBVrq0TVHRWMu87VJHkGi78jAJ4x7qgXyWICf3usa9ajqYqzV99m
6/DrIH4s2Um2zJVi4YyzK0+rR2B2Q1eO8CFuzUB9D1HKCEnRXoRfALFC8v83p7cC
m46CarISSrnMEYkxNhxsOGQbcMyBR3GDNZlo8/Y+Syqgwp3AKWbRFUDDM9vbCv6F
z1fkWBmGftcd6G8dqO0dMAR6asglg9z2/GF/+3pZh5Mmmd7EBX+YeA84BhDTTsTs
671Af+F8OxSqgRV8qe+dbiFbD9qylM1luJD98PzoiFMO3h29fS41ofpuA6BTrdQN
JPWY0NwTS11xQb11LHhXm7nF9vsrCIIspauOfkLbpCx6AWJQ/FpPyIXBYUEJ50ho
NWWv4jmT+v8PSC2tSM0yMeI4OJX/+yd91uKLqzGGr1x2zshrXoMx0VDpg8HJkLfT
y7CSgFrBGO8AgrcsZ6I8nDleoBsrEpLh2qEil7GexwoyUrVvfxCueW0shv4Oo4gf
ZHp7Jd+FZIoCP69dNnxG
=AUHy
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-03-24-1 iOS 13.4 and iPadOS 13.4
iOS 13.4 and iPadOS 13.4 are now available and address the following:
ActionKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to use an SSH client provided by
private frameworks
Description: This issue was addressed with a new entitlement.
CVE-2020-3917: Steven Troughton-Smith (@stroughtonsmith)
AppleMobileFileIntegrity
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-3883: Linus Henze (pinauten.de)
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: A logic issue was addressed with improved state
management.
CVE-2020-9770: Jianliang Wu of PurSec Lab of Purdue University,
Xinwen Fu and Yue Zhang of the University of Central Florida
CoreFoundation
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to elevate privileges
Description: A permissions issue existed.
CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG
Icons
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Setting an alternate app icon may disclose a photo without
needing permission to access photos
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-3916: Vitaliy Alekseev (@villy21)
Icons
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs
Image Processing
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9768: Mohamed Ghannam (@_simo36)
IOHIDFamily
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3919: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3914: pattern-f (@pattern_F_) of WaCai
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved state management.
CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-3910: LGTM.com
libxml2
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2020-3909: LGTM.com
CVE-2020-3911: found by OSS-Fuzz
Mail
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A local user may be able to view deleted content in the app
switcher
Description: The issue was resolved by clearing application previews
when content is deleted.
CVE-2020-9780: an anonymous researcher, Dimitris Chaintinis
Mail Attachments
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Cropped videos may not be shared properly via Mail
Description: An issue existed in the selection of video file by Mail.
The issue was fixed by selecting the latest version of a video.
CVE-2020-9777
Messages
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A person with physical access to a locked iOS device may be
able to respond to messages even when replies are disabled
Description: A logic issue was addressed with improved state
management.
CVE-2020-3891: Peter Scott
Messages Composition
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Deleted messages groups may still be suggested as an
autocompletion
Description: The issue was addressed with improved deletion.
CVE-2020-3890: an anonymous researcher
Safari
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A user's private browsing activity may be unexpectedly saved
in Screen Time
Description: An issue existed in the handling of tabs displaying
picture in picture video.
CVE-2020-9775: an anonymous researcher, Marek Wawro
(futurefinance.com) and Sambor Wawro of STO64 School Krakow Poland
Safari
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A user may grant website permissions to a site they didn't
intend to
Description: The issue was addressed by clearing website permission
prompts after navigation.
CVE-2020-9781: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)
Web App
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A maliciously crafted page may interfere with other web
contexts
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3888: Darren Jones of Dappological Ltd.
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to read restricted memory
Description: A race condition was addressed with additional
validation.
CVE-2020-3894: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2020-3899: found by OSS-Fuzz
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-3902: Yiğit Can YILMAZ (@yilmazcanyigit)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3895: grigoritchy
CVE-2020-3900: Dongzhuo Zhao working with ADLab of Venustech
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-3901: Benjamin Randazzo (@____benjamin)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A download's origin may be incorrectly associated
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3887: Ryan Pickren (ryanpickren.com)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9783: Apple
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro’s
Zero Day Initiative
WebKit Page Loading
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A file URL may be incorrectly processed
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3885: Ryan Pickren (ryanpickren.com)
Additional recognition
FontParser
We would like to acknowledge Matthew Denton of Google Chrome for
their assistance.
Kernel
We would like to acknowledge Siguza for their assistance.
LinkPresentation
We would like to acknowledge Travis for their assistance.
Notes
We would like to acknowledge Mike DiLoreto for their assistance.
rapportd
We would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of
Technische Universität Darmstadt for their assistance.
Safari Reader
We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs
(payatu.com) for their assistance.
Sidecar
We would like to acknowledge Rick Backley (@rback_sec) for their
assistance.
SiriKit
We would like to acknowledge Ioan Florescu and Ki Ha Nam for their
assistance.
WebKit
We would like to acknowledge Emilio Cobos Álvarez of Mozilla, Samuel
Groß of Google Project Zero, and an anonymous researcher for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 13.4 and iPadOS 13.4".
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJeekZMAAoJEAc+Lhnt8tDNKCgP/3pVmWn5xSJ/VS0kgOY3XsuF
dy80y4fIR+0y0Gx2t06RY/5fROnZWYpCs7TjWg0ZoWF73wplM6nfR19QaS0evqrK
KJq46grrKHnhgrmSqCzNiar5uYm6/S3BLCueikeqAX2osMOI/rmWGy0/BFxgv6vL
OS6n9n6NO0V9wQQdnOveWMARi0w9M3S07j86T4OUNEw49Z3dNcndP6HYxagQAP1Y
7O26ls+HkgH7mbHxvUN0WqtmTCaOgB4pXeTCrd4d/ev1LTiO4NH00DcaC6a2adhD
c7TZO9Ba5H15XVVpkPQqFfiKVfjvQcPrTmKk0mdaLnDOB2ntUnvKplCeZPTFefGw
ZidI9SYUnPWJ4ITxji48PcRhbHALW59PYnhHvRRfxyqYhwsNus9i3UZNXkjm5U0D
hdDevEztCnkAsqZWq9hvCwDrsIvvlGrueuCC6jqODSNWucod/inOvGZ2N0/rwc/r
UtlGyZtQj9rWvZix0daOEWYnwSoV09XuIhUlcEEG/CU1XlVOCAD01n02zIGcLc2C
Rm/61L08KcRDRvBLsNEYDgfnvxj2Lsyi2wf8L0VGpkHJkoDifLh64fPYshjhL6t5
OeKelaH5yPeTdu2bs4ispTmlUJ9NYVHxyDeWGdtz4sfCFAji+pK9uFHFh3woVs6U
QZLTM48mlSBSN+txWmsZ
=K2in
-----END PGP SIGNATURE-----
| VAR-202004-1981 | CVE-2020-3908 | macOS Catalina Out-of-bounds read vulnerability in |
CVSS V2: 6.6 CVSS V3: 7.1 Severity: HIGH |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. Bluetooth is one of the Bluetooth components. A buffer error vulnerability exists in the Bluetooth component of Apple macOS Catalina versions prior to 10.15.4. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-03-24-2 macOS Catalina 10.15.4, Security Update
2020-002 Mojave, Security Update 2020-002 High Sierra
macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security
Update 2020-002 High Sierra are now available and address the
following:
Apple HSSPI Support
Available for: macOS Catalina 10.15.3
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3903: Proteas of Qihoo 360 Nirvan Team
AppleGraphicsControl
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved state management.
CVE-2020-3904: Proteas of Qihoo 360 Nirvan Team
AppleMobileFileIntegrity
Available for: macOS Catalina 10.15.3
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-3907: Yu Wang of Didi Research America
CVE-2020-3908: Yu Wang of Didi Research America
CVE-2020-3912: Yu Wang of Didi Research America
Bluetooth
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2019-8853: Jianjun Dai of Qihoo 360 Alpha Lab
Bluetooth
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-3892: Yu Wang of Didi Research America
CVE-2020-3893: Yu Wang of Didi Research America
CVE-2020-3905: Yu Wang of Didi Research America
Call History
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to access a user's call
history
Description: This issue was addressed with a new entitlement.
CVE-2020-9776: Benjamin Randazzo (@____benjamin)
CoreFoundation
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to elevate privileges
Description: A permissions issue existed.
CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG
FaceTime
Available for: macOS Catalina 10.15.3
Impact: A local user may be able to view sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2020-3881: Yuval Ron, Amichai Shulman and Eli Biham of Technion -
Israel Institute of Technology
Icons
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs
Intel Graphics Driver
Available for: macOS Catalina 10.15.3
Impact: A malicious application may disclose restricted memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2019-14615: Wenjian HE of Hong Kong University of Science and
Technology, Wei Zhang of Hong Kong University of Science and
Technology, Sharad Sinha of Indian Institute of Technology Goa, and
Sanjeev Das of University of North Carolina
IOHIDFamily
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3919: an anonymous researcher
IOThunderboltFamily
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: An application may be able to gain elevated privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and
Luyi Xing of Indiana University Bloomington
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3914: pattern-f (@pattern_F_) of WaCai
Kernel
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved state management.
CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2020-3909: LGTM.com
CVE-2020-3911: found by OSS-Fuzz
libxml2
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-3910: LGTM.com
Mail
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.3
Impact: A remote attacker may be able to cause arbitrary javascript
code execution
Description: An injection issue was addressed with improved
validation.
CVE-2020-3884: Apple
sudo
Available for: macOS Catalina 10.15.3
Impact: An attacker may be able to run commands as a non-existent
user
Description: This issue was addressed by updating to sudo version
1.8.31.
CVE-2019-19232
TCC
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.3
Impact: A maliciously crafted application may be able to bypass code
signing enforcement
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3906: Patrick Wardle of Jamf
Vim
Available for: macOS Catalina 10.15.3
Impact: Multiple issues in Vim
Description: Multiple issues were addressed by updating to version
8.1.1850.
CVE-2020-9769: Steve Hahn from LinkedIn
Additional recognition
CoreText
We would like to acknowledge an anonymous researcher for their
assistance.
FireWire Audio
We would like to acknowledge Xiaolong Bai and Min (Spark) Zheng of
Alibaba Inc. and Luyi Xing of Indiana University Bloomington for
their assistance.
FontParser
We would like to acknowledge Matthew Denton of Google Chrome for
their assistance.
Install Framework Legacy
We would like to acknowledge Pris Sears of Virginia Tech, Tom Lynch
of UAL Creative Computing Institute, and an anonymous researcher for
their assistance.
LinkPresentation
We would like to acknowledge Travis for their assistance.
OpenSSH
We would like to acknowledge an anonymous researcher for their
assistance.
rapportd
We would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of
Technische Universität Darmstadt for their assistance.
Sidecar
We would like to acknowledge Rick Backley (@rback_sec) for their
assistance.
Installation note:
macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security
Update 2020-002 High Sierra may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJeejDOAAoJEAc+Lhnt8tDNTtkP/RRnnsXeWXRjFHoRf7P+npKE
Je0ZSoqv08Tgmv+Q0voSdCFZjFAqKXviVgZTGFT7LsuUWqdZEATxkB1fevt7t3Bl
qXWNGpna3mGqWl6I2cWKxVOHT9fysO/31ADgFIwgOWSodvImNdp/JBpOcyRqcFJc
B3TpNq8xtKSpWBVrq0TVHRWMu87VJHkGi78jAJ4x7qgXyWICf3usa9ajqYqzV99m
6/DrIH4s2Um2zJVi4YyzK0+rR2B2Q1eO8CFuzUB9D1HKCEnRXoRfALFC8v83p7cC
m46CarISSrnMEYkxNhxsOGQbcMyBR3GDNZlo8/Y+Syqgwp3AKWbRFUDDM9vbCv6F
z1fkWBmGftcd6G8dqO0dMAR6asglg9z2/GF/+3pZh5Mmmd7EBX+YeA84BhDTTsTs
671Af+F8OxSqgRV8qe+dbiFbD9qylM1luJD98PzoiFMO3h29fS41ofpuA6BTrdQN
JPWY0NwTS11xQb11LHhXm7nF9vsrCIIspauOfkLbpCx6AWJQ/FpPyIXBYUEJ50ho
NWWv4jmT+v8PSC2tSM0yMeI4OJX/+yd91uKLqzGGr1x2zshrXoMx0VDpg8HJkLfT
y7CSgFrBGO8AgrcsZ6I8nDleoBsrEpLh2qEil7GexwoyUrVvfxCueW0shv4Oo4gf
ZHp7Jd+FZIoCP69dNnxG
=AUHy
-----END PGP SIGNATURE-----
| VAR-202004-1980 | CVE-2020-3907 | macOS Catalina Out-of-bounds read vulnerability in |
CVSS V2: 6.6 CVSS V3: 7.1 Severity: HIGH |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read kernel memory. macOS Catalina Contains an out-of-bounds read vulnerability due to flawed input validation.Local users can abruptly shut down the system and read kernel memory. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. Bluetooth is one of the Bluetooth components. A buffer error vulnerability exists in the Bluetooth component of Apple macOS Catalina versions prior to 10.15.4. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-03-24-2 macOS Catalina 10.15.4, Security Update
2020-002 Mojave, Security Update 2020-002 High Sierra
macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security
Update 2020-002 High Sierra are now available and address the
following:
Apple HSSPI Support
Available for: macOS Catalina 10.15.3
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3903: Proteas of Qihoo 360 Nirvan Team
AppleGraphicsControl
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved state management.
CVE-2020-3904: Proteas of Qihoo 360 Nirvan Team
AppleMobileFileIntegrity
Available for: macOS Catalina 10.15.3
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-3907: Yu Wang of Didi Research America
CVE-2020-3908: Yu Wang of Didi Research America
CVE-2020-3912: Yu Wang of Didi Research America
Bluetooth
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2019-8853: Jianjun Dai of Qihoo 360 Alpha Lab
Bluetooth
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-3892: Yu Wang of Didi Research America
CVE-2020-3893: Yu Wang of Didi Research America
CVE-2020-3905: Yu Wang of Didi Research America
Call History
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to access a user's call
history
Description: This issue was addressed with a new entitlement.
CVE-2020-9776: Benjamin Randazzo (@____benjamin)
CoreFoundation
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to elevate privileges
Description: A permissions issue existed.
CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG
FaceTime
Available for: macOS Catalina 10.15.3
Impact: A local user may be able to view sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2020-3881: Yuval Ron, Amichai Shulman and Eli Biham of Technion -
Israel Institute of Technology
Icons
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs
Intel Graphics Driver
Available for: macOS Catalina 10.15.3
Impact: A malicious application may disclose restricted memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2019-14615: Wenjian HE of Hong Kong University of Science and
Technology, Wei Zhang of Hong Kong University of Science and
Technology, Sharad Sinha of Indian Institute of Technology Goa, and
Sanjeev Das of University of North Carolina
IOHIDFamily
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3919: an anonymous researcher
IOThunderboltFamily
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: An application may be able to gain elevated privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and
Luyi Xing of Indiana University Bloomington
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3914: pattern-f (@pattern_F_) of WaCai
Kernel
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved state management.
CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2020-3909: LGTM.com
CVE-2020-3911: found by OSS-Fuzz
libxml2
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-3910: LGTM.com
Mail
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.3
Impact: A remote attacker may be able to cause arbitrary javascript
code execution
Description: An injection issue was addressed with improved
validation.
CVE-2020-3884: Apple
sudo
Available for: macOS Catalina 10.15.3
Impact: An attacker may be able to run commands as a non-existent
user
Description: This issue was addressed by updating to sudo version
1.8.31.
CVE-2019-19232
TCC
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.3
Impact: A maliciously crafted application may be able to bypass code
signing enforcement
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3906: Patrick Wardle of Jamf
Vim
Available for: macOS Catalina 10.15.3
Impact: Multiple issues in Vim
Description: Multiple issues were addressed by updating to version
8.1.1850.
CVE-2020-9769: Steve Hahn from LinkedIn
Additional recognition
CoreText
We would like to acknowledge an anonymous researcher for their
assistance.
FireWire Audio
We would like to acknowledge Xiaolong Bai and Min (Spark) Zheng of
Alibaba Inc. and Luyi Xing of Indiana University Bloomington for
their assistance.
FontParser
We would like to acknowledge Matthew Denton of Google Chrome for
their assistance.
Install Framework Legacy
We would like to acknowledge Pris Sears of Virginia Tech, Tom Lynch
of UAL Creative Computing Institute, and an anonymous researcher for
their assistance.
LinkPresentation
We would like to acknowledge Travis for their assistance.
OpenSSH
We would like to acknowledge an anonymous researcher for their
assistance.
rapportd
We would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of
Technische Universität Darmstadt for their assistance.
Sidecar
We would like to acknowledge Rick Backley (@rback_sec) for their
assistance.
Installation note:
macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security
Update 2020-002 High Sierra may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJeejDOAAoJEAc+Lhnt8tDNTtkP/RRnnsXeWXRjFHoRf7P+npKE
Je0ZSoqv08Tgmv+Q0voSdCFZjFAqKXviVgZTGFT7LsuUWqdZEATxkB1fevt7t3Bl
qXWNGpna3mGqWl6I2cWKxVOHT9fysO/31ADgFIwgOWSodvImNdp/JBpOcyRqcFJc
B3TpNq8xtKSpWBVrq0TVHRWMu87VJHkGi78jAJ4x7qgXyWICf3usa9ajqYqzV99m
6/DrIH4s2Um2zJVi4YyzK0+rR2B2Q1eO8CFuzUB9D1HKCEnRXoRfALFC8v83p7cC
m46CarISSrnMEYkxNhxsOGQbcMyBR3GDNZlo8/Y+Syqgwp3AKWbRFUDDM9vbCv6F
z1fkWBmGftcd6G8dqO0dMAR6asglg9z2/GF/+3pZh5Mmmd7EBX+YeA84BhDTTsTs
671Af+F8OxSqgRV8qe+dbiFbD9qylM1luJD98PzoiFMO3h29fS41ofpuA6BTrdQN
JPWY0NwTS11xQb11LHhXm7nF9vsrCIIspauOfkLbpCx6AWJQ/FpPyIXBYUEJ50ho
NWWv4jmT+v8PSC2tSM0yMeI4OJX/+yd91uKLqzGGr1x2zshrXoMx0VDpg8HJkLfT
y7CSgFrBGO8AgrcsZ6I8nDleoBsrEpLh2qEil7GexwoyUrVvfxCueW0shv4Oo4gf
ZHp7Jd+FZIoCP69dNnxG
=AUHy
-----END PGP SIGNATURE-----
| VAR-202004-1986 | CVE-2020-3913 | plural Apple Product permission vulnerabilities |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, watchOS 6.2. A malicious application may be able to elevate privileges. plural Apple A permission vulnerability exists in the product due to a flawed permission validation.You may be elevated. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. CoreFoundation is one of the C language application programming interface (API) components. The following products and versions are affected: iOS prior to 13.4; iPadOS prior to 13.4; watchOS prior to 6.2; macOS Catalina prior to 10.15.4.
Alternatively, on your watch, select "My Watch > General > About".
CVE-2020-3892: Yu Wang of Didi Research America
CVE-2020-3893: Yu Wang of Didi Research America
CVE-2020-3905: Yu Wang of Didi Research America
Call History
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to access a user's call
history
Description: This issue was addressed with a new entitlement.
CVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc.
CVE-2020-3884: Apple
sudo
Available for: macOS Catalina 10.15.3
Impact: An attacker may be able to run commands as a non-existent
user
Description: This issue was addressed by updating to sudo version
1.8.31.
CVE-2020-3906: Patrick Wardle of Jamf
Vim
Available for: macOS Catalina 10.15.3
Impact: Multiple issues in Vim
Description: Multiple issues were addressed by updating to version
8.1.1850.
FireWire Audio
We would like to acknowledge Xiaolong Bai and Min (Spark) Zheng of
Alibaba Inc. and Luyi Xing of Indiana University Bloomington for
their assistance.
Install Framework Legacy
We would like to acknowledge Pris Sears of Virginia Tech, Tom Lynch
of UAL Creative Computing Institute, and an anonymous researcher for
their assistance.
Installation note:
macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security
Update 2020-002 High Sierra may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJeejDOAAoJEAc+Lhnt8tDNTtkP/RRnnsXeWXRjFHoRf7P+npKE
Je0ZSoqv08Tgmv+Q0voSdCFZjFAqKXviVgZTGFT7LsuUWqdZEATxkB1fevt7t3Bl
qXWNGpna3mGqWl6I2cWKxVOHT9fysO/31ADgFIwgOWSodvImNdp/JBpOcyRqcFJc
B3TpNq8xtKSpWBVrq0TVHRWMu87VJHkGi78jAJ4x7qgXyWICf3usa9ajqYqzV99m
6/DrIH4s2Um2zJVi4YyzK0+rR2B2Q1eO8CFuzUB9D1HKCEnRXoRfALFC8v83p7cC
m46CarISSrnMEYkxNhxsOGQbcMyBR3GDNZlo8/Y+Syqgwp3AKWbRFUDDM9vbCv6F
z1fkWBmGftcd6G8dqO0dMAR6asglg9z2/GF/+3pZh5Mmmd7EBX+YeA84BhDTTsTs
671Af+F8OxSqgRV8qe+dbiFbD9qylM1luJD98PzoiFMO3h29fS41ofpuA6BTrdQN
JPWY0NwTS11xQb11LHhXm7nF9vsrCIIspauOfkLbpCx6AWJQ/FpPyIXBYUEJ50ho
NWWv4jmT+v8PSC2tSM0yMeI4OJX/+yd91uKLqzGGr1x2zshrXoMx0VDpg8HJkLfT
y7CSgFrBGO8AgrcsZ6I8nDleoBsrEpLh2qEil7GexwoyUrVvfxCueW0shv4Oo4gf
ZHp7Jd+FZIoCP69dNnxG
=AUHy
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-03-24-1 iOS 13.4 and iPadOS 13.4
iOS 13.4 and iPadOS 13.4 are now available and address the following:
ActionKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to use an SSH client provided by
private frameworks
Description: This issue was addressed with a new entitlement.
CVE-2020-3917: Steven Troughton-Smith (@stroughtonsmith)
AppleMobileFileIntegrity
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-3883: Linus Henze (pinauten.de)
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: A logic issue was addressed with improved state
management.
CVE-2020-9770: Jianliang Wu of PurSec Lab of Purdue University,
Xinwen Fu and Yue Zhang of the University of Central Florida
CoreFoundation
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to elevate privileges
Description: A permissions issue existed.
CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG
Icons
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Setting an alternate app icon may disclose a photo without
needing permission to access photos
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-3916: Vitaliy Alekseev (@villy21)
Icons
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs
Image Processing
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9768: Mohamed Ghannam (@_simo36)
IOHIDFamily
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3919: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3914: pattern-f (@pattern_F_) of WaCai
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved state management.
CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-3910: LGTM.com
libxml2
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2020-3909: LGTM.com
CVE-2020-3911: found by OSS-Fuzz
Mail
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A local user may be able to view deleted content in the app
switcher
Description: The issue was resolved by clearing application previews
when content is deleted.
CVE-2020-9780: an anonymous researcher, Dimitris Chaintinis
Mail Attachments
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Cropped videos may not be shared properly via Mail
Description: An issue existed in the selection of video file by Mail.
The issue was fixed by selecting the latest version of a video.
CVE-2020-9777
Messages
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A person with physical access to a locked iOS device may be
able to respond to messages even when replies are disabled
Description: A logic issue was addressed with improved state
management.
CVE-2020-3891: Peter Scott
Messages Composition
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Deleted messages groups may still be suggested as an
autocompletion
Description: The issue was addressed with improved deletion.
CVE-2020-3890: an anonymous researcher
Safari
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A user's private browsing activity may be unexpectedly saved
in Screen Time
Description: An issue existed in the handling of tabs displaying
picture in picture video.
CVE-2020-9775: an anonymous researcher, Marek Wawro
(futurefinance.com) and Sambor Wawro of STO64 School Krakow Poland
Safari
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A user may grant website permissions to a site they didn't
intend to
Description: The issue was addressed by clearing website permission
prompts after navigation.
CVE-2020-9781: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)
Web App
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A maliciously crafted page may interfere with other web
contexts
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3888: Darren Jones of Dappological Ltd.
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to read restricted memory
Description: A race condition was addressed with additional
validation.
CVE-2020-3894: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2020-3899: found by OSS-Fuzz
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-3902: Yiğit Can YILMAZ (@yilmazcanyigit)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3895: grigoritchy
CVE-2020-3900: Dongzhuo Zhao working with ADLab of Venustech
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-3901: Benjamin Randazzo (@____benjamin)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A download's origin may be incorrectly associated
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3887: Ryan Pickren (ryanpickren.com)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9783: Apple
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro’s
Zero Day Initiative
WebKit Page Loading
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A file URL may be incorrectly processed
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3885: Ryan Pickren (ryanpickren.com)
Additional recognition
FontParser
We would like to acknowledge Matthew Denton of Google Chrome for
their assistance.
Kernel
We would like to acknowledge Siguza for their assistance.
LinkPresentation
We would like to acknowledge Travis for their assistance.
Notes
We would like to acknowledge Mike DiLoreto for their assistance.
rapportd
We would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of
Technische Universität Darmstadt for their assistance.
Safari Reader
We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs
(payatu.com) for their assistance.
Sidecar
We would like to acknowledge Rick Backley (@rback_sec) for their
assistance.
SiriKit
We would like to acknowledge Ioan Florescu and Ki Ha Nam for their
assistance.
WebKit
We would like to acknowledge Emilio Cobos Álvarez of Mozilla, Samuel
Groß of Google Project Zero, and an anonymous researcher for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 13.4 and iPadOS 13.4".
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJeekZMAAoJEAc+Lhnt8tDNKCgP/3pVmWn5xSJ/VS0kgOY3XsuF
dy80y4fIR+0y0Gx2t06RY/5fROnZWYpCs7TjWg0ZoWF73wplM6nfR19QaS0evqrK
KJq46grrKHnhgrmSqCzNiar5uYm6/S3BLCueikeqAX2osMOI/rmWGy0/BFxgv6vL
OS6n9n6NO0V9wQQdnOveWMARi0w9M3S07j86T4OUNEw49Z3dNcndP6HYxagQAP1Y
7O26ls+HkgH7mbHxvUN0WqtmTCaOgB4pXeTCrd4d/ev1LTiO4NH00DcaC6a2adhD
c7TZO9Ba5H15XVVpkPQqFfiKVfjvQcPrTmKk0mdaLnDOB2ntUnvKplCeZPTFefGw
ZidI9SYUnPWJ4ITxji48PcRhbHALW59PYnhHvRRfxyqYhwsNus9i3UZNXkjm5U0D
hdDevEztCnkAsqZWq9hvCwDrsIvvlGrueuCC6jqODSNWucod/inOvGZ2N0/rwc/r
UtlGyZtQj9rWvZix0daOEWYnwSoV09XuIhUlcEEG/CU1XlVOCAD01n02zIGcLc2C
Rm/61L08KcRDRvBLsNEYDgfnvxj2Lsyi2wf8L0VGpkHJkoDifLh64fPYshjhL6t5
OeKelaH5yPeTdu2bs4ispTmlUJ9NYVHxyDeWGdtz4sfCFAji+pK9uFHFh3woVs6U
QZLTM48mlSBSN+txWmsZ
=K2in
-----END PGP SIGNATURE-----
| VAR-202004-1979 | CVE-2020-3906 | macOS Catalina Logic vulnerabilities in |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.4. A maliciously crafted application may be able to bypass code signing enforcement. macOS Catalina Has a logic vulnerability due to a flawed restriction.You may be able to avoid performing code signing. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. TCC is one of the data request consent and control components. A security vulnerability exists in the TCC component of Apple macOS Catalina prior to 10.15.4. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-03-24-2 macOS Catalina 10.15.4, Security Update
2020-002 Mojave, Security Update 2020-002 High Sierra
macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security
Update 2020-002 High Sierra are now available and address the
following:
Apple HSSPI Support
Available for: macOS Catalina 10.15.3
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3903: Proteas of Qihoo 360 Nirvan Team
AppleGraphicsControl
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved state management.
CVE-2020-3904: Proteas of Qihoo 360 Nirvan Team
AppleMobileFileIntegrity
Available for: macOS Catalina 10.15.3
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-3883: Linus Henze (pinauten.de)
Bluetooth
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3907: Yu Wang of Didi Research America
CVE-2020-3908: Yu Wang of Didi Research America
CVE-2020-3912: Yu Wang of Didi Research America
Bluetooth
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2019-8853: Jianjun Dai of Qihoo 360 Alpha Lab
Bluetooth
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-3892: Yu Wang of Didi Research America
CVE-2020-3893: Yu Wang of Didi Research America
CVE-2020-3905: Yu Wang of Didi Research America
Call History
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to access a user's call
history
Description: This issue was addressed with a new entitlement.
CVE-2020-9776: Benjamin Randazzo (@____benjamin)
CoreFoundation
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to elevate privileges
Description: A permissions issue existed.
CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG
FaceTime
Available for: macOS Catalina 10.15.3
Impact: A local user may be able to view sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2020-3881: Yuval Ron, Amichai Shulman and Eli Biham of Technion -
Israel Institute of Technology
Icons
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs
Intel Graphics Driver
Available for: macOS Catalina 10.15.3
Impact: A malicious application may disclose restricted memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2019-14615: Wenjian HE of Hong Kong University of Science and
Technology, Wei Zhang of Hong Kong University of Science and
Technology, Sharad Sinha of Indian Institute of Technology Goa, and
Sanjeev Das of University of North Carolina
IOHIDFamily
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3919: an anonymous researcher
IOThunderboltFamily
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: An application may be able to gain elevated privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and
Luyi Xing of Indiana University Bloomington
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3914: pattern-f (@pattern_F_) of WaCai
Kernel
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved state management.
CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2020-3909: LGTM.com
CVE-2020-3911: found by OSS-Fuzz
libxml2
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-3910: LGTM.com
Mail
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.3
Impact: A remote attacker may be able to cause arbitrary javascript
code execution
Description: An injection issue was addressed with improved
validation.
CVE-2020-3884: Apple
sudo
Available for: macOS Catalina 10.15.3
Impact: An attacker may be able to run commands as a non-existent
user
Description: This issue was addressed by updating to sudo version
1.8.31.
CVE-2020-3906: Patrick Wardle of Jamf
Vim
Available for: macOS Catalina 10.15.3
Impact: Multiple issues in Vim
Description: Multiple issues were addressed by updating to version
8.1.1850.
CVE-2020-9769: Steve Hahn from LinkedIn
Additional recognition
CoreText
We would like to acknowledge an anonymous researcher for their
assistance.
FireWire Audio
We would like to acknowledge Xiaolong Bai and Min (Spark) Zheng of
Alibaba Inc. and Luyi Xing of Indiana University Bloomington for
their assistance.
FontParser
We would like to acknowledge Matthew Denton of Google Chrome for
their assistance.
Install Framework Legacy
We would like to acknowledge Pris Sears of Virginia Tech, Tom Lynch
of UAL Creative Computing Institute, and an anonymous researcher for
their assistance.
LinkPresentation
We would like to acknowledge Travis for their assistance.
OpenSSH
We would like to acknowledge an anonymous researcher for their
assistance.
rapportd
We would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of
Technische Universität Darmstadt for their assistance.
Sidecar
We would like to acknowledge Rick Backley (@rback_sec) for their
assistance.
Installation note:
macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security
Update 2020-002 High Sierra may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJeejDOAAoJEAc+Lhnt8tDNTtkP/RRnnsXeWXRjFHoRf7P+npKE
Je0ZSoqv08Tgmv+Q0voSdCFZjFAqKXviVgZTGFT7LsuUWqdZEATxkB1fevt7t3Bl
qXWNGpna3mGqWl6I2cWKxVOHT9fysO/31ADgFIwgOWSodvImNdp/JBpOcyRqcFJc
B3TpNq8xtKSpWBVrq0TVHRWMu87VJHkGi78jAJ4x7qgXyWICf3usa9ajqYqzV99m
6/DrIH4s2Um2zJVi4YyzK0+rR2B2Q1eO8CFuzUB9D1HKCEnRXoRfALFC8v83p7cC
m46CarISSrnMEYkxNhxsOGQbcMyBR3GDNZlo8/Y+Syqgwp3AKWbRFUDDM9vbCv6F
z1fkWBmGftcd6G8dqO0dMAR6asglg9z2/GF/+3pZh5Mmmd7EBX+YeA84BhDTTsTs
671Af+F8OxSqgRV8qe+dbiFbD9qylM1luJD98PzoiFMO3h29fS41ofpuA6BTrdQN
JPWY0NwTS11xQb11LHhXm7nF9vsrCIIspauOfkLbpCx6AWJQ/FpPyIXBYUEJ50ho
NWWv4jmT+v8PSC2tSM0yMeI4OJX/+yd91uKLqzGGr1x2zshrXoMx0VDpg8HJkLfT
y7CSgFrBGO8AgrcsZ6I8nDleoBsrEpLh2qEil7GexwoyUrVvfxCueW0shv4Oo4gf
ZHp7Jd+FZIoCP69dNnxG
=AUHy
-----END PGP SIGNATURE-----
| VAR-202004-1977 | CVE-2020-3904 | macOS Catalina Memory Corruption Vulnerability in |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
Multiple memory corruption issues were addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. AppleGraphicsControl is one of the graphics control components. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-03-24-2 macOS Catalina 10.15.4, Security Update
2020-002 Mojave, Security Update 2020-002 High Sierra
macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security
Update 2020-002 High Sierra are now available and address the
following:
Apple HSSPI Support
Available for: macOS Catalina 10.15.3
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3904: Proteas of Qihoo 360 Nirvan Team
AppleMobileFileIntegrity
Available for: macOS Catalina 10.15.3
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-3883: Linus Henze (pinauten.de)
Bluetooth
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3907: Yu Wang of Didi Research America
CVE-2020-3908: Yu Wang of Didi Research America
CVE-2020-3912: Yu Wang of Didi Research America
Bluetooth
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2020-3892: Yu Wang of Didi Research America
CVE-2020-3893: Yu Wang of Didi Research America
CVE-2020-3905: Yu Wang of Didi Research America
Call History
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to access a user's call
history
Description: This issue was addressed with a new entitlement.
CVE-2020-9776: Benjamin Randazzo (@____benjamin)
CoreFoundation
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to elevate privileges
Description: A permissions issue existed. This issue was addressed
with improved permission validation.
CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG
FaceTime
Available for: macOS Catalina 10.15.3
Impact: A local user may be able to view sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2020-3881: Yuval Ron, Amichai Shulman and Eli Biham of Technion -
Israel Institute of Technology
Icons
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs
Intel Graphics Driver
Available for: macOS Catalina 10.15.3
Impact: A malicious application may disclose restricted memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2019-14615: Wenjian HE of Hong Kong University of Science and
Technology, Wei Zhang of Hong Kong University of Science and
Technology, Sharad Sinha of Indian Institute of Technology Goa, and
Sanjeev Das of University of North Carolina
IOHIDFamily
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3919: an anonymous researcher
IOThunderboltFamily
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: An application may be able to gain elevated privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and
Luyi Xing of Indiana University Bloomington
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2020-3909: LGTM.com
CVE-2020-3911: found by OSS-Fuzz
libxml2
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-3910: LGTM.com
Mail
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.3
Impact: A remote attacker may be able to cause arbitrary javascript
code execution
Description: An injection issue was addressed with improved
validation.
CVE-2020-3884: Apple
sudo
Available for: macOS Catalina 10.15.3
Impact: An attacker may be able to run commands as a non-existent
user
Description: This issue was addressed by updating to sudo version
1.8.31.
CVE-2019-19232
TCC
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.3
Impact: A maliciously crafted application may be able to bypass code
signing enforcement
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3906: Patrick Wardle of Jamf
Vim
Available for: macOS Catalina 10.15.3
Impact: Multiple issues in Vim
Description: Multiple issues were addressed by updating to version
8.1.1850.
CVE-2020-9769: Steve Hahn from LinkedIn
Additional recognition
CoreText
We would like to acknowledge an anonymous researcher for their
assistance.
FireWire Audio
We would like to acknowledge Xiaolong Bai and Min (Spark) Zheng of
Alibaba Inc. and Luyi Xing of Indiana University Bloomington for
their assistance.
FontParser
We would like to acknowledge Matthew Denton of Google Chrome for
their assistance.
Install Framework Legacy
We would like to acknowledge Pris Sears of Virginia Tech, Tom Lynch
of UAL Creative Computing Institute, and an anonymous researcher for
their assistance.
LinkPresentation
We would like to acknowledge Travis for their assistance.
OpenSSH
We would like to acknowledge an anonymous researcher for their
assistance.
rapportd
We would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of
Technische Universität Darmstadt for their assistance.
Sidecar
We would like to acknowledge Rick Backley (@rback_sec) for their
assistance.
Installation note:
macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security
Update 2020-002 High Sierra may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJeejDOAAoJEAc+Lhnt8tDNTtkP/RRnnsXeWXRjFHoRf7P+npKE
Je0ZSoqv08Tgmv+Q0voSdCFZjFAqKXviVgZTGFT7LsuUWqdZEATxkB1fevt7t3Bl
qXWNGpna3mGqWl6I2cWKxVOHT9fysO/31ADgFIwgOWSodvImNdp/JBpOcyRqcFJc
B3TpNq8xtKSpWBVrq0TVHRWMu87VJHkGi78jAJ4x7qgXyWICf3usa9ajqYqzV99m
6/DrIH4s2Um2zJVi4YyzK0+rR2B2Q1eO8CFuzUB9D1HKCEnRXoRfALFC8v83p7cC
m46CarISSrnMEYkxNhxsOGQbcMyBR3GDNZlo8/Y+Syqgwp3AKWbRFUDDM9vbCv6F
z1fkWBmGftcd6G8dqO0dMAR6asglg9z2/GF/+3pZh5Mmmd7EBX+YeA84BhDTTsTs
671Af+F8OxSqgRV8qe+dbiFbD9qylM1luJD98PzoiFMO3h29fS41ofpuA6BTrdQN
JPWY0NwTS11xQb11LHhXm7nF9vsrCIIspauOfkLbpCx6AWJQ/FpPyIXBYUEJ50ho
NWWv4jmT+v8PSC2tSM0yMeI4OJX/+yd91uKLqzGGr1x2zshrXoMx0VDpg8HJkLfT
y7CSgFrBGO8AgrcsZ6I8nDleoBsrEpLh2qEil7GexwoyUrVvfxCueW0shv4Oo4gf
ZHp7Jd+FZIoCP69dNnxG
=AUHy
-----END PGP SIGNATURE-----
| VAR-202004-1978 | CVE-2020-3905 | macOS Catalina Memory Corruption Vulnerability in |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. Bluetooth is one of the Bluetooth components. A buffer error vulnerability exists in the Bluetooth component of Apple macOS Catalina versions prior to 10.15.4. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-03-24-2 macOS Catalina 10.15.4, Security Update
2020-002 Mojave, Security Update 2020-002 High Sierra
macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security
Update 2020-002 High Sierra are now available and address the
following:
Apple HSSPI Support
Available for: macOS Catalina 10.15.3
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3904: Proteas of Qihoo 360 Nirvan Team
AppleMobileFileIntegrity
Available for: macOS Catalina 10.15.3
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-3883: Linus Henze (pinauten.de)
Bluetooth
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3907: Yu Wang of Didi Research America
CVE-2020-3908: Yu Wang of Didi Research America
CVE-2020-3912: Yu Wang of Didi Research America
Bluetooth
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2020-3892: Yu Wang of Didi Research America
CVE-2020-3893: Yu Wang of Didi Research America
CVE-2020-3905: Yu Wang of Didi Research America
Call History
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to access a user's call
history
Description: This issue was addressed with a new entitlement.
CVE-2020-9776: Benjamin Randazzo (@____benjamin)
CoreFoundation
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to elevate privileges
Description: A permissions issue existed.
CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG
FaceTime
Available for: macOS Catalina 10.15.3
Impact: A local user may be able to view sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2020-3881: Yuval Ron, Amichai Shulman and Eli Biham of Technion -
Israel Institute of Technology
Icons
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs
Intel Graphics Driver
Available for: macOS Catalina 10.15.3
Impact: A malicious application may disclose restricted memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2019-14615: Wenjian HE of Hong Kong University of Science and
Technology, Wei Zhang of Hong Kong University of Science and
Technology, Sharad Sinha of Indian Institute of Technology Goa, and
Sanjeev Das of University of North Carolina
IOHIDFamily
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3919: an anonymous researcher
IOThunderboltFamily
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: An application may be able to gain elevated privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and
Luyi Xing of Indiana University Bloomington
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2020-3909: LGTM.com
CVE-2020-3911: found by OSS-Fuzz
libxml2
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-3910: LGTM.com
Mail
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.3
Impact: A remote attacker may be able to cause arbitrary javascript
code execution
Description: An injection issue was addressed with improved
validation.
CVE-2020-3884: Apple
sudo
Available for: macOS Catalina 10.15.3
Impact: An attacker may be able to run commands as a non-existent
user
Description: This issue was addressed by updating to sudo version
1.8.31.
CVE-2019-19232
TCC
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.3
Impact: A maliciously crafted application may be able to bypass code
signing enforcement
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3906: Patrick Wardle of Jamf
Vim
Available for: macOS Catalina 10.15.3
Impact: Multiple issues in Vim
Description: Multiple issues were addressed by updating to version
8.1.1850.
CVE-2020-9769: Steve Hahn from LinkedIn
Additional recognition
CoreText
We would like to acknowledge an anonymous researcher for their
assistance.
FireWire Audio
We would like to acknowledge Xiaolong Bai and Min (Spark) Zheng of
Alibaba Inc. and Luyi Xing of Indiana University Bloomington for
their assistance.
FontParser
We would like to acknowledge Matthew Denton of Google Chrome for
their assistance.
Install Framework Legacy
We would like to acknowledge Pris Sears of Virginia Tech, Tom Lynch
of UAL Creative Computing Institute, and an anonymous researcher for
their assistance.
LinkPresentation
We would like to acknowledge Travis for their assistance.
OpenSSH
We would like to acknowledge an anonymous researcher for their
assistance.
rapportd
We would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of
Technische Universität Darmstadt for their assistance.
Sidecar
We would like to acknowledge Rick Backley (@rback_sec) for their
assistance.
Installation note:
macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security
Update 2020-002 High Sierra may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJeejDOAAoJEAc+Lhnt8tDNTtkP/RRnnsXeWXRjFHoRf7P+npKE
Je0ZSoqv08Tgmv+Q0voSdCFZjFAqKXviVgZTGFT7LsuUWqdZEATxkB1fevt7t3Bl
qXWNGpna3mGqWl6I2cWKxVOHT9fysO/31ADgFIwgOWSodvImNdp/JBpOcyRqcFJc
B3TpNq8xtKSpWBVrq0TVHRWMu87VJHkGi78jAJ4x7qgXyWICf3usa9ajqYqzV99m
6/DrIH4s2Um2zJVi4YyzK0+rR2B2Q1eO8CFuzUB9D1HKCEnRXoRfALFC8v83p7cC
m46CarISSrnMEYkxNhxsOGQbcMyBR3GDNZlo8/Y+Syqgwp3AKWbRFUDDM9vbCv6F
z1fkWBmGftcd6G8dqO0dMAR6asglg9z2/GF/+3pZh5Mmmd7EBX+YeA84BhDTTsTs
671Af+F8OxSqgRV8qe+dbiFbD9qylM1luJD98PzoiFMO3h29fS41ofpuA6BTrdQN
JPWY0NwTS11xQb11LHhXm7nF9vsrCIIspauOfkLbpCx6AWJQ/FpPyIXBYUEJ50ho
NWWv4jmT+v8PSC2tSM0yMeI4OJX/+yd91uKLqzGGr1x2zshrXoMx0VDpg8HJkLfT
y7CSgFrBGO8AgrcsZ6I8nDleoBsrEpLh2qEil7GexwoyUrVvfxCueW0shv4Oo4gf
ZHp7Jd+FZIoCP69dNnxG
=AUHy
-----END PGP SIGNATURE-----
| VAR-202004-1976 | CVE-2020-3903 | macOS Catalina Memory Corruption Vulnerability in |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.4. An application may be able to execute arbitrary code with system privileges. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. Apple HSSPI Support is one of the supporting components. A buffer error vulnerability exists in the Apple HSSPI Support software in versions prior to Apple macOS Catalina 10.15.4. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-03-24-2 macOS Catalina 10.15.4, Security Update
2020-002 Mojave, Security Update 2020-002 High Sierra
macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security
Update 2020-002 High Sierra are now available and address the
following:
Apple HSSPI Support
Available for: macOS Catalina 10.15.3
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3904: Proteas of Qihoo 360 Nirvan Team
AppleMobileFileIntegrity
Available for: macOS Catalina 10.15.3
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-3883: Linus Henze (pinauten.de)
Bluetooth
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3907: Yu Wang of Didi Research America
CVE-2020-3908: Yu Wang of Didi Research America
CVE-2020-3912: Yu Wang of Didi Research America
Bluetooth
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2020-3892: Yu Wang of Didi Research America
CVE-2020-3893: Yu Wang of Didi Research America
CVE-2020-3905: Yu Wang of Didi Research America
Call History
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to access a user's call
history
Description: This issue was addressed with a new entitlement.
CVE-2020-9776: Benjamin Randazzo (@____benjamin)
CoreFoundation
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to elevate privileges
Description: A permissions issue existed.
CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG
FaceTime
Available for: macOS Catalina 10.15.3
Impact: A local user may be able to view sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2020-3881: Yuval Ron, Amichai Shulman and Eli Biham of Technion -
Israel Institute of Technology
Icons
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs
Intel Graphics Driver
Available for: macOS Catalina 10.15.3
Impact: A malicious application may disclose restricted memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2019-14615: Wenjian HE of Hong Kong University of Science and
Technology, Wei Zhang of Hong Kong University of Science and
Technology, Sharad Sinha of Indian Institute of Technology Goa, and
Sanjeev Das of University of North Carolina
IOHIDFamily
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3919: an anonymous researcher
IOThunderboltFamily
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: An application may be able to gain elevated privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and
Luyi Xing of Indiana University Bloomington
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2020-3909: LGTM.com
CVE-2020-3911: found by OSS-Fuzz
libxml2
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-3910: LGTM.com
Mail
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.3
Impact: A remote attacker may be able to cause arbitrary javascript
code execution
Description: An injection issue was addressed with improved
validation.
CVE-2020-3884: Apple
sudo
Available for: macOS Catalina 10.15.3
Impact: An attacker may be able to run commands as a non-existent
user
Description: This issue was addressed by updating to sudo version
1.8.31.
CVE-2019-19232
TCC
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.3
Impact: A maliciously crafted application may be able to bypass code
signing enforcement
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3906: Patrick Wardle of Jamf
Vim
Available for: macOS Catalina 10.15.3
Impact: Multiple issues in Vim
Description: Multiple issues were addressed by updating to version
8.1.1850.
CVE-2020-9769: Steve Hahn from LinkedIn
Additional recognition
CoreText
We would like to acknowledge an anonymous researcher for their
assistance.
FireWire Audio
We would like to acknowledge Xiaolong Bai and Min (Spark) Zheng of
Alibaba Inc. and Luyi Xing of Indiana University Bloomington for
their assistance.
FontParser
We would like to acknowledge Matthew Denton of Google Chrome for
their assistance.
Install Framework Legacy
We would like to acknowledge Pris Sears of Virginia Tech, Tom Lynch
of UAL Creative Computing Institute, and an anonymous researcher for
their assistance.
LinkPresentation
We would like to acknowledge Travis for their assistance.
OpenSSH
We would like to acknowledge an anonymous researcher for their
assistance.
rapportd
We would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of
Technische Universität Darmstadt for their assistance.
Sidecar
We would like to acknowledge Rick Backley (@rback_sec) for their
assistance.
Installation note:
macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security
Update 2020-002 High Sierra may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJeejDOAAoJEAc+Lhnt8tDNTtkP/RRnnsXeWXRjFHoRf7P+npKE
Je0ZSoqv08Tgmv+Q0voSdCFZjFAqKXviVgZTGFT7LsuUWqdZEATxkB1fevt7t3Bl
qXWNGpna3mGqWl6I2cWKxVOHT9fysO/31ADgFIwgOWSodvImNdp/JBpOcyRqcFJc
B3TpNq8xtKSpWBVrq0TVHRWMu87VJHkGi78jAJ4x7qgXyWICf3usa9ajqYqzV99m
6/DrIH4s2Um2zJVi4YyzK0+rR2B2Q1eO8CFuzUB9D1HKCEnRXoRfALFC8v83p7cC
m46CarISSrnMEYkxNhxsOGQbcMyBR3GDNZlo8/Y+Syqgwp3AKWbRFUDDM9vbCv6F
z1fkWBmGftcd6G8dqO0dMAR6asglg9z2/GF/+3pZh5Mmmd7EBX+YeA84BhDTTsTs
671Af+F8OxSqgRV8qe+dbiFbD9qylM1luJD98PzoiFMO3h29fS41ofpuA6BTrdQN
JPWY0NwTS11xQb11LHhXm7nF9vsrCIIspauOfkLbpCx6AWJQ/FpPyIXBYUEJ50ho
NWWv4jmT+v8PSC2tSM0yMeI4OJX/+yd91uKLqzGGr1x2zshrXoMx0VDpg8HJkLfT
y7CSgFrBGO8AgrcsZ6I8nDleoBsrEpLh2qEil7GexwoyUrVvfxCueW0shv4Oo4gf
ZHp7Jd+FZIoCP69dNnxG
=AUHy
-----END PGP SIGNATURE-----
| VAR-202004-1987 | CVE-2020-3914 | plural Apple Product Initialization Vulnerability |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to read restricted memory. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. Kernel is one of the kernel components. Kernel components in several Apple products have security vulnerabilities. The following products and versions are affected: Apple iOS prior to 13.4; iPadOS prior to 13.4; tvOS prior to 13.4; watchOS prior to 6.2; macOS Catalina prior to 10.15.4.
Alternatively, on your watch, select "My Watch > General > About".
CVE-2020-3892: Yu Wang of Didi Research America
CVE-2020-3893: Yu Wang of Didi Research America
CVE-2020-3905: Yu Wang of Didi Research America
Call History
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to access a user's call
history
Description: This issue was addressed with a new entitlement.
CVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc.
CVE-2020-3884: Apple
sudo
Available for: macOS Catalina 10.15.3
Impact: An attacker may be able to run commands as a non-existent
user
Description: This issue was addressed by updating to sudo version
1.8.31.
CVE-2020-3906: Patrick Wardle of Jamf
Vim
Available for: macOS Catalina 10.15.3
Impact: Multiple issues in Vim
Description: Multiple issues were addressed by updating to version
8.1.1850.
FireWire Audio
We would like to acknowledge Xiaolong Bai and Min (Spark) Zheng of
Alibaba Inc. and Luyi Xing of Indiana University Bloomington for
their assistance.
Install Framework Legacy
We would like to acknowledge Pris Sears of Virginia Tech, Tom Lynch
of UAL Creative Computing Institute, and an anonymous researcher for
their assistance.
Installation note:
macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security
Update 2020-002 High Sierra may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJeejDOAAoJEAc+Lhnt8tDNTtkP/RRnnsXeWXRjFHoRf7P+npKE
Je0ZSoqv08Tgmv+Q0voSdCFZjFAqKXviVgZTGFT7LsuUWqdZEATxkB1fevt7t3Bl
qXWNGpna3mGqWl6I2cWKxVOHT9fysO/31ADgFIwgOWSodvImNdp/JBpOcyRqcFJc
B3TpNq8xtKSpWBVrq0TVHRWMu87VJHkGi78jAJ4x7qgXyWICf3usa9ajqYqzV99m
6/DrIH4s2Um2zJVi4YyzK0+rR2B2Q1eO8CFuzUB9D1HKCEnRXoRfALFC8v83p7cC
m46CarISSrnMEYkxNhxsOGQbcMyBR3GDNZlo8/Y+Syqgwp3AKWbRFUDDM9vbCv6F
z1fkWBmGftcd6G8dqO0dMAR6asglg9z2/GF/+3pZh5Mmmd7EBX+YeA84BhDTTsTs
671Af+F8OxSqgRV8qe+dbiFbD9qylM1luJD98PzoiFMO3h29fS41ofpuA6BTrdQN
JPWY0NwTS11xQb11LHhXm7nF9vsrCIIspauOfkLbpCx6AWJQ/FpPyIXBYUEJ50ho
NWWv4jmT+v8PSC2tSM0yMeI4OJX/+yd91uKLqzGGr1x2zshrXoMx0VDpg8HJkLfT
y7CSgFrBGO8AgrcsZ6I8nDleoBsrEpLh2qEil7GexwoyUrVvfxCueW0shv4Oo4gf
ZHp7Jd+FZIoCP69dNnxG
=AUHy
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-03-24-1 iOS 13.4 and iPadOS 13.4
iOS 13.4 and iPadOS 13.4 are now available and address the following:
ActionKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to use an SSH client provided by
private frameworks
Description: This issue was addressed with a new entitlement.
CVE-2020-3917: Steven Troughton-Smith (@stroughtonsmith)
AppleMobileFileIntegrity
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-3883: Linus Henze (pinauten.de)
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: A logic issue was addressed with improved state
management.
CVE-2020-9770: Jianliang Wu of PurSec Lab of Purdue University,
Xinwen Fu and Yue Zhang of the University of Central Florida
CoreFoundation
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to elevate privileges
Description: A permissions issue existed.
CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG
Icons
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Setting an alternate app icon may disclose a photo without
needing permission to access photos
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-3916: Vitaliy Alekseev (@villy21)
Icons
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs
Image Processing
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9768: Mohamed Ghannam (@_simo36)
IOHIDFamily
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3919: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3914: pattern-f (@pattern_F_) of WaCai
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved state management.
CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-3910: LGTM.com
libxml2
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2020-3909: LGTM.com
CVE-2020-3911: found by OSS-Fuzz
Mail
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A local user may be able to view deleted content in the app
switcher
Description: The issue was resolved by clearing application previews
when content is deleted.
CVE-2020-9780: an anonymous researcher, Dimitris Chaintinis
Mail Attachments
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Cropped videos may not be shared properly via Mail
Description: An issue existed in the selection of video file by Mail.
The issue was fixed by selecting the latest version of a video.
CVE-2020-9777
Messages
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A person with physical access to a locked iOS device may be
able to respond to messages even when replies are disabled
Description: A logic issue was addressed with improved state
management.
CVE-2020-3891: Peter Scott
Messages Composition
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Deleted messages groups may still be suggested as an
autocompletion
Description: The issue was addressed with improved deletion.
CVE-2020-3890: an anonymous researcher
Safari
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A user's private browsing activity may be unexpectedly saved
in Screen Time
Description: An issue existed in the handling of tabs displaying
picture in picture video.
CVE-2020-9775: an anonymous researcher, Marek Wawro
(futurefinance.com) and Sambor Wawro of STO64 School Krakow Poland
Safari
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A user may grant website permissions to a site they didn't
intend to
Description: The issue was addressed by clearing website permission
prompts after navigation.
CVE-2020-9781: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)
Web App
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A maliciously crafted page may interfere with other web
contexts
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3888: Darren Jones of Dappological Ltd.
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to read restricted memory
Description: A race condition was addressed with additional
validation.
CVE-2020-3894: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2020-3899: found by OSS-Fuzz
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-3902: Yiğit Can YILMAZ (@yilmazcanyigit)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3895: grigoritchy
CVE-2020-3900: Dongzhuo Zhao working with ADLab of Venustech
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-3901: Benjamin Randazzo (@____benjamin)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A download's origin may be incorrectly associated
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3887: Ryan Pickren (ryanpickren.com)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9783: Apple
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro’s
Zero Day Initiative
WebKit Page Loading
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A file URL may be incorrectly processed
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3885: Ryan Pickren (ryanpickren.com)
Additional recognition
FontParser
We would like to acknowledge Matthew Denton of Google Chrome for
their assistance.
Kernel
We would like to acknowledge Siguza for their assistance.
LinkPresentation
We would like to acknowledge Travis for their assistance.
Notes
We would like to acknowledge Mike DiLoreto for their assistance.
rapportd
We would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of
Technische Universität Darmstadt for their assistance.
Safari Reader
We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs
(payatu.com) for their assistance.
Sidecar
We would like to acknowledge Rick Backley (@rback_sec) for their
assistance.
SiriKit
We would like to acknowledge Ioan Florescu and Ki Ha Nam for their
assistance.
WebKit
We would like to acknowledge Emilio Cobos Álvarez of Mozilla, Samuel
Groß of Google Project Zero, and an anonymous researcher for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 13.4 and iPadOS 13.4".
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJeekZMAAoJEAc+Lhnt8tDNKCgP/3pVmWn5xSJ/VS0kgOY3XsuF
dy80y4fIR+0y0Gx2t06RY/5fROnZWYpCs7TjWg0ZoWF73wplM6nfR19QaS0evqrK
KJq46grrKHnhgrmSqCzNiar5uYm6/S3BLCueikeqAX2osMOI/rmWGy0/BFxgv6vL
OS6n9n6NO0V9wQQdnOveWMARi0w9M3S07j86T4OUNEw49Z3dNcndP6HYxagQAP1Y
7O26ls+HkgH7mbHxvUN0WqtmTCaOgB4pXeTCrd4d/ev1LTiO4NH00DcaC6a2adhD
c7TZO9Ba5H15XVVpkPQqFfiKVfjvQcPrTmKk0mdaLnDOB2ntUnvKplCeZPTFefGw
ZidI9SYUnPWJ4ITxji48PcRhbHALW59PYnhHvRRfxyqYhwsNus9i3UZNXkjm5U0D
hdDevEztCnkAsqZWq9hvCwDrsIvvlGrueuCC6jqODSNWucod/inOvGZ2N0/rwc/r
UtlGyZtQj9rWvZix0daOEWYnwSoV09XuIhUlcEEG/CU1XlVOCAD01n02zIGcLc2C
Rm/61L08KcRDRvBLsNEYDgfnvxj2Lsyi2wf8L0VGpkHJkoDifLh64fPYshjhL6t5
OeKelaH5yPeTdu2bs4ispTmlUJ9NYVHxyDeWGdtz4sfCFAji+pK9uFHFh3woVs6U
QZLTM48mlSBSN+txWmsZ
=K2in
-----END PGP SIGNATURE-----
| VAR-202004-1984 | CVE-2020-3911 | plural Apple Product Buffer Overflow Vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2. plural Apple A buffer overflow vulnerability exists in the product due to a flawed boundary check.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. libxml2 is one of the XML document parsing libraries. A remote attacker could use a specially crafted XML file to exploit this vulnerability to execute arbitrary code or cause the application to crash. The following products and versions are affected: Windows-based Apple iCloud versions prior to 7.18 and 10.9.3; Windows-based iTunes versions prior to 12.10.5; iOS versions prior to 13.4; iPadOS versions prior to 13.4; watchOS versions prior to 6.2; tvOS Versions prior to 13.4; versions prior to macOS Catalina 10.15.4.
Alternatively, on your watch, select "My Watch > General > About".
CVE-2020-3892: Yu Wang of Didi Research America
CVE-2020-3893: Yu Wang of Didi Research America
CVE-2020-3905: Yu Wang of Didi Research America
Call History
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to access a user's call
history
Description: This issue was addressed with a new entitlement.
CVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc.
CVE-2020-3884: Apple
sudo
Available for: macOS Catalina 10.15.3
Impact: An attacker may be able to run commands as a non-existent
user
Description: This issue was addressed by updating to sudo version
1.8.31.
CVE-2020-3906: Patrick Wardle of Jamf
Vim
Available for: macOS Catalina 10.15.3
Impact: Multiple issues in Vim
Description: Multiple issues were addressed by updating to version
8.1.1850.
FireWire Audio
We would like to acknowledge Xiaolong Bai and Min (Spark) Zheng of
Alibaba Inc. and Luyi Xing of Indiana University Bloomington for
their assistance.
Install Framework Legacy
We would like to acknowledge Pris Sears of Virginia Tech, Tom Lynch
of UAL Creative Computing Institute, and an anonymous researcher for
their assistance.
Installation note:
macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security
Update 2020-002 High Sierra may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJeejDOAAoJEAc+Lhnt8tDNTtkP/RRnnsXeWXRjFHoRf7P+npKE
Je0ZSoqv08Tgmv+Q0voSdCFZjFAqKXviVgZTGFT7LsuUWqdZEATxkB1fevt7t3Bl
qXWNGpna3mGqWl6I2cWKxVOHT9fysO/31ADgFIwgOWSodvImNdp/JBpOcyRqcFJc
B3TpNq8xtKSpWBVrq0TVHRWMu87VJHkGi78jAJ4x7qgXyWICf3usa9ajqYqzV99m
6/DrIH4s2Um2zJVi4YyzK0+rR2B2Q1eO8CFuzUB9D1HKCEnRXoRfALFC8v83p7cC
m46CarISSrnMEYkxNhxsOGQbcMyBR3GDNZlo8/Y+Syqgwp3AKWbRFUDDM9vbCv6F
z1fkWBmGftcd6G8dqO0dMAR6asglg9z2/GF/+3pZh5Mmmd7EBX+YeA84BhDTTsTs
671Af+F8OxSqgRV8qe+dbiFbD9qylM1luJD98PzoiFMO3h29fS41ofpuA6BTrdQN
JPWY0NwTS11xQb11LHhXm7nF9vsrCIIspauOfkLbpCx6AWJQ/FpPyIXBYUEJ50ho
NWWv4jmT+v8PSC2tSM0yMeI4OJX/+yd91uKLqzGGr1x2zshrXoMx0VDpg8HJkLfT
y7CSgFrBGO8AgrcsZ6I8nDleoBsrEpLh2qEil7GexwoyUrVvfxCueW0shv4Oo4gf
ZHp7Jd+FZIoCP69dNnxG
=AUHy
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-03-24-1 iOS 13.4 and iPadOS 13.4
iOS 13.4 and iPadOS 13.4 are now available and address the following:
ActionKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to use an SSH client provided by
private frameworks
Description: This issue was addressed with a new entitlement.
CVE-2020-3917: Steven Troughton-Smith (@stroughtonsmith)
AppleMobileFileIntegrity
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-3883: Linus Henze (pinauten.de)
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: A logic issue was addressed with improved state
management.
CVE-2020-9770: Jianliang Wu of PurSec Lab of Purdue University,
Xinwen Fu and Yue Zhang of the University of Central Florida
CoreFoundation
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to elevate privileges
Description: A permissions issue existed.
CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG
Icons
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Setting an alternate app icon may disclose a photo without
needing permission to access photos
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-3916: Vitaliy Alekseev (@villy21)
Icons
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs
Image Processing
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9768: Mohamed Ghannam (@_simo36)
IOHIDFamily
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3919: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3914: pattern-f (@pattern_F_) of WaCai
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved state management.
CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-3910: LGTM.com
libxml2
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2020-3909: LGTM.com
CVE-2020-3911: found by OSS-Fuzz
Mail
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A local user may be able to view deleted content in the app
switcher
Description: The issue was resolved by clearing application previews
when content is deleted.
CVE-2020-9780: an anonymous researcher, Dimitris Chaintinis
Mail Attachments
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Cropped videos may not be shared properly via Mail
Description: An issue existed in the selection of video file by Mail.
The issue was fixed by selecting the latest version of a video.
CVE-2020-9777
Messages
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A person with physical access to a locked iOS device may be
able to respond to messages even when replies are disabled
Description: A logic issue was addressed with improved state
management.
CVE-2020-3891: Peter Scott
Messages Composition
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Deleted messages groups may still be suggested as an
autocompletion
Description: The issue was addressed with improved deletion.
CVE-2020-3890: an anonymous researcher
Safari
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A user's private browsing activity may be unexpectedly saved
in Screen Time
Description: An issue existed in the handling of tabs displaying
picture in picture video. The issue was corrected with improved state
handling.
CVE-2020-9775: an anonymous researcher, Marek Wawro
(futurefinance.com) and Sambor Wawro of STO64 School Krakow Poland
Safari
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A user may grant website permissions to a site they didn't
intend to
Description: The issue was addressed by clearing website permission
prompts after navigation.
CVE-2020-9781: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)
Web App
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A maliciously crafted page may interfere with other web
contexts
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3888: Darren Jones of Dappological Ltd.
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to read restricted memory
Description: A race condition was addressed with additional
validation.
CVE-2020-3894: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2020-3899: found by OSS-Fuzz
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-3902: Yiğit Can YILMAZ (@yilmazcanyigit)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3895: grigoritchy
CVE-2020-3900: Dongzhuo Zhao working with ADLab of Venustech
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-3901: Benjamin Randazzo (@____benjamin)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A download's origin may be incorrectly associated
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3887: Ryan Pickren (ryanpickren.com)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9783: Apple
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro’s
Zero Day Initiative
WebKit Page Loading
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A file URL may be incorrectly processed
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3885: Ryan Pickren (ryanpickren.com)
Additional recognition
FontParser
We would like to acknowledge Matthew Denton of Google Chrome for
their assistance.
Kernel
We would like to acknowledge Siguza for their assistance.
LinkPresentation
We would like to acknowledge Travis for their assistance.
Notes
We would like to acknowledge Mike DiLoreto for their assistance.
rapportd
We would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of
Technische Universität Darmstadt for their assistance.
Safari Reader
We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs
(payatu.com) for their assistance.
Sidecar
We would like to acknowledge Rick Backley (@rback_sec) for their
assistance.
SiriKit
We would like to acknowledge Ioan Florescu and Ki Ha Nam for their
assistance.
WebKit
We would like to acknowledge Emilio Cobos Álvarez of Mozilla, Samuel
Groß of Google Project Zero, and an anonymous researcher for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 13.4 and iPadOS 13.4".
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJeekZMAAoJEAc+Lhnt8tDNKCgP/3pVmWn5xSJ/VS0kgOY3XsuF
dy80y4fIR+0y0Gx2t06RY/5fROnZWYpCs7TjWg0ZoWF73wplM6nfR19QaS0evqrK
KJq46grrKHnhgrmSqCzNiar5uYm6/S3BLCueikeqAX2osMOI/rmWGy0/BFxgv6vL
OS6n9n6NO0V9wQQdnOveWMARi0w9M3S07j86T4OUNEw49Z3dNcndP6HYxagQAP1Y
7O26ls+HkgH7mbHxvUN0WqtmTCaOgB4pXeTCrd4d/ev1LTiO4NH00DcaC6a2adhD
c7TZO9Ba5H15XVVpkPQqFfiKVfjvQcPrTmKk0mdaLnDOB2ntUnvKplCeZPTFefGw
ZidI9SYUnPWJ4ITxji48PcRhbHALW59PYnhHvRRfxyqYhwsNus9i3UZNXkjm5U0D
hdDevEztCnkAsqZWq9hvCwDrsIvvlGrueuCC6jqODSNWucod/inOvGZ2N0/rwc/r
UtlGyZtQj9rWvZix0daOEWYnwSoV09XuIhUlcEEG/CU1XlVOCAD01n02zIGcLc2C
Rm/61L08KcRDRvBLsNEYDgfnvxj2Lsyi2wf8L0VGpkHJkoDifLh64fPYshjhL6t5
OeKelaH5yPeTdu2bs4ispTmlUJ9NYVHxyDeWGdtz4sfCFAji+pK9uFHFh3woVs6U
QZLTM48mlSBSN+txWmsZ
=K2in
-----END PGP SIGNATURE-----
| VAR-202004-1983 | CVE-2020-3910 | plural Apple Product Buffer Overflow Vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2. plural Apple A buffer overflow vulnerability exists in the product due to a flawed size validation.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. libxml2 is one of the XML document parsing libraries. A remote attacker could use a specially crafted XML file to exploit this vulnerability to execute arbitrary code or cause the application to crash. The following products and versions are affected: Windows-based Apple iCloud versions prior to 7.18 and 10.9.3; Windows-based iTunes versions prior to 12.10.5; iOS versions prior to 13.4; iPadOS versions prior to 13.4; watchOS versions prior to 6.2; tvOS Versions prior to 13.4; versions prior to macOS Catalina 10.15.4.
Alternatively, on your watch, select "My Watch > General > About".
CVE-2020-3892: Yu Wang of Didi Research America
CVE-2020-3893: Yu Wang of Didi Research America
CVE-2020-3905: Yu Wang of Didi Research America
Call History
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to access a user's call
history
Description: This issue was addressed with a new entitlement.
CVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc.
CVE-2020-3884: Apple
sudo
Available for: macOS Catalina 10.15.3
Impact: An attacker may be able to run commands as a non-existent
user
Description: This issue was addressed by updating to sudo version
1.8.31.
CVE-2020-3906: Patrick Wardle of Jamf
Vim
Available for: macOS Catalina 10.15.3
Impact: Multiple issues in Vim
Description: Multiple issues were addressed by updating to version
8.1.1850.
FireWire Audio
We would like to acknowledge Xiaolong Bai and Min (Spark) Zheng of
Alibaba Inc. and Luyi Xing of Indiana University Bloomington for
their assistance.
Install Framework Legacy
We would like to acknowledge Pris Sears of Virginia Tech, Tom Lynch
of UAL Creative Computing Institute, and an anonymous researcher for
their assistance.
Installation note:
macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security
Update 2020-002 High Sierra may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJeejDOAAoJEAc+Lhnt8tDNTtkP/RRnnsXeWXRjFHoRf7P+npKE
Je0ZSoqv08Tgmv+Q0voSdCFZjFAqKXviVgZTGFT7LsuUWqdZEATxkB1fevt7t3Bl
qXWNGpna3mGqWl6I2cWKxVOHT9fysO/31ADgFIwgOWSodvImNdp/JBpOcyRqcFJc
B3TpNq8xtKSpWBVrq0TVHRWMu87VJHkGi78jAJ4x7qgXyWICf3usa9ajqYqzV99m
6/DrIH4s2Um2zJVi4YyzK0+rR2B2Q1eO8CFuzUB9D1HKCEnRXoRfALFC8v83p7cC
m46CarISSrnMEYkxNhxsOGQbcMyBR3GDNZlo8/Y+Syqgwp3AKWbRFUDDM9vbCv6F
z1fkWBmGftcd6G8dqO0dMAR6asglg9z2/GF/+3pZh5Mmmd7EBX+YeA84BhDTTsTs
671Af+F8OxSqgRV8qe+dbiFbD9qylM1luJD98PzoiFMO3h29fS41ofpuA6BTrdQN
JPWY0NwTS11xQb11LHhXm7nF9vsrCIIspauOfkLbpCx6AWJQ/FpPyIXBYUEJ50ho
NWWv4jmT+v8PSC2tSM0yMeI4OJX/+yd91uKLqzGGr1x2zshrXoMx0VDpg8HJkLfT
y7CSgFrBGO8AgrcsZ6I8nDleoBsrEpLh2qEil7GexwoyUrVvfxCueW0shv4Oo4gf
ZHp7Jd+FZIoCP69dNnxG
=AUHy
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-03-24-1 iOS 13.4 and iPadOS 13.4
iOS 13.4 and iPadOS 13.4 are now available and address the following:
ActionKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to use an SSH client provided by
private frameworks
Description: This issue was addressed with a new entitlement.
CVE-2020-3917: Steven Troughton-Smith (@stroughtonsmith)
AppleMobileFileIntegrity
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-3883: Linus Henze (pinauten.de)
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: A logic issue was addressed with improved state
management.
CVE-2020-9770: Jianliang Wu of PurSec Lab of Purdue University,
Xinwen Fu and Yue Zhang of the University of Central Florida
CoreFoundation
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to elevate privileges
Description: A permissions issue existed.
CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG
Icons
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Setting an alternate app icon may disclose a photo without
needing permission to access photos
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-3916: Vitaliy Alekseev (@villy21)
Icons
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs
Image Processing
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9768: Mohamed Ghannam (@_simo36)
IOHIDFamily
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3919: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3914: pattern-f (@pattern_F_) of WaCai
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved state management.
CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-3910: LGTM.com
libxml2
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2020-3909: LGTM.com
CVE-2020-3911: found by OSS-Fuzz
Mail
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A local user may be able to view deleted content in the app
switcher
Description: The issue was resolved by clearing application previews
when content is deleted.
CVE-2020-9780: an anonymous researcher, Dimitris Chaintinis
Mail Attachments
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Cropped videos may not be shared properly via Mail
Description: An issue existed in the selection of video file by Mail.
The issue was fixed by selecting the latest version of a video.
CVE-2020-9777
Messages
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A person with physical access to a locked iOS device may be
able to respond to messages even when replies are disabled
Description: A logic issue was addressed with improved state
management.
CVE-2020-3891: Peter Scott
Messages Composition
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Deleted messages groups may still be suggested as an
autocompletion
Description: The issue was addressed with improved deletion.
CVE-2020-3890: an anonymous researcher
Safari
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A user's private browsing activity may be unexpectedly saved
in Screen Time
Description: An issue existed in the handling of tabs displaying
picture in picture video. The issue was corrected with improved state
handling.
CVE-2020-9775: an anonymous researcher, Marek Wawro
(futurefinance.com) and Sambor Wawro of STO64 School Krakow Poland
Safari
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A user may grant website permissions to a site they didn't
intend to
Description: The issue was addressed by clearing website permission
prompts after navigation.
CVE-2020-9781: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)
Web App
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A maliciously crafted page may interfere with other web
contexts
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3888: Darren Jones of Dappological Ltd.
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to read restricted memory
Description: A race condition was addressed with additional
validation.
CVE-2020-3894: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2020-3899: found by OSS-Fuzz
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-3902: Yiğit Can YILMAZ (@yilmazcanyigit)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3895: grigoritchy
CVE-2020-3900: Dongzhuo Zhao working with ADLab of Venustech
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-3901: Benjamin Randazzo (@____benjamin)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A download's origin may be incorrectly associated
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3887: Ryan Pickren (ryanpickren.com)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9783: Apple
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro’s
Zero Day Initiative
WebKit Page Loading
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A file URL may be incorrectly processed
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3885: Ryan Pickren (ryanpickren.com)
Additional recognition
FontParser
We would like to acknowledge Matthew Denton of Google Chrome for
their assistance.
Kernel
We would like to acknowledge Siguza for their assistance.
LinkPresentation
We would like to acknowledge Travis for their assistance.
Notes
We would like to acknowledge Mike DiLoreto for their assistance.
rapportd
We would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of
Technische Universität Darmstadt for their assistance.
Safari Reader
We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs
(payatu.com) for their assistance.
Sidecar
We would like to acknowledge Rick Backley (@rback_sec) for their
assistance.
SiriKit
We would like to acknowledge Ioan Florescu and Ki Ha Nam for their
assistance.
WebKit
We would like to acknowledge Emilio Cobos Álvarez of Mozilla, Samuel
Groß of Google Project Zero, and an anonymous researcher for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 13.4 and iPadOS 13.4".
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJeekZMAAoJEAc+Lhnt8tDNKCgP/3pVmWn5xSJ/VS0kgOY3XsuF
dy80y4fIR+0y0Gx2t06RY/5fROnZWYpCs7TjWg0ZoWF73wplM6nfR19QaS0evqrK
KJq46grrKHnhgrmSqCzNiar5uYm6/S3BLCueikeqAX2osMOI/rmWGy0/BFxgv6vL
OS6n9n6NO0V9wQQdnOveWMARi0w9M3S07j86T4OUNEw49Z3dNcndP6HYxagQAP1Y
7O26ls+HkgH7mbHxvUN0WqtmTCaOgB4pXeTCrd4d/ev1LTiO4NH00DcaC6a2adhD
c7TZO9Ba5H15XVVpkPQqFfiKVfjvQcPrTmKk0mdaLnDOB2ntUnvKplCeZPTFefGw
ZidI9SYUnPWJ4ITxji48PcRhbHALW59PYnhHvRRfxyqYhwsNus9i3UZNXkjm5U0D
hdDevEztCnkAsqZWq9hvCwDrsIvvlGrueuCC6jqODSNWucod/inOvGZ2N0/rwc/r
UtlGyZtQj9rWvZix0daOEWYnwSoV09XuIhUlcEEG/CU1XlVOCAD01n02zIGcLc2C
Rm/61L08KcRDRvBLsNEYDgfnvxj2Lsyi2wf8L0VGpkHJkoDifLh64fPYshjhL6t5
OeKelaH5yPeTdu2bs4ispTmlUJ9NYVHxyDeWGdtz4sfCFAji+pK9uFHFh3woVs6U
QZLTM48mlSBSN+txWmsZ
=K2in
-----END PGP SIGNATURE-----
| VAR-202004-1965 | CVE-2020-9784 | Safari Logic vulnerabilities in |
CVSS V2: 4.3 CVSS V3: 4.3 Severity: MEDIUM |
A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1. A malicious iframe may use another website’s download settings. Apple Safari is a web browser of Apple (Apple), the default browser included with Mac OS X and iOS operating systems. Safari Downloads is one of the download components. A security vulnerability exists in the Safari Downloads component in versions of Apple Safari prior to 13.1. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-03-24-5 Safari 13.1
Safari 13.1 is now available and addresses the following:
Safari Downloads
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: A malicious iframe may use another website’s download
settings
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9784: Ruilin Yang of Tencent Security Xuanwu Lab, Ryan
Pickren (ryanpickren.com)
WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-3901: Benjamin Randazzo (@____benjamin)
WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: A download's origin may be incorrectly associated
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3887: Ryan Pickren (ryanpickren.com)
WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3895: grigoritchy
CVE-2020-3900: Dongzhuo Zhao working with ADLab of Venustech
WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: An application may be able to read restricted memory
Description: A race condition was addressed with additional
validation.
CVE-2020-3894: Sergei Glazunov of Google Project Zero
WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9783: Apple
WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro’s
Zero Day Initiative
WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2020-3899: found by OSS-Fuzz
WebKit
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-3902: Yiğit Can YILMAZ (@yilmazcanyigit)
WebKit Page Loading
Available for: macOS Mojave and macOS High Sierra, and included in
macOS Catalina
Impact: A file URL may be incorrectly processed
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3885: Ryan Pickren (ryanpickren.com)
Additional recognition
Safari
We would like to acknowledge Dlive of Tencent Security Xuanwu Lab,
Jacek Kolodziej of Procter & Gamble, and Justin Taft of One Up
Security, LLC for their assistance.
Safari Extensions
We would like to acknowledge Jeff Johnson of underpassapp.com for
their assistance.
Safari Reader
We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs
(payatu.com) for their assistance.
WebKit
We would like to acknowledge Emilio Cobos Álvarez of Mozilla, Samuel
Groß of Google Project Zero, and an anonymous researcher for their
assistance.
Installation note:
Safari 13.1 may be obtained from the Mac App Store.
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJeejDWAAoJEAc+Lhnt8tDN+aYP/2PReUsWsxAK0Xv2Uv6h2jht
aBFzq84DKiz26b6xi5/c40bLzCc7zoHySJHIPoHNiUMocQHmyRbOziE6pSWXpmcm
rZK5iJ0IF9TAPt58zqkxmUcTr+T/dq1aiVXJNRSp/NolB4rN5Vg8BHywZ8nOYmGl
SPDe1Xo15Q1yDBxjaoAo6vMXeu2/DPoVk/WNSceWGcd/ImCqoFpWvmmpuVyJXN0u
nFskPkX46KP8SGwf2F9lPWwfLNMGrqSxWh8Wsnevhot/CVjS5hguGlsLvv+5cIE3
DQfDwjMAKXTbJAUXVxcUv4I1k7qoDOPvfaLhZLKaPb2/0TB0Gsovyz9/Dd68Y8a3
bkEoJaM/mnp9p3V//2ITES1LYpibzXL3AUWDWwYvCaIDghllXFn+5tmu7Pd40sIQ
Pl/qSzdOQ57OJbjedMsJkhtTX71iuhWbEMvzB+btrKRKKIOcCdnpWYMrYe8Zflil
wUWyPiOLNoj18qT/iUfcq2qD98CNPMheYZHr6JWnXDCaRkZ6z7C0yemu/auZOmiD
cIeYBa4wnBoYX8Vd1avqyUXAUe2C5gjJOynb7x4TwkKIbcmkrZpMcLM2prNM6h29
G04eqXKH/SODUViPZGn3vahn2SZ4HtN9R7Ae7+pJfbI/0IDjLaA+yzQa6MBBpzNV
9nrxH+hfviekXKwfUo5r
=JnUX
-----END PGP SIGNATURE-----
| VAR-202004-1982 | CVE-2020-3909 | plural Apple Product Buffer Overflow Vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2. plural Apple A buffer overflow vulnerability exists in the product due to a flawed boundary check.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. libxml2 is one of the XML document parsing libraries. A remote attacker could use a specially crafted XML file to exploit this vulnerability to execute arbitrary code or cause the application to crash. The following products and versions are affected: Windows-based Apple iCloud versions prior to 7.18 and 10.9.3; Windows-based iTunes versions prior to 12.10.5; iOS versions prior to 13.4; iPadOS versions prior to 13.4; watchOS versions prior to 6.2; tvOS Versions prior to 13.4; versions prior to macOS Catalina 10.15.4.
Alternatively, on your watch, select "My Watch > General > About".
CVE-2020-3892: Yu Wang of Didi Research America
CVE-2020-3893: Yu Wang of Didi Research America
CVE-2020-3905: Yu Wang of Didi Research America
Call History
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to access a user's call
history
Description: This issue was addressed with a new entitlement.
CVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc.
CVE-2020-3884: Apple
sudo
Available for: macOS Catalina 10.15.3
Impact: An attacker may be able to run commands as a non-existent
user
Description: This issue was addressed by updating to sudo version
1.8.31.
CVE-2020-3906: Patrick Wardle of Jamf
Vim
Available for: macOS Catalina 10.15.3
Impact: Multiple issues in Vim
Description: Multiple issues were addressed by updating to version
8.1.1850.
FireWire Audio
We would like to acknowledge Xiaolong Bai and Min (Spark) Zheng of
Alibaba Inc. and Luyi Xing of Indiana University Bloomington for
their assistance.
Install Framework Legacy
We would like to acknowledge Pris Sears of Virginia Tech, Tom Lynch
of UAL Creative Computing Institute, and an anonymous researcher for
their assistance.
Installation note:
macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security
Update 2020-002 High Sierra may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJeejDOAAoJEAc+Lhnt8tDNTtkP/RRnnsXeWXRjFHoRf7P+npKE
Je0ZSoqv08Tgmv+Q0voSdCFZjFAqKXviVgZTGFT7LsuUWqdZEATxkB1fevt7t3Bl
qXWNGpna3mGqWl6I2cWKxVOHT9fysO/31ADgFIwgOWSodvImNdp/JBpOcyRqcFJc
B3TpNq8xtKSpWBVrq0TVHRWMu87VJHkGi78jAJ4x7qgXyWICf3usa9ajqYqzV99m
6/DrIH4s2Um2zJVi4YyzK0+rR2B2Q1eO8CFuzUB9D1HKCEnRXoRfALFC8v83p7cC
m46CarISSrnMEYkxNhxsOGQbcMyBR3GDNZlo8/Y+Syqgwp3AKWbRFUDDM9vbCv6F
z1fkWBmGftcd6G8dqO0dMAR6asglg9z2/GF/+3pZh5Mmmd7EBX+YeA84BhDTTsTs
671Af+F8OxSqgRV8qe+dbiFbD9qylM1luJD98PzoiFMO3h29fS41ofpuA6BTrdQN
JPWY0NwTS11xQb11LHhXm7nF9vsrCIIspauOfkLbpCx6AWJQ/FpPyIXBYUEJ50ho
NWWv4jmT+v8PSC2tSM0yMeI4OJX/+yd91uKLqzGGr1x2zshrXoMx0VDpg8HJkLfT
y7CSgFrBGO8AgrcsZ6I8nDleoBsrEpLh2qEil7GexwoyUrVvfxCueW0shv4Oo4gf
ZHp7Jd+FZIoCP69dNnxG
=AUHy
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-03-24-1 iOS 13.4 and iPadOS 13.4
iOS 13.4 and iPadOS 13.4 are now available and address the following:
ActionKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to use an SSH client provided by
private frameworks
Description: This issue was addressed with a new entitlement.
CVE-2020-3917: Steven Troughton-Smith (@stroughtonsmith)
AppleMobileFileIntegrity
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-3883: Linus Henze (pinauten.de)
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic
Description: A logic issue was addressed with improved state
management.
CVE-2020-9770: Jianliang Wu of PurSec Lab of Purdue University,
Xinwen Fu and Yue Zhang of the University of Central Florida
CoreFoundation
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to elevate privileges
Description: A permissions issue existed.
CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG
Icons
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Setting an alternate app icon may disclose a photo without
needing permission to access photos
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-3916: Vitaliy Alekseev (@villy21)
Icons
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs
Image Processing
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9768: Mohamed Ghannam (@_simo36)
IOHIDFamily
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3919: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3914: pattern-f (@pattern_F_) of WaCai
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple memory corruption issues were addressed with
improved state management.
CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-3910: LGTM.com
libxml2
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2020-3909: LGTM.com
CVE-2020-3911: found by OSS-Fuzz
Mail
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A local user may be able to view deleted content in the app
switcher
Description: The issue was resolved by clearing application previews
when content is deleted.
CVE-2020-9780: an anonymous researcher, Dimitris Chaintinis
Mail Attachments
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Cropped videos may not be shared properly via Mail
Description: An issue existed in the selection of video file by Mail.
The issue was fixed by selecting the latest version of a video.
CVE-2020-9777
Messages
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A person with physical access to a locked iOS device may be
able to respond to messages even when replies are disabled
Description: A logic issue was addressed with improved state
management.
CVE-2020-3891: Peter Scott
Messages Composition
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Deleted messages groups may still be suggested as an
autocompletion
Description: The issue was addressed with improved deletion.
CVE-2020-3890: an anonymous researcher
Safari
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A user's private browsing activity may be unexpectedly saved
in Screen Time
Description: An issue existed in the handling of tabs displaying
picture in picture video. The issue was corrected with improved state
handling.
CVE-2020-9775: an anonymous researcher, Marek Wawro
(futurefinance.com) and Sambor Wawro of STO64 School Krakow Poland
Safari
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A user may grant website permissions to a site they didn't
intend to
Description: The issue was addressed by clearing website permission
prompts after navigation.
CVE-2020-9781: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)
Web App
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A maliciously crafted page may interfere with other web
contexts
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3888: Darren Jones of Dappological Ltd.
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: An application may be able to read restricted memory
Description: A race condition was addressed with additional
validation.
CVE-2020-3894: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2020-3899: found by OSS-Fuzz
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-3902: Yiğit Can YILMAZ (@yilmazcanyigit)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3895: grigoritchy
CVE-2020-3900: Dongzhuo Zhao working with ADLab of Venustech
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-3901: Benjamin Randazzo (@____benjamin)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A download's origin may be incorrectly associated
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3887: Ryan Pickren (ryanpickren.com)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9783: Apple
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro’s
Zero Day Initiative
WebKit Page Loading
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch 7th generation
Impact: A file URL may be incorrectly processed
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3885: Ryan Pickren (ryanpickren.com)
Additional recognition
FontParser
We would like to acknowledge Matthew Denton of Google Chrome for
their assistance.
Kernel
We would like to acknowledge Siguza for their assistance.
LinkPresentation
We would like to acknowledge Travis for their assistance.
Notes
We would like to acknowledge Mike DiLoreto for their assistance.
rapportd
We would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of
Technische Universität Darmstadt for their assistance.
Safari Reader
We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs
(payatu.com) for their assistance.
Sidecar
We would like to acknowledge Rick Backley (@rback_sec) for their
assistance.
SiriKit
We would like to acknowledge Ioan Florescu and Ki Ha Nam for their
assistance.
WebKit
We would like to acknowledge Emilio Cobos Álvarez of Mozilla, Samuel
Groß of Google Project Zero, and an anonymous researcher for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 13.4 and iPadOS 13.4".
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJeekZMAAoJEAc+Lhnt8tDNKCgP/3pVmWn5xSJ/VS0kgOY3XsuF
dy80y4fIR+0y0Gx2t06RY/5fROnZWYpCs7TjWg0ZoWF73wplM6nfR19QaS0evqrK
KJq46grrKHnhgrmSqCzNiar5uYm6/S3BLCueikeqAX2osMOI/rmWGy0/BFxgv6vL
OS6n9n6NO0V9wQQdnOveWMARi0w9M3S07j86T4OUNEw49Z3dNcndP6HYxagQAP1Y
7O26ls+HkgH7mbHxvUN0WqtmTCaOgB4pXeTCrd4d/ev1LTiO4NH00DcaC6a2adhD
c7TZO9Ba5H15XVVpkPQqFfiKVfjvQcPrTmKk0mdaLnDOB2ntUnvKplCeZPTFefGw
ZidI9SYUnPWJ4ITxji48PcRhbHALW59PYnhHvRRfxyqYhwsNus9i3UZNXkjm5U0D
hdDevEztCnkAsqZWq9hvCwDrsIvvlGrueuCC6jqODSNWucod/inOvGZ2N0/rwc/r
UtlGyZtQj9rWvZix0daOEWYnwSoV09XuIhUlcEEG/CU1XlVOCAD01n02zIGcLc2C
Rm/61L08KcRDRvBLsNEYDgfnvxj2Lsyi2wf8L0VGpkHJkoDifLh64fPYshjhL6t5
OeKelaH5yPeTdu2bs4ispTmlUJ9NYVHxyDeWGdtz4sfCFAji+pK9uFHFh3woVs6U
QZLTM48mlSBSN+txWmsZ
=K2in
-----END PGP SIGNATURE-----
| VAR-202004-1966 | CVE-2020-9785 | plural Apple Product Corruption Vulnerability |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Kernel is one of the kernel components. A memory corruption vulnerability exists in the Kernel component of several Apple products. The following products and versions are affected: iOS prior to 13.4; iPadOS prior to 13.4; watchOS prior to 6.2; tvOS prior to 13.4; macOS Catalina prior to 10.15.4.
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJeejDTAAoJEAc+Lhnt8tDNWTIQAKGhA+iQc47adRlNt49MEvtt
wJC+FVUyln9eSvCfK1D9tqUJJWMpmSCtQ8B2wNT7iHHOpW3KWjWKVqTdQjB5ndTs
UlcIkLB5YPQxuX9E8v+HoX3roX3PiaDoHo4yc/CmHeWw7ojQD2MgimO0Bqk9fJuM
yY9cJXl+fgKiguxbGRD5WGRYHvMlS5wt2KX0GIM3GOPX91rbbvfN8S4Eey3gqsSA
tx+kRjOm3Jzt1icEAKzE86JML2KBsonpYOD8JeYnu3FAfFNwlBWH4+gwkYrUeuXP
39AhNXF3yXghauZ0CLU3ekFl9S2edK5bwmuouDAfZIK2phcSk6XtDDJEuHyRvHIi
cDUtFQy6z9/P+AwgJBKIQO5JlQUwN+du/RcLXpkJ80Kn/HliuIp64Qd4lIPv9Ekc
zOLGKw9tA0wI+gystYbF6RokgeS37HmO+ivZlEUbujPhhTisoqDbh1Ebx2GgWN5A
0AnoybklupZNY33YKYG1bKnDX77iMpNcY24rfSFs8zYxeDCdMBakZB0mp7aqEH+h
k2Ur4KFgGUrWsKLBVQZA72Qr7O3+Q/z3jJtOSY28HzHcdxXSuNO3oc96s/rID4aC
4NHldBBoJMK92/ukTjC++AVijTOWWAxRtnAXEPaCcRNp6mDLVhJTm08/44jijKy4
uBy7TA1wLL3sLdqRIr7h
=shBp
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-03-24-2 macOS Catalina 10.15.4, Security Update
2020-002 Mojave, Security Update 2020-002 High Sierra
macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security
Update 2020-002 High Sierra are now available and address the
following:
Apple HSSPI Support
Available for: macOS Catalina 10.15.3
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3904: Proteas of Qihoo 360 Nirvan Team
AppleMobileFileIntegrity
Available for: macOS Catalina 10.15.3
Impact: An application may be able to use arbitrary entitlements
Description: This issue was addressed with improved checks.
CVE-2020-3883: Linus Henze (pinauten.de)
Bluetooth
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3907: Yu Wang of Didi Research America
CVE-2020-3908: Yu Wang of Didi Research America
CVE-2020-3912: Yu Wang of Didi Research America
Bluetooth
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2019-8853: Jianjun Dai of Qihoo 360 Alpha Lab
Bluetooth
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-3892: Yu Wang of Didi Research America
CVE-2020-3893: Yu Wang of Didi Research America
CVE-2020-3905: Yu Wang of Didi Research America
Call History
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to access a user's call
history
Description: This issue was addressed with a new entitlement.
CVE-2020-9776: Benjamin Randazzo (@____benjamin)
CoreFoundation
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to elevate privileges
Description: A permissions issue existed. This issue was addressed
with improved permission validation.
CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG
FaceTime
Available for: macOS Catalina 10.15.3
Impact: A local user may be able to view sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2020-3881: Yuval Ron, Amichai Shulman and Eli Biham of Technion -
Israel Institute of Technology
Icons
Available for: macOS Catalina 10.15.3
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs
Intel Graphics Driver
Available for: macOS Catalina 10.15.3
Impact: A malicious application may disclose restricted memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2019-14615: Wenjian HE of Hong Kong University of Science and
Technology, Wei Zhang of Hong Kong University of Science and
Technology, Sharad Sinha of Indian Institute of Technology Goa, and
Sanjeev Das of University of North Carolina
IOHIDFamily
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3919: an anonymous researcher
IOThunderboltFamily
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: An application may be able to gain elevated privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and
Luyi Xing of Indiana University Bloomington
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team
libxml2
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2020-3909: LGTM.com
CVE-2020-3911: found by OSS-Fuzz
libxml2
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.3
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-3910: LGTM.com
Mail
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.3
Impact: A remote attacker may be able to cause arbitrary javascript
code execution
Description: An injection issue was addressed with improved
validation.
CVE-2020-3884: Apple
sudo
Available for: macOS Catalina 10.15.3
Impact: An attacker may be able to run commands as a non-existent
user
Description: This issue was addressed by updating to sudo version
1.8.31.
CVE-2019-19232
TCC
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.3
Impact: A maliciously crafted application may be able to bypass code
signing enforcement
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3906: Patrick Wardle of Jamf
Vim
Available for: macOS Catalina 10.15.3
Impact: Multiple issues in Vim
Description: Multiple issues were addressed by updating to version
8.1.1850.
CVE-2020-9769: Steve Hahn from LinkedIn
Additional recognition
CoreText
We would like to acknowledge an anonymous researcher for their
assistance.
FireWire Audio
We would like to acknowledge Xiaolong Bai and Min (Spark) Zheng of
Alibaba Inc. and Luyi Xing of Indiana University Bloomington for
their assistance.
FontParser
We would like to acknowledge Matthew Denton of Google Chrome for
their assistance.
Install Framework Legacy
We would like to acknowledge Pris Sears of Virginia Tech, Tom Lynch
of UAL Creative Computing Institute, and an anonymous researcher for
their assistance.
LinkPresentation
We would like to acknowledge Travis for their assistance.
OpenSSH
We would like to acknowledge an anonymous researcher for their
assistance.
rapportd
We would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of
Technische Universität Darmstadt for their assistance.
Sidecar
We would like to acknowledge Rick Backley (@rback_sec) for their
assistance.
Installation note:
macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security
Update 2020-002 High Sierra may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64
iQIcBAEDCAAGBQJeejDOAAoJEAc+Lhnt8tDNTtkP/RRnnsXeWXRjFHoRf7P+npKE
Je0ZSoqv08Tgmv+Q0voSdCFZjFAqKXviVgZTGFT7LsuUWqdZEATxkB1fevt7t3Bl
qXWNGpna3mGqWl6I2cWKxVOHT9fysO/31ADgFIwgOWSodvImNdp/JBpOcyRqcFJc
B3TpNq8xtKSpWBVrq0TVHRWMu87VJHkGi78jAJ4x7qgXyWICf3usa9ajqYqzV99m
6/DrIH4s2Um2zJVi4YyzK0+rR2B2Q1eO8CFuzUB9D1HKCEnRXoRfALFC8v83p7cC
m46CarISSrnMEYkxNhxsOGQbcMyBR3GDNZlo8/Y+Syqgwp3AKWbRFUDDM9vbCv6F
z1fkWBmGftcd6G8dqO0dMAR6asglg9z2/GF/+3pZh5Mmmd7EBX+YeA84BhDTTsTs
671Af+F8OxSqgRV8qe+dbiFbD9qylM1luJD98PzoiFMO3h29fS41ofpuA6BTrdQN
JPWY0NwTS11xQb11LHhXm7nF9vsrCIIspauOfkLbpCx6AWJQ/FpPyIXBYUEJ50ho
NWWv4jmT+v8PSC2tSM0yMeI4OJX/+yd91uKLqzGGr1x2zshrXoMx0VDpg8HJkLfT
y7CSgFrBGO8AgrcsZ6I8nDleoBsrEpLh2qEil7GexwoyUrVvfxCueW0shv4Oo4gf
ZHp7Jd+FZIoCP69dNnxG
=AUHy
-----END PGP SIGNATURE-----