Headline
CVE-2020-9817: About the security content of macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra
A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to gain root privileges.
Released May 26, 2020
Accounts
Available for: macOS Catalina 10.15.4
Impact: A remote attacker may be able to cause a denial of service
Description: A denial of service issue was addressed with improved input validation.
CVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt
Accounts
Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6
Impact: A sandboxed process may be able to circumvent sandbox restrictions
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9772: Allison Husain of UC Berkeley
AirDrop
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: A remote attacker may be able to cause a denial of service
Description: A denial of service issue was addressed with improved input validation.
CVE-2020-9826: Dor Hadad of Palo Alto Networks
AppleMobileFileIntegrity
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4
Impact: A malicious application could interact with system processes to access private information and perform privileged actions
Description: An entitlement parsing issue was addressed with improved parsing.
CVE-2020-9842: Linus Henze (pinauten.de)
AppleUSBNetworking
Available for: macOS Catalina 10.15.4
Impact: Inserting a USB device that sends invalid messages may cause a kernel panic
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9804: Andy Davis of NCC Group
Audio
Available for: macOS Catalina 10.15.4
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative
Audio
Available for: macOS Catalina 10.15.4
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative
Bluetooth
Available for: macOS Catalina 10.15.4
Impact: A malicious application may be able to determine kernel memory layout
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-9831: Yu Wang of Didi Research America
Bluetooth
Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6
Impact: A local user may be able to cause unexpected system termination or read kernel memory
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-9779: Yu Wang of Didi Research America
Entry added September 21, 2020
Calendar
Available for: macOS Catalina 10.15.4
Impact: Importing a maliciously crafted calendar invitation may exfiltrate user information
Description: This issue was addressed with improved checks.
CVE-2020-3882: Andy Grant of NCC Group
CoreBluetooth
Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6
Impact: A remote attacker may be able to leak sensitive user information
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-9828: Jianjun Dai of Qihoo 360 Alpha Lab
CVMS
Available for: macOS Catalina 10.15.4
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed with improved checks.
CVE-2020-9856: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative
DiskArbitration
Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.4
Impact: A malicious application may be able to break out of its sandbox
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-9847: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud (bugcloud.360.cn)
Find My
Available for: macOS Catalina 10.15.4
Impact: A local attacker may be able to elevate their privileges
Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.
CVE-2020-9855: Zhongcheng Li(CK01) of Topsec Alpha Team
FontParser
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend Micro Zero Day Initiative
ImageIO
Available for: macOS Catalina 10.15.4
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-3878: Samuel Groß of Google Project Zero
ImageIO
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2020-9789: Wenchao Li of VARAS@IIE
CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab
Intel Graphics Driver
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2020-9822: ABC Research s.r.o
Intel Graphics Driver
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A race condition was addressed with improved state handling.
CVE-2020-9796: ABC Research s.r.o.
Entry added July 28, 2020
IPSec
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-9837: Thijs Alkemade of Computest
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved state management.
CVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: A malicious application may be able to determine another application’s memory layout
Description: An information disclosure issue was addressed by removing the vulnerable code.
CVE-2020-9797: an anonymous researcher
Kernel
Available for: macOS Catalina 10.15.4
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: An integer overflow was addressed with improved input validation.
CVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A use after free issue was addressed with improved memory management.
CVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: An application may be able to cause unexpected system termination or write kernel memory
Description: A memory corruption issue was addressed with improved state management.
CVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.4
Impact: A local user may be able to read kernel memory
Description: An information disclosure issue was addressed with improved state management.
CVE-2020-9811: Tielei Wang of Pangu Lab
CVE-2020-9812: derrek (@derrekr6)
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management.
CVE-2020-9813: Xinru Chi of Pangu Lab
CVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: A malicious application may be able to determine kernel memory layout
Description: An information disclosure issue was addressed with improved state management.
CVE-2020-9809: Benjamin Randazzo (@____benjamin)
ksh
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: A local user may be able to execute arbitrary shell commands
Description: An issue existed in the handling of environment variables. This issue was addressed with improved validation.
CVE-2019-14868
libxpc
Available for: macOS Catalina 10.15.4
Impact: A malicious application may be able to overwrite arbitrary files
Description: A path handling issue was addressed with improved validation.
CVE-2020-9994: Apple
Entry added September 21, 2020
NSURL
Available for: macOS Mojave 10.14.6
Impact: A malicious website may be able to exfiltrate autofilled data in Safari
Description: An issue existed in the parsing of URLs. This issue was addressed with improved input validation.
CVE-2020-9857: Dlive of Tencent Security Xuanwu Lab
PackageKit
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: A malicious application may be able to gain root privileges
Description: A permissions issue existed. This issue was addressed with improved permission validation.
CVE-2020-9817: Andy Grant of NCC Group
PackageKit
Available for: macOS Catalina 10.15.4
Impact: A malicious application may be able to modify protected parts of the file system
Description: An access issue was addressed with improved access restrictions.
CVE-2020-9851: an anonymous researcher, Linus Henze (pinauten.de)
Entry updated July 15, 2020
Python
Available for: macOS Catalina 10.15.4
Impact: A remote attacker may be able to cause arbitrary code execution
Description: A memory corruption issue was addressed with improved input validation.
CVE-2020-9793
rsync
Available for: macOS Catalina 10.15.4
Impact: A remote attacker may be able to overwrite existing files
Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.
CVE-2014-9512: gaojianfeng
Entry added July 28, 2020
Sandbox
Available for: macOS Catalina 10.15.4
Impact: A malicious application may be able to bypass Privacy preferences
Description: An access issue was addressed with additional sandbox restrictions.
CVE-2020-9825: Sreejith Krishnan R (@skr0x1C0)
Sandbox
Available for: macOS Mojave 10.14.6
Impact: A user may gain access to protected parts of the file system
Description: This issue was addressed with a new entitlement.
CVE-2020-9771: Csaba Fitzl (@theevilbit) of Offensive Security
Security
Available for: macOS Catalina 10.15.4
Impact: A file may be incorrectly rendered to execute JavaScript
Description: A validation issue was addressed with improved input sanitization.
CVE-2020-9788: Wojciech Reguła of SecuRing (wojciechregula.blog)
Entry updated July 15, 2020
Security
Available for: macOS Catalina 10.15.4
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved validation.
CVE-2020-9854: Ilias Morad (A2nkF)
Entry added July 28, 2020
SIP
Available for: macOS Catalina 10.15.4
Impact: A non-privileged user may be able to modify restricted network settings
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9824: @jamestraynor, Csaba Fitzl (@theevilbit) of Offensive Security
Entry updated June 10, 2020
Software Update
Available for: macOS Catalina 10.15.4
Impact: A person with physical access to a Mac may be able to bypass Login Window
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9810: Francis @francisschmaltz
Entry added July 15, 2020
SQLite
Available for: macOS Catalina 10.15.4
Impact: A malicious application may cause a denial of service or potentially disclose memory contents
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-9794
System Preferences
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with improved state handling.
CVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative
USB Audio
Available for: macOS Catalina 10.15.4
Impact: A USB device may be able to cause a denial of service
Description: A validation issue was addressed with improved input sanitization.
CVE-2020-9792: Andy Davis of NCC Group
Wi-Fi
Available for: macOS Catalina 10.15.4
Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory
Description: A double free issue was addressed with improved memory management.
CVE-2020-9844: Ian Beer of Google Project Zero
Wi-Fi
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved state management.
CVE-2020-9830: Tielei Wang of Pangu Lab
Wi-Fi
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved input validation.
CVE-2020-9834: Yu Wang of Didi Research America
Wi-Fi
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with improved memory handling.
CVE-2020-9833: Yu Wang of Didi Research America
Wi-Fi
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: A malicious application may be able to determine kernel memory layout
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-9832: Yu Wang of Didi Research America
WindowServer
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: An integer overflow was addressed with improved input validation.
CVE-2020-9841: ABC Research s.r.o. working with Trend Micro Zero Day Initiative
zsh
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: A local attacker may be able to elevate their privileges
Description: An authorization issue was addressed with improved state management.
CVE-2019-20044: Sam Foxman
Related news
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.
A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed.
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.