Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.1042 macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra 25 March 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: macOS Publisher: Apple Operating System: Mac OS Impact/Access: Root Compromise -- Existing Account Increased Privileges -- Existing Account Access Privileged Data -- Existing Account Denial of Service -- Remote with User Interaction Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-9785 CVE-2020-9776 CVE-2020-9773 CVE-2020-9769 CVE-2020-3919 CVE-2020-3914 CVE-2020-3913 CVE-2020-3912 CVE-2020-3911 CVE-2020-3910 CVE-2020-3909 CVE-2020-3908 CVE-2020-3907 CVE-2020-3906 CVE-2020-3905 CVE-2020-3904 CVE-2020-3903 CVE-2020-3893 CVE-2020-3892 CVE-2020-3884 CVE-2020-3883 CVE-2020-3881 CVE-2020-3851 CVE-2019-19232 CVE-2019-14615 CVE-2019-8853 Reference: ASB-2020.0010 ESB-2020.0305 ESB-2019.4632 Original Bulletin: https://support.apple.com/en-au/HT201222 - --------------------------BEGIN INCLUDED TEXT-------------------- APPLE-SA-2020-03-24-2 macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra are now available and address the following: Apple HSSPI Support Available for: macOS Catalina 10.15.3 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-3903: Proteas of Qihoo 360 Nirvan Team AppleGraphicsControl Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed with improved state management. CVE-2020-3904: Proteas of Qihoo 360 Nirvan Team AppleMobileFileIntegrity Available for: macOS Catalina 10.15.3 Impact: An application may be able to use arbitrary entitlements Description: This issue was addressed with improved checks. CVE-2020-3883: Linus Henze (pinauten.de) Bluetooth Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-3907: Yu Wang of Didi Research America CVE-2020-3908: Yu Wang of Didi Research America CVE-2020-3912: Yu Wang of Didi Research America Bluetooth Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8853: Jianjun Dai of Qihoo 360 Alpha Lab Bluetooth Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2020-3892: Yu Wang of Didi Research America CVE-2020-3893: Yu Wang of Didi Research America CVE-2020-3905: Yu Wang of Didi Research America Call History Available for: macOS Catalina 10.15.3 Impact: A malicious application may be able to access a user's call history Description: This issue was addressed with a new entitlement. CVE-2020-9776: Benjamin Randazzo (@____benjamin) CoreFoundation Available for: macOS Catalina 10.15.3 Impact: A malicious application may be able to elevate privileges Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG FaceTime Available for: macOS Catalina 10.15.3 Impact: A local user may be able to view sensitive user information Description: A logic issue was addressed with improved state management. CVE-2020-3881: Yuval Ron, Amichai Shulman and Eli Biham of Technion - Israel Institute of Technology Icons Available for: macOS Catalina 10.15.3 Impact: A malicious application may be able to identify what other applications a user has installed Description: The issue was addressed with improved handling of icon caches. CVE-2020-9773: Chilik Tamir of Zimperium zLabs Intel Graphics Driver Available for: macOS Catalina 10.15.3 Impact: A malicious application may disclose restricted memory Description: An information disclosure issue was addressed with improved state management. CVE-2019-14615: Wenjian HE of Hong Kong University of Science and Technology, Wei Zhang of Hong Kong University of Science and Technology, Sharad Sinha of Indian Institute of Technology Goa, and Sanjeev Das of University of North Carolina IOHIDFamily Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-3919: an anonymous researcher IOThunderboltFamily Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-3914: pattern-f (@pattern_F_) of WaCai Kernel Available for: macOS Catalina 10.15.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed with improved state management. CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team libxml2 Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with improved bounds checking. CVE-2020-3909: LGTM.com CVE-2020-3911: found by OSS-Fuzz libxml2 Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with improved size validation. CVE-2020-3910: LGTM.com Mail Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.3 Impact: A remote attacker may be able to cause arbitrary javascript code execution Description: An injection issue was addressed with improved validation. CVE-2020-3884: Apple sudo Available for: macOS Catalina 10.15.3 Impact: An attacker may be able to run commands as a non-existent user Description: This issue was addressed by updating to sudo version 1.8.31. CVE-2019-19232 TCC Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.3 Impact: A maliciously crafted application may be able to bypass code signing enforcement Description: A logic issue was addressed with improved restrictions. CVE-2020-3906: Patrick Wardle of Jamf Vim Available for: macOS Catalina 10.15.3 Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating to version 8.1.1850. CVE-2020-9769: Steve Hahn from LinkedIn Additional recognition CoreText We would like to acknowledge an anonymous researcher for their assistance. FireWire Audio We would like to acknowledge Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington for their assistance. FontParser We would like to acknowledge Matthew Denton of Google Chrome for their assistance. Install Framework Legacy We would like to acknowledge Pris Sears of Virginia Tech, Tom Lynch of UAL Creative Computing Institute, and an anonymous researcher for their assistance. LinkPresentation We would like to acknowledge Travis for their assistance. OpenSSH We would like to acknowledge an anonymous researcher for their assistance. rapportd We would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of Technische Universität Darmstadt for their assistance. Sidecar We would like to acknowledge Rick Backley (@rback_sec) for their assistance. Installation note: macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXnqpKGaOgq3Tt24GAQho8RAAi5Mfz/zfdt8nMKRuJJl/YnBBm/ZynuQL lOaP/NFdaCJ8IDPZZyZTEwirbSKF/YR+/K5+JYcXhkAwjQiGpmezheDQmyD71wtT SfgEAxCw/9vyoKfJrxZelCa7UtKNk/kFKiBY7NAFQJPnucdT5ZBUl0zAIva8Ga7h V2M2JQy9BYB2E91dsZF5hEgj5/R/KRrWUPa2qSuGF0+gIXg2LVwLQ5lQKd6fro/J lHNRT6SUUaZzRdOf6L53OvytnbTsmH133NN6xS6Osdag3fGnQNgf2XtUANH+xIyI 5/A1g0A59brx/5eYvYBaJZWYxL5s8iNkSMKz/2aHs0NYk1v45ued76+01UOP6gVt 3Rc2r7VY7nPnqzhUUuempMj0UH8XKUuz5KBodnWLpXlaIMzuxTuFS3zH2FORpauH upFk6RiXyxPwWF9w2ObJGUlRZDGSLaHUd77+DeKFWht3d8KXCARgFdF2Ljq/vZyy 7AqZqg7D26gdqTbOQ6YIaiKapLFDBUoS1D/dgNgxKpz1S7dHicBbcucGLxaqDyWP sHf2O8TkZrSLf4827AiWa3xVB9DgCF6C2IRPG6veX4jARhlMWszMhVvXE7fzBi9j 43KpAkGng3Uo0tHSQULl9U+SabAqvoaQOvsnra46EMWciZbrwJ9M8nm+EnbbKNja WjmG1ECWb4w= =nCAK -----END PGP SIGNATURE-----