Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.2430
Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004
High Sierra address multiple vulnerabilities
16 July 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Catalina
Mojave
High Sierra
Publisher: Apple
Operating System: Mac OS
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote/Unauthenticated
Cross-site Scripting -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Unauthorised Access -- Unknown/Unspecified
Reduced Security -- Unknown/Unspecified
Resolution: Patch/Upgrade
CVE Names: CVE-2020-9936 CVE-2020-9934 CVE-2020-9918
CVE-2020-9913 CVE-2020-9891 CVE-2020-9890
CVE-2020-9889 CVE-2020-9888 CVE-2020-9885
CVE-2020-9884 CVE-2020-9878 CVE-2020-9870
CVE-2020-9866 CVE-2020-9865 CVE-2020-9864
CVE-2020-9799 CVE-2019-20807 CVE-2019-19906
CVE-2019-14899
Reference: ESB-2020.0310
ESB-2019.4770.2
Original Bulletin:
https://support.apple.com/en-us/HT211289
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update
2020-004 Mojave, Security Update 2020-004 High Sierra
macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security
Update 2020-004 High Sierra are now available and address the
following:
Audio
Available for: macOS Catalina 10.15.5
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9884: Yu Zhou(@yuzhou6666) of å°\x{143}鸡帮 working with Trend Micro
Zero Day Initiative
CVE-2020-9889: JunDong Xie and XingWei Li of Ant-financial Light-Year
Security Lab
Audio
Available for: macOS Catalina 10.15.5
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9888: JunDong Xie and XingWei Li of Ant-financial Light-Year
Security Lab
CVE-2020-9890: JunDong Xie and XingWei Li of Ant-financial Light-Year
Security Lab
CVE-2020-9891: JunDong Xie and XingWei Li of Ant-financial Light-Year
Security Lab
Clang
Available for: macOS Catalina 10.15.5
Impact: Clang may generate machine code that does not correctly
enforce pointer authentication codes
Description: A logic issue was addressed with improved validation.
CVE-2020-9870: Samuel GroÃ\x{159} of Google Project Zero
CoreAudio
Available for: macOS High Sierra 10.13.6
Impact: A buffer overflow may result in arbitrary code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2020-9866: Yu Zhou of å°\x{143}鸡帮 and Jundong Xie of Ant-financial Light-
Year Security Lab
CoreFoundation
Available for: macOS Catalina 10.15.5
Impact: A local user may be able to view sensitive user information
Description: An issue existed in the handling of environment
variables. This issue was addressed with improved validation.
CVE-2020-9934: an anonymous researcher
Crash Reporter
Available for: macOS Catalina 10.15.5
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360
BugCloud
Grpahics Drivers
Available for: macOS Catalina 10.15.5
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9799: ABC Research s.r.o.
Heimdal
Available for: macOS Catalina 10.15.5
Impact: A local user may be able to leak sensitive user information
Description: This issue was addressed with improved data protection.
CVE-2020-9913: Cody Thomas of SpecterOps
ImageIO
Available for: macOS Catalina 10.15.5
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9936: Mickey Jin of Trend Micro
Kernel
Available for: macOS Catalina 10.15.5
Impact: An attacker in a privileged network position may be able to
inject into active connections within a VPN tunnel
Description: A routing issue was addressed with improved
restrictions.
CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R.
Crandall
Mail
Available for: macOS Catalina 10.15.5
Impact: A remote attacker can cause a limited out-of-bounds write,
resulting in a denial of service
Description: An input validation issue was addressed.
CVE-2019-19906
Messages
Available for: macOS Catalina 10.15.5
Impact: A user that is removed from an iMessage group could rejoin
the group
Description: An issue existed in the handling of iMessage tapbacks.
The issue was resolved with additional verification.
CVE-2020-9885: an anonymous researcher, Suryansh Mansharamani, of WWP
High School North (medium.com/@suryanshmansha)
Model I/O
Available for: macOS Catalina 10.15.5
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2020-9878: Holger Fuhrmannek of Deutsche Telekom Security
Security
Available for: macOS Catalina 10.15.5
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9864: Alexander Holodny
Vim
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: This issue was addressed with improved checks.
CVE-2019-20807: Guilherme de Almeida Suckevicz
Wi-Fi
Available for: macOS Catalina 10.15.5
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud
(bugcloud.360.cn)
Additional recognition
USB Audio
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
Installation note:
macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security
Update 2020-004 High Sierra may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl8PNx0ACgkQBz4uGe3y
0M3aXhAAm0hhJpdR0h7uhbtT6LkOuBAYbn0ivAbaB2wzEgZJNXBi9pwd/eL+I1tZ
FsYG2Ux0P7VOXClepKzM/yi2Y9w9JZt/u5jSpps7n4/6k4JpcBT74IBF8A4iUvfQ
DZcd58rTYf7PuO28ZW9FcYVhgMrN1oPheg0yr+ZaM+0wJrBfPg5STX9AwtPw5P4B
aDMYGqv6EQLRiI/cj18/BnLD9kuYq2/fvO/AVjTzAGWVWmY0jpEaaHoeEgSbocNd
qVpobhb8K8aK3PjfocK62hSH9DF0yBQYVsnX+bRmTDqzkWK4FXN6fG2ObiI+9ytq
wJ6RPT9N5rkIsru8iqaYW6vo5eS61tCAxSgsOsWsm9+KAaBLOnrLzago3kQbtnTG
SQBDDSW5w1iI/+kypdCCE67I67psSxPfrDdPU2wG3arQjnE4xm7S4eOE+9cBlKY+
bsNpFcYgShyZ6GnaJ1yVbZgR2zK97xbKYp8xbEOICeCchO1vF31hlDxsMl09UV1U
eYJ3sOqBUxDpUj2vjpP9pB4ocSlHdAENL/5dyWUPlx8wjpnodRX2HsPHonjTqM4y
kgwJjHI26LZWU4icKIPvl8875ksw/sCmKpVZlbF0IRPvd58ITt5rSvUTQulKqVs6
ML/l/uIf4shjBmNz0xdQlzsdctxdnPh1ge1kNfH34X4JgPWVWaM=
=GCJp
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXw/fvuNLKJtyKPYoAQjn4xAAqgnpAe+U4Q6g8f1ysubnzIpftDnu+/1C
iNyQ3BsbDqppytjSq7Y7YLKhQi2I6QBJhoMohCRwHx3uW8DIBT4+TkIBTgm/1JR+
vwzNFjt3tOhyFuA8ryvc5MHnqQsBxyvgYTPK86L4w8JfZBpssi2Ui5f3TaEtlOuy
i0grcZi8ZjHUBNkzMCvJKmhHcpJqo2VhPDt1/LTUvi822v8oHeM017mb5mmRN4mK
H861ZCNbMwmZCsWbMo2A5rzohTByKaCBkcqjrYbtN9rRG6hfd1fObdVRfFvOQ0dX
+9SPZeZRApx253Rvw10rpUxfvaUeNoAf15pshmGtKS9Qh410QpwSptYD9PtaFd7D
6xsV+j5jnm1t/Rop7PPP3Qx1JsRYhkpcjiPwRKQ+M4UmO3w9ChNUXni+bgqsg5aa
9+bjquWibd/rHWVdHUq7ANocnnf5U7XB36kxHp0uqrjp8SK+7RJIibZYJlIn3bgb
wMO6aymGxGySW1Z5zIjBEh272NSxkICK0MOFEwcKoxDxagVumBkpS8bX2XIl8NjI
q0VcmU6aVkjnpp5xne9HDzKCTOzBhrK2gw93sgGQl5O2gd3l0xFmRBZAKBjd6OSD
kTECqLvWR/W7nPgfy9J4XFbxXTuCMvYvjug41vO8xREsvuLu2lnqTdLcbRyVD77e
+omSECrbATQ=
=y8A8
-----END PGP SIGNATURE-----