Operating System:

[Mac]

Published:

16 November 2020

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2020.3307.3
APPLE-SA-2020-09-24-1 macOS Catalina 10.15.6 Supplemental Update, Security
       Update 2020-005 High Sierra, Security Update 2020-005 Mojave
                             16 November 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           macOS High Sierra
                   macOS Mojave
                   macOS Catalina
Publisher:         Apple
Operating System:  Mac OS
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account            
                   Denial of Service               -- Remote with User Interaction
                   Reduced Security                -- Remote/Unauthenticated      
                   Access Confidential Data        -- Existing Account            
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-13520 CVE-2020-10011 CVE-2020-9986
                   CVE-2020-9981 CVE-2020-9973 CVE-2020-9968
                   CVE-2020-9961 CVE-2020-9954 CVE-2020-9941

Reference:         ESB-2020.3307.2
                   ESB-2020.3185
                   ESB-2020.3183
                   ESB-2020.3181

Original Bulletin: 
   https://support.apple.com/en-nz/HT211849

Revision History:  November  16 2020: Vendor added additional entries, CVEs and updated entries
                   October    6 2020: Updated Title, Operating System and Product Tag
                   September 25 2020: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2020-11-13-7 Additional information for
APPLE-SA-2020-09-24-1 macOS Catalina 10.15.7, Security
Update 2020-005 High Sierra, Security Update 2020-005 Mojave

macOS Catalina 10.15.7, Security Update 2020-005 High Sierra,
Security Update 2020-005 Mojave addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT211849.

CoreAudio
Available for: macOS Catalina 10.15
Impact: Playing a malicious audio file may lead to arbitrary code
execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2020-9954: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Group Light-Year Security Lab
Entry added November 12, 2020

Find My
Available for: macOS Catalina 10.15
Impact: A malicious application may be able to read sensitive
location information
Description: A file access issue existed with certain home folder
files. This was addressed with improved access restrictions.
CVE-2020-9986: Tim Kornhuber, Milan Stute and Alexander Heinrich of
TU Darmstadt, Secure Mobile Networking Lab
Entry added November 12, 2020

ImageIO
Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS
Catalina 10.15
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab
Entry updated November 12, 2020

libxml2
Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9981: found by OSS-Fuzz
Entry added November 12, 2020

Mail
Available for: macOS High Sierra 10.13.6
Impact: A remote attacker may be able to unexpectedly alter
application state
Description: This issue was addressed with improved checks.
CVE-2020-9941: Fabian Ising of FH University of Applied
Sciences and Damian Poddebniak of FH University of Applied
Sciences

Model I/O
Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS
Catalina 10.15
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-10011: Aleksandar Nikolic of Cisco Talos
CVE-2020-9973: Aleksandar Nikolic of Cisco Talos
Entry updated November 12, 2020

Model I/O
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-13520: Aleksandar Nikolic of Cisco Talos
Entry added November 12, 2020

Sandbox
Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS
Catalina 10.15
Impact: A malicious application may be able to access restricted
files
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9968: Adam Chester(@_xpn_) of TrustedSec
Entry updated November 12, 2020

Additional recognition

Bluetooth
We would like to acknowledge Andy Davis of NCC Group for their
assistance.

Installation note:

macOS Catalina 10.15.7, Security Update 2020-005 High Sierra,
Security Update 2020-005 Mojave may be obtained from the Mac App
Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+uxoYACgkQZcsbuWJ6
jjCHdw//WLFqNbXU96dGvxxomfbZOJcbQJZNR2IfaJdfgyh7tXDM0iQ6u3pYiaE4
6ChayI2VZ7y0Aq0X8PkuIOCbin++/moGLuGrIEOYHaA9aiohD+YX9WMcKrk55B1K
LBhZ9bBz2gPBzOUhVO63XW7nspS9tzhL+nyt1q4WeLbcYaLvEdV1ZJyrtQ7aBw1D
RKFTKKxvOTgo+EdTq67zqWQNkTLdaz1Ls1NonDCVnd/p4M10Aa6iCUyA/q2OZFEL
dmHAab1m+RBtkMCBaOXLlxQ09aBrBsJPQFRq0bH5btR1Od4GHyA+eXBmOLCggrM1
f64jsg/m9E+XgZ0OcBQ9X5Yh4kyBKw00EORGuSREAlvXl2WD87GlQzUpa53aMFf/
TjVEG79nWEWzxzNDFRPq6PXLrdbEUFizEEw0FffNPi4KjykntKtnQFJoqZiiWsSM
Zmx7TI83KAdDYLusw5RYGhTb2fpfQKHLENnRpYvPC+b+pCyu+6RJC+mxHY2W9iAS
K/yULJhphnQWyLO7kiiqLD1t77CDTUXNneei4WpS+L3SA7EjdcyLt/CZv4pBD2n1
/4RZXacoP1D7GabKK0DOB3tZHRqOuWa24NlkK3IzuejJJCbVhtji1yex7wU6gTW+
GEvH223424RO/8Kssd0/cgGfXQszDQLxZZIzooEUjxVcQ7tkxaI=
=QB9p
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX7HXleNLKJtyKPYoAQiG5xAAlHWS8m0eJLOIJXQ3AAFWUxvjoZyHrorK
Ic3y1z3e49OuLI7TRuWYkTgWBBB/Xo0k+kgdK74CfOWhXrsvsDY0XMmssCzWW5cy
J5zjLFuIQU+4E32dWy/qY/rEtECM/eFA9dxaGqqYWaDE1lU07566a2EK21+E9jkJ
uELktxesNFhuhP8OCBsWXX6RvZmJe8++w8aKIg0CrAWknPYjjsSXNx/90rejiis9
ASBp0rODP8kLvKyLq7Ee53ZCJBDiGWrJXBwyiuG2jyPKJVvAHpJ0jWf88Qx/XaYV
sGpYC8KVyTbLkncMPAWz5v5FFtNNJzIVKLMgIouC7p5elygAkJpRk1jkNt23KfRq
PJmacX5RfOQUuL7pt58dZmSJUTSVk9qs1jbUdz3rkxaWJCrLB3MmqboeEiW5cmWB
W77Q9BCe8lysMEQHxrOX3XjK7mZZhng1vvSbwMpNPpA0NbWwY+hXReNUkMPpZLj3
hakFnj0jYPEwf6SvlT6wpCG6qv5LXczBuXGSZ4jNmzNoDKzc0EEB01e2thvWYDBo
vsMgoGMbaVHjcwjp7wfWVvR/OmlN9GGiX84LcSsK0vEmJiRCDrr0f92MBT0oFHjq
rZjqymv/BBi1UrWyb0arhccKWOdrtyI/8s1EOMcImCYNJ3r4d7Au1t/uIQfQ3JLP
hJgWF7IpYbg=
=LbZd
-----END PGP SIGNATURE-----