Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.4060.2
APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1
15 December 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: macOS Big Sur
Publisher: Apple
Operating System: Mac OS
Impact/Access: Root Compromise -- Remote with User Interaction
Execute Arbitrary Code/Commands -- Remote with User Interaction
Increased Privileges -- Existing Account
Denial of Service -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Unauthorised Access -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-27952 CVE-2020-27950 CVE-2020-27932
CVE-2020-27931 CVE-2020-27930 CVE-2020-27927
CVE-2020-27924 CVE-2020-27923 CVE-2020-27922
CVE-2020-27921 CVE-2020-27920 CVE-2020-27919
CVE-2020-27918 CVE-2020-27917 CVE-2020-27916
CVE-2020-27915 CVE-2020-27914 CVE-2020-27912
CVE-2020-27911 CVE-2020-27910 CVE-2020-27909
CVE-2020-27908 CVE-2020-27907 CVE-2020-27906
CVE-2020-27904 CVE-2020-27903 CVE-2020-27901
CVE-2020-27900 CVE-2020-27899 CVE-2020-27898
CVE-2020-27897 CVE-2020-27896 CVE-2020-27894
CVE-2020-15358 CVE-2020-14155 CVE-2020-13631
CVE-2020-13630 CVE-2020-13524 CVE-2020-13435
CVE-2020-13434 CVE-2020-10663 CVE-2020-10017
CVE-2020-10016 CVE-2020-10015 CVE-2020-10014
CVE-2020-10012 CVE-2020-10011 CVE-2020-10010
CVE-2020-10009 CVE-2020-10008 CVE-2020-10007
CVE-2020-10006 CVE-2020-10004 CVE-2020-10003
CVE-2020-10002 CVE-2020-9999 CVE-2020-9996
CVE-2020-9991 CVE-2020-9989 CVE-2020-9988
CVE-2020-9978 CVE-2020-9977 CVE-2020-9975
CVE-2020-9974 CVE-2020-9971 CVE-2020-9969
CVE-2020-9967 CVE-2020-9966 CVE-2020-9965
CVE-2020-9963 CVE-2020-9962 CVE-2020-9960
CVE-2020-9956 CVE-2020-9955 CVE-2020-9949
CVE-2020-9945 CVE-2020-9944 CVE-2020-9943
CVE-2020-9942 CVE-2020-9941 CVE-2020-9883
CVE-2020-9876 CVE-2020-9849 CVE-2019-20838
CVE-2019-14899
Reference: ASB-2020.0186
ESB-2020.3919
ESB-2020.3918
ESB-2020.3911
ESB-2020.3909
ESB-2020.3884
ESB-2020.2879
Original Bulletin:
https://support.apple.com/HT211931
Revision History: December 15 2020: Additional CVEs added by vendor
November 16 2020: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2020-12-14-4 Additional information for
APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1
macOS Big Sur 11.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT211931.
AMD
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-27914: Yu Wang of Didi Research America
CVE-2020-27915: Yu Wang of Didi Research America
Entry added December 14, 2020
App Store
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable
code.
CVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab
Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab
Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab
Bluetooth
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause unexpected application
termination or heap corruption
Description: Multiple integer overflows were addressed with improved
input validation.
CVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
CoreAudio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27908: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab
CVE-2020-27909: Anonymous working with Trend Micro Zero Day
Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year
Lab
CVE-2020-9960: JunDong Xie and XingWei Lin of Ant Security Light-Year
Lab
Entry added December 14, 2020
CoreAudio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Security Light-Year Lab
CoreCapture
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9949: Proteas
CoreGraphics
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro
Crash Reporter
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local attacker may be able to elevate their privileges
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed with improved path sanitization.
CVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan
CoreText
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-27922: Mickey Jin of Trend Micro
Entry added December 14, 2020
CoreText
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9999: Apple
Entry updated December 14, 2020
Disk Images
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9965: Proteas
CVE-2020-9966: Proteas
Finder
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Users may be unable to remove metadata indicating where files
were downloaded from
Description: The issue was addressed with additional user controls.
CVE-2020-27894: Manuel Trezza of Shuggr (shuggr.com)
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-9962: YiÄ\x{159}it Can YILMAZ (@yilmazcanyigit)
Entry added December 14, 2020
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of
Trend Micro
Entry added December 14, 2020
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile
Security Research Team working with Trend Microâ\x{128}\x{153}s Zero Day Initiative
Entry added December 14, 2020
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed with improved input validation.
CVE-2020-27931: Apple
Entry added December 14, 2020
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution. Apple is aware of reports that an exploit for this
issue exists in the wild.
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-27930: Google Project Zero
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab
Foundation
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local user may be able to read arbitrary files
Description: A logic issue was addressed with improved state
management.
CVE-2020-10002: James Hutchins
HomeKit
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An attacker in a privileged network position may be able to
unexpectedly alter application state
Description: This issue was addressed with improved setting
propagation.
CVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana
University Bloomington, Yan Jia of Xidian University and University
of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University
of Science and Technology
Entry added December 14, 2020
ImageIO
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9955: Mickey Jin of Trend Micro, Xingwei Lin of Ant Security
Light-Year Lab
Entry added December 14, 2020
ImageIO
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27924: Lei Sun
Entry added December 14, 2020
ImageIO
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab
CVE-2020-27923: Lei Sun
Entry updated December 14, 2020
ImageIO
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9876: Mickey Jin of Trend Micro
Intel Graphics Driver
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
CVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc.,
and Luyi Xing of Indiana University Bloomington
Entry added December 14, 2020
Intel Graphics Driver
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
Entry added December 14, 2020
Image Processing
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei
Lin of Ant Security Light-Year Lab
Entry added December 14, 2020
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2020-9967: Alex Plaskett (@alexjplaskett)
Entry added December 14, 2020
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9975: Tielei Wang of Pangu Lab
Entry added December 14, 2020
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed with improved state
handling.
CVE-2020-27921: Linus Henze (pinauten.de)
Entry added December 14, 2020
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue existed resulting in memory corruption.
This was addressed with improved state management.
CVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqong
Security Lab
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An attacker in a privileged network position may be able to
inject into active connections within a VPN tunnel
Description: A routing issue was addressed with improved
restrictions.
CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R.
Crandall
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to disclose kernel
memory. Apple is aware of reports that an exploit for this issue
exists in the wild.
Description: A memory initialization issue was addressed.
CVE-2020-27950: Google Project Zero
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-9974: Tommy Muir (@Muirey03)
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-10016: Alex Helie
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges. Apple is aware of reports that an exploit for
this issue exists in the wild.
Description: A type confusion issue was addressed with improved state
handling.
CVE-2020-27932: Google Project Zero
libxml2
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27917: found by OSS-Fuzz
CVE-2020-27920: found by OSS-Fuzz
Entry updated December 14, 2020
libxml2
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-27911: found by OSS-Fuzz
libxpc
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved validation.
CVE-2020-9971: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Entry added December 14, 2020
libxpc
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to break out of its
sandbox
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Logging
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local attacker may be able to elevate their privileges
Description: A path handling issue was addressed with improved
validation.
CVE-2020-10010: Tommy Muir (@Muirey03)
Mail
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to unexpectedly alter
application state
Description: This issue was addressed with improved checks.
CVE-2020-9941: Fabian Ising of FH Münster University of Applied
Sciences and Damian Poddebniak of FH Münster University of Applied
Sciences
Messages
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local user may be able to discover a userâ\x{128}\x{153}s deleted
messages
Description: The issue was addressed with improved deletion.
CVE-2020-9988: William Breuer of the Netherlands
CVE-2020-9989: von Brunn Media
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-10011: Aleksandar Nikolic of Cisco Talos
Entry added December 14, 2020
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-13524: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-10004: Aleksandar Nikolic of Cisco Talos
NetworkExtension
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to elevate privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and
Mickey Jin of Trend Micro
NSRemoteView
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved restrictions.
CVE-2020-27901: Thijs Alkemade of Computest Research Division
Entry added December 14, 2020
NSRemoteView
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to preview files it does
not have access to
Description: An issue existed in the handling of snapshots. The issue
was resolved with improved permissions logic.
CVE-2020-27900: Thijs Alkemade of Computest Research Division
PCRE
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Multiple issues in pcre
Description: Multiple issues were addressed by updating to version
8.44.
CVE-2019-20838
CVE-2020-14155
Power Management
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-10007: singi@theori working with Trend Micro Zero Day
Initiative
python
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Cookies belonging to one origin may be sent to another origin
Description: Multiple issues were addressed with improved logic.
CVE-2020-27896: an anonymous researcher
Quick Look
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious app may be able to determine the existence of
files on the computer
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security
Quick Look
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted document may lead to a cross
site scripting attack
Description: An access issue was addressed with improved access
restrictions.
CVE-2020-10012: Heige of KnownSec 404 Team
(https://www.knownsec.com/) and Bo Qu of Palo Alto Networks
(https://www.paloaltonetworks.com/)
Ruby
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to modify the file system
Description: A path handling issue was addressed with improved
validation.
CVE-2020-27896: an anonymous researcher
Ruby
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: When parsing certain JSON documents, the json gem can be
coerced into creating arbitrary objects in the target system
Description: This issue was addressed with improved checks.
CVE-2020-10663: Jeremy Evans
Safari
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A spoofing issue existed in the handling of URLs. This
issue was addressed with improved input validation.
CVE-2020-9945: Narendra Bhati From Suma Soft Pvt. Ltd. Pune (India)
@imnarendrabhati
Safari
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to determine a user's
open tabs in Safari
Description: A validation issue existed in the entitlement
verification. This issue was addressed with improved validation of
the process entitlement.
CVE-2020-9977: Josh Parnham (@joshparnham)
Safari
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2020-9942: an anonymous researcher, Rahul d Kankrale
(servicenger.com), Rayyan Bijoora (@Bijoora) of The City School, PAF
Chapter, Ruilin Yang of Tencent Security Xuanwu Lab, YoKo Kho
(@YoKoAcc) of PT Telekomunikasi Indonesia (Persero) Tbk, Zhiyang
Zeng(@Wester) of OPPO ZIWU Security Lab
Sandbox
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local user may be able to view senstive user information
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-9969: Wojciech ReguÃ…\x{130}a of SecuRing (wojciechregula.blog)
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-9991
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to leak memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9849
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating SQLite to
version 3.32.3.
CVE-2020-15358
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A maliciously crafted SQL query may lead to data corruption
Description: This issue was addressed with improved checks.
CVE-2020-13631
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-13434
CVE-2020-13435
CVE-2020-9991
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-13630
Symptom Framework
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local attacker may be able to elevate their privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27899: 08Tc3wBB working with ZecOps
Entry added December 14, 2020
System Preferences
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved state
management.
CVE-2020-10009: Thijs Alkemade of Computest Research Division
TCC
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application with root privileges may be able to
access private information
Description: A logic issue was addressed with improved restrictions.
CVE-2020-10008: Wojciech ReguÃ…\x{130}a of SecuRing (wojciechregula.blog)
Entry added December 14, 2020
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27918: Liu Long of Ant Security Light-Year Lab
Entry updated December 14, 2020
Wi-Fi
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An attacker may be able to bypass Managed Frame Protection
Description: A denial of service issue was addressed with improved
state handling.
CVE-2020-27898: Stephan Marais of University of Johannesburg
Xsan
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to access restricted
files
Description: This issue was addressed with improved entitlements.
CVE-2020-10006: Wojciech ReguÃ…\x{130}a (@_r3ggi) of SecuRing
Additional recognition
802.1X
We would like to acknowledge Kenana Dalle of Hamad bin Khalifa
University and Ryan Riley of Carnegie Mellon University in Qatar for
their assistance.
Entry added December 14, 2020
Audio
We would like to acknowledge JunDong Xie and XingWei Lin of Ant-
financial Light-Year Security Lab, an anonymous researcher for their
assistance.
Bluetooth
We would like to acknowledge Andy Davis of NCC Group, Dennis Heinze
(@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their
assistance.
Entry updated December 14, 2020
Clang
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Core Location
We would like to acknowledge YiÄ\x{159}it Can YILMAZ (@yilmazcanyigit) for
their assistance.
Crash Reporter
We would like to acknowledge Artur Byszko of AFINE for their
assistance.
Entry added December 14, 2020
Directory Utility
We would like to acknowledge Wojciech ReguÃ…\x{130}a (@_r3ggi) of SecuRing
for their assistance.
iAP
We would like to acknowledge Andy Davis of NCC Group for their
assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero,
Stephen Röttger of Google for their assistance.
libxml2
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added December 14, 2020
Login Window
We would like to acknowledge Rob Morton of Leidos for their
assistance.
Photos Storage
We would like to acknowledge Paulos Yibelo of LimeHats for their
assistance.
Quick Look
We would like to acknowledge Csaba Fitzl (@theevilbit) and Wojciech
ReguÃ…\x{130}a of SecuRing (wojciechregula.blog) for their assistance.
Safari
We would like to acknowledge Gabriel Corona and Narendra Bhati From
Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati for their
assistance.
Security
We would like to acknowledge Christian Starkjohann of Objective
Development Software GmbH for their assistance.
System Preferences
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl/YDPwACgkQZcsbuWJ6
jjANmhAAoj+ZHNnH2pGDFl2/jrAtvWBtXg8mqw6NtNbGqWDZFhnY5q7Lp8WTx/Pi
x64A4F8bU5xcybnmaDpK5PMwAAIiAg4g1BhpOq3pGyeHEasNx7D9damfqFGKiivS
p8nl62XE74ayfxdZGa+2tOVFTFwqixfr0aALVoQUhAWNeYuvVSgJXlgdGjj+QSL+
9vW86kbQypOqT5TPDg6tpJy3g5s4hotkfzCfxA9mIKOg5e/nnoRNhw0c1dzfeTRO
INzGxnajKGGYy2C3MH6t0cKG0B6cH7aePZCHYJ1jmuAVd0SD3PfmoT76DeRGC4Ri
c8fGD+5pvSF6/+5E+MbH3t3D6bLiCGRFJtYNMpr46gUKKt27EonSiheYCP9xR6lU
ChpYdcgHMOHX4a07/Oo8vEwQrtJ4JryhI9tfBel1ewdSoxk2iCFKzLLYkDMihD6B
1x/9MlaqEpLYBnuKkrRzFINW23TzFPTI/+i2SbUscRQtK0qE7Up5C+IUkRvBGhEs
MuEmEnn5spnVG2EBcKeLtJxtf/h5WaRFrev72EvSVR+Ko8Cj0MgK6IATu6saq8bV
kURL5empvpexFAvVQWRDaLgGBHKM+uArBz2OP6t7wFvD2p1Vq5M+dMrEPna1JO/S
AXZYC9Y9bBRZfYQAv7nxa+uIXy2rGTuQKQY8ldu4eEHtJ0OhaB8=
=T5Y8
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX9hSs+NLKJtyKPYoAQhy0Q//agruHlkfAirDJ/EuNeMT4us4xPOCcf3f
FWs3/7rD2l/g00pojkaeSJE9BALA/ANppsju/Y8asLvHCHaGJydoScgRoZ0ZiscY
Iv6QQS+YQm4L5oMSYLzsg+jCOeU9pu3nIn55ixyQFGpuU0SwwAU1aAqs89XTr+EA
zaQiblLAtweSnjheWpn0K5p2LpKTFQXzN3v9XLr25aky4VsQfNcxS+Gw8LKlLwOR
iRrRU0Egy9ti9u1tGquUXkxHdf5b08CuHOpcWSf3ggth4GBimz7rtGdjqyz1GAMo
ohgEXQcdvsf4JaiC53NaiPi85PXVBRwMdLObr4cbZGEbVNnL7V1LSAA83HaHWfNe
fAR7/UI+Xkb4vLffLSvleKUo+FydA2wwt3mrdte6AOxZow3hdkaz/HV+jdfDSGos
+pdbykGmLUIdP3eZ6z3AzeGsSRJmY3hCQh0pdV5p2HYCpiyoSag1CZmUcwON8FTN
fT3I5MAfY0Rf0OQYXV4T5zrQrPq4YvsnifBnnUsU5pozosDW6R3uS5d2doCmyvKh
wua88NxwRU8DzEMz279rfBFThovD0DbdZH7TNtYE6vkSmtynsOZFCeCTLmr+tK8U
wU1faMYACF/0HYiu07C585pgnRTpPw/a8najfDsts+UgxBH8+mwZkH0DQpUNvJIp
eoUsfUrdZ60=
=Zhis
-----END PGP SIGNATURE-----