Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.4060.2 APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1 15 December 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: macOS Big Sur Publisher: Apple Operating System: Mac OS Impact/Access: Root Compromise -- Remote with User Interaction Execute Arbitrary Code/Commands -- Remote with User Interaction Increased Privileges -- Existing Account Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Unauthorised Access -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-27952 CVE-2020-27950 CVE-2020-27932 CVE-2020-27931 CVE-2020-27930 CVE-2020-27927 CVE-2020-27924 CVE-2020-27923 CVE-2020-27922 CVE-2020-27921 CVE-2020-27920 CVE-2020-27919 CVE-2020-27918 CVE-2020-27917 CVE-2020-27916 CVE-2020-27915 CVE-2020-27914 CVE-2020-27912 CVE-2020-27911 CVE-2020-27910 CVE-2020-27909 CVE-2020-27908 CVE-2020-27907 CVE-2020-27906 CVE-2020-27904 CVE-2020-27903 CVE-2020-27901 CVE-2020-27900 CVE-2020-27899 CVE-2020-27898 CVE-2020-27897 CVE-2020-27896 CVE-2020-27894 CVE-2020-15358 CVE-2020-14155 CVE-2020-13631 CVE-2020-13630 CVE-2020-13524 CVE-2020-13435 CVE-2020-13434 CVE-2020-10663 CVE-2020-10017 CVE-2020-10016 CVE-2020-10015 CVE-2020-10014 CVE-2020-10012 CVE-2020-10011 CVE-2020-10010 CVE-2020-10009 CVE-2020-10008 CVE-2020-10007 CVE-2020-10006 CVE-2020-10004 CVE-2020-10003 CVE-2020-10002 CVE-2020-9999 CVE-2020-9996 CVE-2020-9991 CVE-2020-9989 CVE-2020-9988 CVE-2020-9978 CVE-2020-9977 CVE-2020-9975 CVE-2020-9974 CVE-2020-9971 CVE-2020-9969 CVE-2020-9967 CVE-2020-9966 CVE-2020-9965 CVE-2020-9963 CVE-2020-9962 CVE-2020-9960 CVE-2020-9956 CVE-2020-9955 CVE-2020-9949 CVE-2020-9945 CVE-2020-9944 CVE-2020-9943 CVE-2020-9942 CVE-2020-9941 CVE-2020-9883 CVE-2020-9876 CVE-2020-9849 CVE-2019-20838 CVE-2019-14899 Reference: ASB-2020.0186 ESB-2020.3919 ESB-2020.3918 ESB-2020.3911 ESB-2020.3909 ESB-2020.3884 ESB-2020.2879 Original Bulletin: https://support.apple.com/HT211931 Revision History: December 15 2020: Additional CVEs added by vendor November 16 2020: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1 macOS Big Sur 11.0.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT211931. AMD Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2020-27914: Yu Wang of Didi Research America CVE-2020-27915: Yu Wang of Didi Research America Entry added December 14, 2020 App Store Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab Audio Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light- Year Lab Audio Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab Audio Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab Audio Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab Bluetooth Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to cause unexpected application termination or heap corruption Description: Multiple integer overflows were addressed with improved input validation. CVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab CoreAudio Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-27908: JunDong Xie and XingWei Lin of Ant Security Light- Year Lab CVE-2020-27909: Anonymous working with Trend Micro Zero Day Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year Lab CVE-2020-9960: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab Entry added December 14, 2020 CoreAudio Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Security Light-Year Lab CoreCapture Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9949: Proteas CoreGraphics Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro Crash Reporter Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A local attacker may be able to elevate their privileges Description: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. CVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan CoreText Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2020-27922: Mickey Jin of Trend Micro Entry added December 14, 2020 CoreText Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2020-9999: Apple Entry updated December 14, 2020 Disk Images Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9965: Proteas CVE-2020-9966: Proteas Finder Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Users may be unable to remove metadata indicating where files were downloaded from Description: The issue was addressed with additional user controls. CVE-2020-27894: Manuel Trezza of Shuggr (shuggr.com) FontParser Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A buffer overflow was addressed with improved size validation. CVE-2020-9962: YiÄ\x{159}it Can YILMAZ (@yilmazcanyigit) Entry added December 14, 2020 FontParser Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of Trend Micro Entry added December 14, 2020 FontParser Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile Security Research Team working with Trend Microâ\x{128}\x{153}s Zero Day Initiative Entry added December 14, 2020 FontParser Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. CVE-2020-27931: Apple Entry added December 14, 2020 FontParser Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild. Description: A memory corruption issue was addressed with improved input validation. CVE-2020-27930: Google Project Zero FontParser Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab Foundation Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A local user may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2020-10002: James Hutchins HomeKit Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An attacker in a privileged network position may be able to unexpectedly alter application state Description: This issue was addressed with improved setting propagation. CVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana University Bloomington, Yan Jia of Xidian University and University of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University of Science and Technology Entry added December 14, 2020 ImageIO Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9955: Mickey Jin of Trend Micro, Xingwei Lin of Ant Security Light-Year Lab Entry added December 14, 2020 ImageIO Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-27924: Lei Sun Entry added December 14, 2020 ImageIO Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab CVE-2020-27923: Lei Sun Entry updated December 14, 2020 ImageIO Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9876: Mickey Jin of Trend Micro Intel Graphics Driver Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day Initiative CVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc., and Luyi Xing of Indiana University Bloomington Entry added December 14, 2020 Intel Graphics Driver Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day Initiative Entry added December 14, 2020 Image Processing Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei Lin of Ant Security Light-Year Lab Entry added December 14, 2020 Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2020-9967: Alex Plaskett (@alexjplaskett) Entry added December 14, 2020 Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9975: Tielei Wang of Pangu Lab Entry added December 14, 2020 Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2020-27921: Linus Henze (pinauten.de) Entry added December 14, 2020 Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management. CVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqong Security Lab Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel Description: A routing issue was addressed with improved restrictions. CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild. Description: A memory initialization issue was addressed. CVE-2020-27950: Google Project Zero Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to determine kernel memory layout Description: A logic issue was addressed with improved state management. CVE-2020-9974: Tommy Muir (@Muirey03) Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2020-10016: Alex Helie Kernel Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild. Description: A type confusion issue was addressed with improved state handling. CVE-2020-27932: Google Project Zero libxml2 Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing maliciously crafted web content may lead to code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-27917: found by OSS-Fuzz CVE-2020-27920: found by OSS-Fuzz Entry updated December 14, 2020 libxml2 Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow was addressed through improved input validation. CVE-2020-27911: found by OSS-Fuzz libxpc Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved validation. CVE-2020-9971: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab Entry added December 14, 2020 libxpc Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to break out of its sandbox Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab Logging Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A local attacker may be able to elevate their privileges Description: A path handling issue was addressed with improved validation. CVE-2020-10010: Tommy Muir (@Muirey03) Mail Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to unexpectedly alter application state Description: This issue was addressed with improved checks. CVE-2020-9941: Fabian Ising of FH Münster University of Applied Sciences and Damian Poddebniak of FH Münster University of Applied Sciences Messages Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A local user may be able to discover a userâ\x{128}\x{153}s deleted messages Description: The issue was addressed with improved deletion. CVE-2020-9988: William Breuer of the Netherlands CVE-2020-9989: von Brunn Media Model I/O Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-10011: Aleksandar Nikolic of Cisco Talos Entry added December 14, 2020 Model I/O Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-13524: Aleksandar Nikolic of Cisco Talos Model I/O Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2020-10004: Aleksandar Nikolic of Cisco Talos NetworkExtension Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to elevate privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and Mickey Jin of Trend Micro NSRemoteView Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved restrictions. CVE-2020-27901: Thijs Alkemade of Computest Research Division Entry added December 14, 2020 NSRemoteView Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to preview files it does not have access to Description: An issue existed in the handling of snapshots. The issue was resolved with improved permissions logic. CVE-2020-27900: Thijs Alkemade of Computest Research Division PCRE Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Multiple issues in pcre Description: Multiple issues were addressed by updating to version 8.44. CVE-2019-20838 CVE-2020-14155 Power Management Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to determine kernel memory layout Description: A logic issue was addressed with improved state management. CVE-2020-10007: singi@theori working with Trend Micro Zero Day Initiative python Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Cookies belonging to one origin may be sent to another origin Description: Multiple issues were addressed with improved logic. CVE-2020-27896: an anonymous researcher Quick Look Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious app may be able to determine the existence of files on the computer Description: The issue was addressed with improved handling of icon caches. CVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security Quick Look Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing a maliciously crafted document may lead to a cross site scripting attack Description: An access issue was addressed with improved access restrictions. CVE-2020-10012: Heige of KnownSec 404 Team (https://www.knownsec.com/) and Bo Qu of Palo Alto Networks (https://www.paloaltonetworks.com/) Ruby Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to modify the file system Description: A path handling issue was addressed with improved validation. CVE-2020-27896: an anonymous researcher Ruby Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: When parsing certain JSON documents, the json gem can be coerced into creating arbitrary objects in the target system Description: This issue was addressed with improved checks. CVE-2020-10663: Jeremy Evans Safari Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Visiting a malicious website may lead to address bar spoofing Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. CVE-2020-9945: Narendra Bhati From Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati Safari Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to determine a user's open tabs in Safari Description: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. CVE-2020-9977: Josh Parnham (@joshparnham) Safari Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2020-9942: an anonymous researcher, Rahul d Kankrale (servicenger.com), Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter, Ruilin Yang of Tencent Security Xuanwu Lab, YoKo Kho (@YoKoAcc) of PT Telekomunikasi Indonesia (Persero) Tbk, Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab Sandbox Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A local user may be able to view senstive user information Description: An access issue was addressed with additional sandbox restrictions. CVE-2020-9969: Wojciech ReguÅ\x{130}a of SecuRing (wojciechregula.blog) SQLite Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-9991 SQLite Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to leak memory Description: An information disclosure issue was addressed with improved state management. CVE-2020-9849 SQLite Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Multiple issues in SQLite Description: Multiple issues were addressed by updating SQLite to version 3.32.3. CVE-2020-15358 SQLite Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A maliciously crafted SQL query may lead to data corruption Description: This issue was addressed with improved checks. CVE-2020-13631 SQLite Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-13434 CVE-2020-13435 CVE-2020-9991 SQLite Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2020-13630 Symptom Framework Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A local attacker may be able to elevate their privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-27899: 08Tc3wBB working with ZecOps Entry added December 14, 2020 System Preferences Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved state management. CVE-2020-10009: Thijs Alkemade of Computest Research Division TCC Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application with root privileges may be able to access private information Description: A logic issue was addressed with improved restrictions. CVE-2020-10008: Wojciech ReguÅ\x{130}a of SecuRing (wojciechregula.blog) Entry added December 14, 2020 WebKit Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-27918: Liu Long of Ant Security Light-Year Lab Entry updated December 14, 2020 Wi-Fi Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: An attacker may be able to bypass Managed Frame Protection Description: A denial of service issue was addressed with improved state handling. CVE-2020-27898: Stephan Marais of University of Johannesburg Xsan Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models) Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2020-10006: Wojciech ReguÅ\x{130}a (@_r3ggi) of SecuRing Additional recognition 802.1X We would like to acknowledge Kenana Dalle of Hamad bin Khalifa University and Ryan Riley of Carnegie Mellon University in Qatar for their assistance. Entry added December 14, 2020 Audio We would like to acknowledge JunDong Xie and XingWei Lin of Ant- financial Light-Year Security Lab, an anonymous researcher for their assistance. Bluetooth We would like to acknowledge Andy Davis of NCC Group, Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their assistance. Entry updated December 14, 2020 Clang We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. Core Location We would like to acknowledge YiÄ\x{159}it Can YILMAZ (@yilmazcanyigit) for their assistance. Crash Reporter We would like to acknowledge Artur Byszko of AFINE for their assistance. Entry added December 14, 2020 Directory Utility We would like to acknowledge Wojciech ReguÅ\x{130}a (@_r3ggi) of SecuRing for their assistance. iAP We would like to acknowledge Andy Davis of NCC Group for their assistance. Kernel We would like to acknowledge Brandon Azad of Google Project Zero, Stephen Röttger of Google for their assistance. libxml2 We would like to acknowledge an anonymous researcher for their assistance. Entry added December 14, 2020 Login Window We would like to acknowledge Rob Morton of Leidos for their assistance. Photos Storage We would like to acknowledge Paulos Yibelo of LimeHats for their assistance. Quick Look We would like to acknowledge Csaba Fitzl (@theevilbit) and Wojciech ReguÅ\x{130}a of SecuRing (wojciechregula.blog) for their assistance. Safari We would like to acknowledge Gabriel Corona and Narendra Bhati From Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati for their assistance. Security We would like to acknowledge Christian Starkjohann of Objective Development Software GmbH for their assistance. System Preferences We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl/YDPwACgkQZcsbuWJ6 jjANmhAAoj+ZHNnH2pGDFl2/jrAtvWBtXg8mqw6NtNbGqWDZFhnY5q7Lp8WTx/Pi x64A4F8bU5xcybnmaDpK5PMwAAIiAg4g1BhpOq3pGyeHEasNx7D9damfqFGKiivS p8nl62XE74ayfxdZGa+2tOVFTFwqixfr0aALVoQUhAWNeYuvVSgJXlgdGjj+QSL+ 9vW86kbQypOqT5TPDg6tpJy3g5s4hotkfzCfxA9mIKOg5e/nnoRNhw0c1dzfeTRO INzGxnajKGGYy2C3MH6t0cKG0B6cH7aePZCHYJ1jmuAVd0SD3PfmoT76DeRGC4Ri c8fGD+5pvSF6/+5E+MbH3t3D6bLiCGRFJtYNMpr46gUKKt27EonSiheYCP9xR6lU ChpYdcgHMOHX4a07/Oo8vEwQrtJ4JryhI9tfBel1ewdSoxk2iCFKzLLYkDMihD6B 1x/9MlaqEpLYBnuKkrRzFINW23TzFPTI/+i2SbUscRQtK0qE7Up5C+IUkRvBGhEs MuEmEnn5spnVG2EBcKeLtJxtf/h5WaRFrev72EvSVR+Ko8Cj0MgK6IATu6saq8bV kURL5empvpexFAvVQWRDaLgGBHKM+uArBz2OP6t7wFvD2p1Vq5M+dMrEPna1JO/S AXZYC9Y9bBRZfYQAv7nxa+uIXy2rGTuQKQY8ldu4eEHtJ0OhaB8= =T5Y8 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX9hSs+NLKJtyKPYoAQhy0Q//agruHlkfAirDJ/EuNeMT4us4xPOCcf3f FWs3/7rD2l/g00pojkaeSJE9BALA/ANppsju/Y8asLvHCHaGJydoScgRoZ0ZiscY Iv6QQS+YQm4L5oMSYLzsg+jCOeU9pu3nIn55ixyQFGpuU0SwwAU1aAqs89XTr+EA zaQiblLAtweSnjheWpn0K5p2LpKTFQXzN3v9XLr25aky4VsQfNcxS+Gw8LKlLwOR iRrRU0Egy9ti9u1tGquUXkxHdf5b08CuHOpcWSf3ggth4GBimz7rtGdjqyz1GAMo ohgEXQcdvsf4JaiC53NaiPi85PXVBRwMdLObr4cbZGEbVNnL7V1LSAA83HaHWfNe fAR7/UI+Xkb4vLffLSvleKUo+FydA2wwt3mrdte6AOxZow3hdkaz/HV+jdfDSGos +pdbykGmLUIdP3eZ6z3AzeGsSRJmY3hCQh0pdV5p2HYCpiyoSag1CZmUcwON8FTN fT3I5MAfY0Rf0OQYXV4T5zrQrPq4YvsnifBnnUsU5pozosDW6R3uS5d2doCmyvKh wua88NxwRU8DzEMz279rfBFThovD0DbdZH7TNtYE6vkSmtynsOZFCeCTLmr+tK8U wU1faMYACF/0HYiu07C585pgnRTpPw/a8najfDsts+UgxBH8+mwZkH0DQpUNvJIp eoUsfUrdZ60= =Zhis -----END PGP SIGNATURE-----