About the security content of macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave - Apple Support
2021-02-18T06:14:03
ID APPLE:HT212147 Type apple Reporter Apple Modified 2021-02-18T06:14:03
Description
About Apple security updates
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Description: An out-of-bounds write was addressed with improved input validation.
CVE-2021-1762: Mickey Jin of Trend Micro
Model I/O
Available for: macOS Catalina 10.15.7
Impact: Processing a maliciously crafted file may lead to heap corruption
Description: This issue was addressed with improved checks.
CVE-2020-29614: ZhiWei Sun (@5n1p3r0010) from Topsec Alpha Lab
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2021-1763: Mickey Jin of Trend Micro working with Trend Micro’s Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: Processing a maliciously crafted image may lead to heap corruption
Description: This issue was addressed with improved checks.
CVE-2021-1767: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2021-1745: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-1753: Mickey Jin of Trend Micro working with Trend Micro’s Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-1768: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative
NetFSFramework
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution
Description: A logic issue was addressed with improved state management.
CVE-2021-1751: Mikko Kenttälä (@Turmio_) of SensorFu
OpenLDAP
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-25709
Power Management
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved state management.
CVE-2020-27938: Tim Michaud (@TimGMichaud) of Leviathan
Screen Sharing
Available for: macOS Big Sur 11.0.1
Impact: Multiple issues in pcre
Description: Multiple issues were addressed by updating to version 8.44.
CVE-2019-20838
CVE-2020-14155
SQLite
Available for: macOS Catalina 10.15.7
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed with improved checks.
CVE-2020-15358
Swift
Available for: macOS Big Sur 11.0.1
Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication
Description: A logic issue was addressed with improved validation.
CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs
WebKit
Available for: macOS Big Sur 11.0.1
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
CVE-2021-1788: Francisco Alonso (@revskills)
WebKit
Available for: macOS Big Sur 11.0.1
Impact: Maliciously crafted web content may violate iframe sandboxing policy
Description: This issue was addressed with improved iframe sandbox enforcement.
CVE-2021-1765: Eliya Stein of Confiant
CVE-2021-1801: Eliya Stein of Confiant
WebKit
Available for: macOS Big Sur 11.0.1
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A type confusion issue was addressed with improved state handling.
CVE-2021-1789: @S0rryMybad of 360 Vulcan Team
WebKit
Available for: macOS Big Sur 11.0.1
Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1871: an anonymous researcher
CVE-2021-1870: an anonymous researcher
WebRTC
Available for: macOS Big Sur 11.0.1
Impact: A malicious website may be able to access restricted ports on arbitrary servers
Description: A port redirection issue was addressed with additional port validation.
CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and Samy Kamkar
Additional recognition
Kernel
We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse Change of Trend Micro for their assistance.
libpthread
We would like to acknowledge CodeColorist of Ant-Financial Light-Year Labs for their assistance.
Login Window
We would like to acknowledge Jose Moises Romero-Villanueva of CrySolve for their assistance.
Mail Drafts
We would like to acknowledge Jon Bottarini of HackerOne for their assistance.
Screen Sharing Server
We would like to acknowledge @gorelics for their assistance.
WebRTC
We would like to acknowledge Philipp Hancke for their assistance.
{"id": "APPLE:HT212147", "bulletinFamily": "software", "title": "About the security content of macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave - Apple Support", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave\n\nReleased February 1, 2021\n\n**Analytics**\n\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2021-1761: Cees Elzinga\n\n**APFS**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: A local user may be able to read arbitrary files\n\nDescription: The issue was addressed with improved permissions logic.\n\nCVE-2021-1797: Thomas Tempelmann\n\n**CFNetwork Cache**\n\nAvailable for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2020-27945: Zhuo Liang of Qihoo 360 Vulcan Team\n\n**CoreAnimation**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: A malicious application could execute arbitrary code leading to compromise of user information\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2021-1760: @S0rryMybad of 360 Vulcan Team\n\n**CoreAudio**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab\n\n**CoreGraphics**\n\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2021-1776: Ivan Fratric of Google Project Zero\n\n**CoreMedia**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT\n\n**CoreText**\n\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A stack overflow was addressed with improved input validation.\n\nCVE-2021-1772: Mickey Jin of Trend Micro working with Trend Micro\u2019s Zero Day Initiative\n\n**CoreText**\n\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro\u2019s Zero Day Initiative\n\n**Crash Reporter**\n\nAvailable for: macOS Catalina 10.15.7\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2021-1761: Cees Elzinga\n\n**Crash Reporter**\n\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2021-1787: James Hutchins\n\n**Crash Reporter**\n\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6\n\nImpact: A local user may be able to create or modify system files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security\n\n**Directory Utility**\n\nAvailable for: macOS Catalina 10.15.7\n\nImpact: A malicious application may be able to access private information\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-27937: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\n**Endpoint Security**\n\nAvailable for: macOS Catalina 10.15.7\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2021-1802: Zhongcheng Li (@CK01) from WPS Security Response Center\n\n**FairPlay**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: A malicious application may be able to disclose kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.\n\nCVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend Micro working with Trend Micro\u2019s Zero Day Initiative\n\n**FontParser**\n\nAvailable for: macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted font may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2021-1790: Peter Nguyen Vu Hoang of STAR Labs\n\n**FontParser**\n\nAvailable for: macOS Mojave 10.14.6\n\nImpact: Processing a maliciously crafted font may lead to arbitrary code execution\n\nDescription: This issue was addressed by removing the vulnerable code.\n\nCVE-2021-1775: Mickey Jin and Qi Sun of Trend Micro\n\n**FontParser**\n\nAvailable for: macOS Mojave 10.14.6\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-29608: Xingwei Lin of Ant Security Light-Year Lab\n\n**FontParser**\n\nAvailable for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2021-1758: Peter Nguyen of STAR Labs\n\n**ImageIO**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An access issue was addressed with improved memory management.\n\nCVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab\n\n**ImageIO**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab\n\nCVE-2021-1743: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro\u2019s Zero Day Initiative, Xingwei Lin of Ant Security Light-Year Lab\n\n** \nImageIO**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab\n\n**ImageIO**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: An out-of-bounds read issue existed in the curl. This issue was addressed with improved bounds checking.\n\nCVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab\n\n**ImageIO**\n\nAvailable for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2021-1736: Xingwei Lin of Ant Security Light-Year Lab\n\nCVE-2021-1785: Xingwei Lin of Ant Security Light-Year Lab\n\n**ImageIO**\n\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2021-1766: Danny Rosseau of Carve Systems\n\n**ImageIO**\n\nAvailable for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2021-1818: Xingwei Lin from Ant-Financial Light-Year Security Lab\n\n**ImageIO**\n\nAvailable for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2021-1742: Xingwei Lin of Ant Security Light-Year Lab\n\nCVE-2021-1746: Mickey Jin & Qi Sun of Trend Micro, Xingwei Lin of Ant Security Light-Year Lab\n\nCVE-2021-1754: Xingwei Lin of Ant Security Light-Year Lab\n\nCVE-2021-1774: Xingwei Lin of Ant Security Light-Year Lab\n\nCVE-2021-1777: Xingwei Lin of Ant Security Light-Year Lab\n\nCVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab\n\n**ImageIO**\n\nAvailable for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2021-1737: Xingwei Lin of Ant Security Light-Year Lab\n\nCVE-2021-1738: Lei Sun\n\nCVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab\n\n**IOKit**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: An application may be able to execute arbitrary code with system privileges\n\nDescription: A logic error in kext loading was addressed with improved state handling.\n\nCVE-2021-1779: Csaba Fitzl (@theevilbit) of Offensive Security\n\n**IOSkywalkFamily**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2021-1757: Pan ZhenPeng (@Peterpan0927) of Alibaba Security, Proteas\n\n**Kernel**\n\nAvailable for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A logic issue existed resulting in memory corruption. This was addressed with improved state management.\n\nCVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab\n\n**Kernel**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2021-1764: @m00nbsd\n\n**Kernel**\n\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6\n\nImpact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: A race condition was addressed with improved locking.\n\nCVE-2021-1782: an anonymous researcher\n\n**Kernel**\n\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2021-1750: @0xalsr\n\n**Login Window**\n\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6\n\nImpact: An attacker in a privileged network position may be able to bypass authentication policy\n\nDescription: An authentication issue was addressed with improved state management.\n\nCVE-2020-29633: Jewel Lambert of Original Spin, LLC.\n\n**Messages**\n\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6\n\nImpact: A user that is removed from an iMessage group could rejoin the group\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2021-1771: Shreyas Ranganatha (@strawsnoceans)\n\n**Model I/O**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2021-1762: Mickey Jin of Trend Micro\n\n**Model I/O**\n\nAvailable for: macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted file may lead to heap corruption\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-29614: ZhiWei Sun (@5n1p3r0010) from Topsec Alpha Lab\n\n**Model I/O**\n\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2021-1763: Mickey Jin of Trend Micro working with Trend Micro\u2019s Zero Day Initiative\n\n**Model I/O**\n\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6\n\nImpact: Processing a maliciously crafted image may lead to heap corruption\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2021-1767: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro\u2019s Zero Day Initiative\n\n**Model I/O**\n\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2021-1745: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro\u2019s Zero Day Initiative\n\n**Model I/O**\n\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2021-1753: Mickey Jin of Trend Micro working with Trend Micro\u2019s Zero Day Initiative\n\n**Model I/O**\n\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2021-1768: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro\u2019s Zero Day Initiative\n\n**NetFSFramework**\n\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6\n\nImpact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2021-1751: Mikko Kentt\u00e4l\u00e4 (@Turmio_) of SensorFu\n\n**OpenLDAP**\n\nAvailable for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-25709\n\n**Power Management**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-27938: Tim Michaud (@TimGMichaud) of Leviathan\n\n**Screen Sharing**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: Multiple issues in pcre\n\nDescription: Multiple issues were addressed by updating to version 8.44.\n\nCVE-2019-20838\n\nCVE-2020-14155\n\n**SQLite**\n\nAvailable for: macOS Catalina 10.15.7\n\nImpact: Multiple issues in SQLite\n\nDescription: Multiple issues were addressed with improved checks.\n\nCVE-2020-15358\n\n**Swift**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs\n\n**WebKit**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2021-1788: Francisco Alonso (@revskills)\n\n**WebKit**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: Maliciously crafted web content may violate iframe sandboxing policy\n\nDescription: This issue was addressed with improved iframe sandbox enforcement.\n\nCVE-2021-1765: Eliya Stein of Confiant\n\nCVE-2021-1801: Eliya Stein of Confiant\n\n**WebKit**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2021-1789: @S0rryMybad of 360 Vulcan Team\n\n**WebKit**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2021-1871: an anonymous researcher\n\nCVE-2021-1870: an anonymous researcher\n\n**WebRTC**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: A malicious website may be able to access restricted ports on arbitrary servers\n\nDescription: A port redirection issue was addressed with additional port validation.\n\nCVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and Samy Kamkar\n\n\n\n## Additional recognition\n\n**Kernel**\n\nWe would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse Change of Trend Micro for their assistance.\n\n**libpthread**\n\nWe would like to acknowledge CodeColorist of Ant-Financial Light-Year Labs for their assistance.\n\n**Login Window**\n\nWe would like to acknowledge Jose Moises Romero-Villanueva of CrySolve for their assistance.\n\n**Mail Drafts**\n\nWe would like to acknowledge Jon Bottarini of HackerOne for their assistance.\n\n**Screen Sharing Server**\n\nWe would like to acknowledge @gorelics for their assistance.\n\n**WebRTC**\n\nWe would like to acknowledge Philipp Hancke for their assistance.\n", "published": "2021-02-18T06:14:03", "modified": "2021-02-18T06:14:03", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://support.apple.com/kb/HT212147", "reporter": "Apple", "references": [], "cvelist": ["CVE-2021-1774", "CVE-2021-1736", "CVE-2021-1753", "CVE-2021-1775", "CVE-2021-1818", "CVE-2020-29614", "CVE-2021-1871", "CVE-2021-1772", "CVE-2021-1763", "CVE-2021-1778", "CVE-2021-1743", "CVE-2021-1769", "CVE-2021-1761", "CVE-2021-1762", "CVE-2021-1802", "CVE-2021-1792", "CVE-2020-14155", "CVE-2021-1757", "CVE-2021-1744", "CVE-2021-1786", "CVE-2021-1791", "CVE-2020-29633", "CVE-2021-1773", "CVE-2021-1767", "CVE-2021-1758", "CVE-2021-1777", "CVE-2021-1771", "CVE-2021-1787", "CVE-2021-1760", "CVE-2019-20838", "CVE-2021-1768", "CVE-2020-27938", "CVE-2021-1870", "CVE-2020-27904", "CVE-2021-1746", "CVE-2021-1745", "CVE-2021-1785", "CVE-2021-1759", "CVE-2021-1737", "CVE-2021-1742", "CVE-2021-1741", "CVE-2021-1747", "CVE-2021-1790", "CVE-2021-1801", "CVE-2020-29608", "CVE-2020-27945", "CVE-2021-1799", "CVE-2021-1788", "CVE-2021-1782", "CVE-2021-1766", "CVE-2021-1783", "CVE-2021-1779", "CVE-2021-1797", "CVE-2021-1738", "CVE-2020-25709", "CVE-2020-15358", "CVE-2021-1754", "CVE-2021-1765", "CVE-2021-1793", "CVE-2021-1776", "CVE-2021-1789", "CVE-2020-27937", "CVE-2021-1764", "CVE-2021-1751", "CVE-2021-1750"], "type": "apple", "lastseen": "2021-02-19T04:41:49", "edition": 2, "viewCount": 243, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["EULEROS_SA-2020-1896.NASL", "EULEROS_SA-2020-2379.NASL", "PHOTONOS_PHSA-2020-3_0-0108_PCRE.NASL", "EULEROS_SA-2020-1950.NASL", "EULEROS_SA-2020-1942.NASL", "MACOS_HT212147.NASL", "EULEROS_SA-2020-1819.NASL", "EULEROS_SA-2020-2458.NASL", "PHOTONOS_PHSA-2020-2_0-0256_PCRE.NASL", "EULEROS_SA-2020-2088.NASL"]}, {"type": "apple", "idList": ["APPLE:HT212148", "APPLE:HT212146", "APPLE:HT212149", "APPLE:HT211931", "APPLE:HT211850", "APPLE:HT211847", "APPLE:HT212152", "APPLE:HT212011", "APPLE:HT211844", "APPLE:HT211843"]}, {"type": "cve", "idList": ["CVE-2020-14155", "CVE-2020-27904", "CVE-2020-15358", "CVE-2019-20838"]}, {"type": "threatpost", "idList": ["THREATPOST:233067E74345C95478CA096160DFCE43", "THREATPOST:4EC160EC2EBC650C54F5047502D0F7A4"]}, {"type": "thn", "idList": ["THN:739D9EFE8C7F1B29E2430DAC65CDEE52", "THN:99F0C5326CD3398017C19279EE84B66E"]}, {"type": "zdi", "idList": ["ZDI-21-142", "ZDI-21-138", "ZDI-21-145", "ZDI-21-141", "ZDI-21-251", "ZDI-21-147", "ZDI-21-139", "ZDI-21-149", "ZDI-21-143", "ZDI-21-146"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:571F8A177DE5469D82A8C2F7E8BE43CB"]}, {"type": "ubuntu", "idList": ["USN-4634-2", "USN-4438-1", "USN-4634-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4792-1:9EED2", "DEBIAN:DLA-2481-1:F1C1C"]}, {"type": "freebsd", "idList": ["0A305431-BC98-11EA-A051-001B217B3468"]}, {"type": "gentoo", "idList": ["GLSA-202007-26"]}, {"type": "lenovo", "idList": ["LENOVO:PS500368-MULTI-VENDOR-BIOS-SECURITY-VULNERABILITIES-NOVEMBER-2020-NOSID", "LENOVO:PS500369-INTEL-CSME-SPS-TXE-DAL-AND-AMT-ADVISORY-NOSID"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2020"]}], "modified": "2021-02-19T04:41:49", "rev": 2}, "score": {"value": 6.2, "vector": "NONE", "modified": "2021-02-19T04:41:49", "rev": 2}, "vulnersScore": 6.2}, "affectedSoftware": [{"name": "macos mojave", "operator": "eq", "version": "10.14.6"}, {"name": "macos big sur", "operator": "eq", "version": "11.0.1"}, {"name": "macos big sur", "operator": "lt", "version": "11.2"}, {"name": "macos catalina", "operator": "eq", "version": "10.15.7"}, {"name": "and macos mojave", "operator": "eq", "version": "10.14.6"}], "scheme": null}
{"nessus": [{"lastseen": "2021-02-09T19:49:00", "description": "The remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.6 Security Update 2021-001\nMojave, 10.15.x prior to 10.15.7 Security Update 2021-001 Catalina, or 11.x prior to 11.2. It is, therefore, affected by\nmultiple vulnerabilities, including the following:\n\n - A logic issue existed resulting in memory corruption. This was addressed with improved state management.\n An application may be able to execute arbitrary code with kernel privileges. (CVE-2020-27904)\n\n - A logic issue existed that allowed applications to execute arbitrary code with kernel privileges.\n (CVE-2021-1750)\n\n - An out-of-bounds-write caused by improper input validation allowed maliciously crafted USD files to\n unexpectedly terminate an application or cause arbitrary code execution. (CVE-2021-1762)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.", "edition": 3, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-02-03T00:00:00", "title": "macOS 10.14.x < 10.14.6 Security Update 2021-001 / 10.15.x < 10.15.7 Security Update 2021-001 / macOS 11.x < 11.2 (HT212147)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-1774", "CVE-2021-1736", "CVE-2021-1753", "CVE-2021-1775", "CVE-2021-1818", "CVE-2020-29614", "CVE-2021-1871", "CVE-2021-1772", "CVE-2021-1763", "CVE-2021-1778", "CVE-2021-1743", "CVE-2021-1769", "CVE-2021-1761", "CVE-2021-1762", "CVE-2021-1802", "CVE-2021-1792", "CVE-2020-14155", "CVE-2021-1757", "CVE-2021-1744", "CVE-2021-1786", "CVE-2021-1791", "CVE-2020-29633", "CVE-2021-1773", "CVE-2021-1767", "CVE-2021-1758", "CVE-2021-1777", "CVE-2021-1771", "CVE-2021-1787", "CVE-2021-1760", "CVE-2019-20838", "CVE-2021-1768", "CVE-2020-27938", "CVE-2021-1870", "CVE-2020-27904", "CVE-2021-1746", "CVE-2021-1745", "CVE-2021-1785", "CVE-2021-1759", "CVE-2021-1737", "CVE-2021-1742", "CVE-2021-1741", "CVE-2021-1747", "CVE-2021-1790", "CVE-2021-1801", "CVE-2020-29608", "CVE-2020-27945", "CVE-2021-1799", "CVE-2021-1788", "CVE-2021-1782", "CVE-2021-1766", "CVE-2021-1783", "CVE-2021-1779", "CVE-2021-1797", "CVE-2021-1738", "CVE-2020-25709", "CVE-2020-15358", "CVE-2021-1754", "CVE-2021-1765", "CVE-2021-1793", "CVE-2021-1776", "CVE-2021-1789", "CVE-2020-27937", "CVE-2021-1764", "CVE-2021-1751", "CVE-2021-1750"], "modified": "2021-02-03T00:00:00", "cpe": ["cpe:/o:apple:macos", "cpe:/o:apple:mac_os_x"], "id": "MACOS_HT212147.NASL", "href": "https://www.tenable.com/plugins/nessus/146086", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146086);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/08\");\n\n script_cve_id(\n \"CVE-2019-20838\",\n \"CVE-2020-14155\",\n \"CVE-2020-15358\",\n \"CVE-2020-25709\",\n \"CVE-2020-27904\",\n \"CVE-2020-27937\",\n \"CVE-2020-27938\",\n \"CVE-2020-27945\",\n \"CVE-2020-29608\",\n \"CVE-2020-29614\",\n \"CVE-2020-29633\",\n \"CVE-2021-1736\",\n \"CVE-2021-1737\",\n \"CVE-2021-1738\",\n \"CVE-2021-1741\",\n \"CVE-2021-1742\",\n \"CVE-2021-1743\",\n \"CVE-2021-1744\",\n \"CVE-2021-1745\",\n \"CVE-2021-1746\",\n \"CVE-2021-1747\",\n \"CVE-2021-1750\",\n \"CVE-2021-1751\",\n \"CVE-2021-1753\",\n \"CVE-2021-1754\",\n \"CVE-2021-1757\",\n \"CVE-2021-1758\",\n \"CVE-2021-1759\",\n \"CVE-2021-1760\",\n \"CVE-2021-1761\",\n \"CVE-2021-1762\",\n \"CVE-2021-1763\",\n \"CVE-2021-1764\",\n \"CVE-2021-1765\",\n \"CVE-2021-1766\",\n \"CVE-2021-1767\",\n \"CVE-2021-1768\",\n \"CVE-2021-1769\",\n \"CVE-2021-1771\",\n \"CVE-2021-1772\",\n \"CVE-2021-1773\",\n \"CVE-2021-1774\",\n \"CVE-2021-1775\",\n \"CVE-2021-1776\",\n \"CVE-2021-1777\",\n \"CVE-2021-1778\",\n \"CVE-2021-1779\",\n \"CVE-2021-1782\",\n \"CVE-2021-1783\",\n \"CVE-2021-1785\",\n \"CVE-2021-1786\",\n \"CVE-2021-1787\",\n \"CVE-2021-1788\",\n \"CVE-2021-1789\",\n \"CVE-2021-1790\",\n \"CVE-2021-1791\",\n \"CVE-2021-1792\",\n \"CVE-2021-1793\",\n \"CVE-2021-1797\",\n \"CVE-2021-1799\",\n \"CVE-2021-1801\",\n \"CVE-2021-1802\",\n \"CVE-2021-1818\",\n \"CVE-2021-1870\",\n \"CVE-2021-1871\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT212147\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2021-02-01-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0058\");\n\n script_name(english:\"macOS 10.14.x < 10.14.6 Security Update 2021-001 / 10.15.x < 10.15.7 Security Update 2021-001 / macOS 11.x < 11.2 (HT212147)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.6 Security Update 2021-001\nMojave, 10.15.x prior to 10.15.7 Security Update 2021-001 Catalina, or 11.x prior to 11.2. It is, therefore, affected by\nmultiple vulnerabilities, including the following:\n\n - A logic issue existed resulting in memory corruption. This was addressed with improved state management.\n An application may be able to execute arbitrary code with kernel privileges. (CVE-2020-27904)\n\n - A logic issue existed that allowed applications to execute arbitrary code with kernel privileges.\n (CVE-2021-1750)\n\n - An out-of-bounds-write caused by improper input validation allowed maliciously crafted USD files to\n unexpectedly terminate an application or cause arbitrary code execution. (CVE-2021-1762)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT212147\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS 10.14.6 Security Update 2021-001 / 10.15.7 Security Update 2021-001 / macOS 11.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27904\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/local_checks_enabled\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras_apple.inc');\n\napp_info = vcf::apple::macos::get_app_info();\n\nconstraints = [\n { 'max_version' : '10.14.6', 'min_version' : '10.14', 'fixed_build': '18G8012', 'fixed_display' : '10.14.6 Security Update 2021-001 Mojave' },\n { 'max_version' : '10.15.7', 'min_version' : '10.15', 'fixed_build': '19H512', 'fixed_display' : '10.15.7 Security Update 2021-001 Catalina' },\n { 'min_version' : '11.0', 'fixed_version' : '11.2', 'fixed_display' : 'macOS Big Sur 11.2' }\n];\n\nvcf::apple::macos::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-10T08:57:04", "description": "An update of the pcre package has been released.", "edition": 2, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2020-07-07T00:00:00", "title": "Photon OS 3.0: Pcre PHSA-2020-3.0-0108", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-14155", "CVE-2019-20838"], "modified": "2020-07-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:pcre", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2020-3_0-0108_PCRE.NASL", "href": "https://www.tenable.com/plugins/nessus/138182", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-3.0-0108. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138182);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/09\");\n\n script_cve_id(\"CVE-2019-20838\", \"CVE-2020-14155\");\n\n script_name(english:\"Photon OS 3.0: Pcre PHSA-2020-3.0-0108\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the pcre package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-108.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14155\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:pcre\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"pcre-8.44-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"pcre-devel-8.44-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"pcre-libs-8.44-1.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pcre\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T09:06:01", "description": "According to the version of the pcre packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - libpcre in PCRE before 8.44 allows an integer overflow\n via a large number after a (?C\n substring.(CVE-2020-14155)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2020-09-02T00:00:00", "title": "EulerOS 2.0 SP5 : pcre (EulerOS-SA-2020-1942)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-14155"], "modified": "2020-09-02T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:pcre-devel", "p-cpe:/a:huawei:euleros:pcre", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1942.NASL", "href": "https://www.tenable.com/plugins/nessus/140163", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140163);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-14155\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : pcre (EulerOS-SA-2020-1942)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the pcre packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - libpcre in PCRE before 8.44 allows an integer overflow\n via a large number after a (?C\n substring.(CVE-2020-14155)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1942\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?007cdc23\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected pcre package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:pcre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:pcre-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"pcre-8.32-17.h11.eulerosv2r7\",\n \"pcre-devel-8.32-17.h11.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pcre\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T09:05:50", "description": "According to the version of the pcre packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerability :\n\n - libpcre in PCRE before 8.44 allows an integer overflow\n via a large number after a (?C\n substring.(CVE-2020-14155)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2020-08-28T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : pcre (EulerOS-SA-2020-1896)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-14155"], "modified": "2020-08-28T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.6.0", "p-cpe:/a:huawei:euleros:pcre-devel", "p-cpe:/a:huawei:euleros:pcre", "p-cpe:/a:huawei:euleros:pcre-utf32", "p-cpe:/a:huawei:euleros:pcre-utf16", "p-cpe:/a:huawei:euleros:pcre-cpp"], "id": "EULEROS_SA-2020-1896.NASL", "href": "https://www.tenable.com/plugins/nessus/139999", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139999);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-14155\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : pcre (EulerOS-SA-2020-1896)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the pcre packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerability :\n\n - libpcre in PCRE before 8.44 allows an integer overflow\n via a large number after a (?C\n substring.(CVE-2020-14155)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1896\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1e659198\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected pcre package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:pcre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:pcre-cpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:pcre-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:pcre-utf16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:pcre-utf32\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"pcre-8.42-4.h2.eulerosv2r8\",\n \"pcre-cpp-8.42-4.h2.eulerosv2r8\",\n \"pcre-devel-8.42-4.h2.eulerosv2r8\",\n \"pcre-utf16-8.42-4.h2.eulerosv2r8\",\n \"pcre-utf32-8.42-4.h2.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pcre\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T09:05:36", "description": "According to the version of the pcre packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - libpcre in PCRE before 8.44 allows an integer overflow\n via a large number after a (?C\n substring.(CVE-2020-14155)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2020-07-30T00:00:00", "title": "EulerOS 2.0 SP8 : pcre (EulerOS-SA-2020-1819)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-14155"], "modified": "2020-07-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:pcre-devel", "p-cpe:/a:huawei:euleros:pcre", "p-cpe:/a:huawei:euleros:pcre-utf32", "p-cpe:/a:huawei:euleros:pcre-utf16", "p-cpe:/a:huawei:euleros:pcre-cpp", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1819.NASL", "href": "https://www.tenable.com/plugins/nessus/139149", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139149);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-14155\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : pcre (EulerOS-SA-2020-1819)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the pcre packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - libpcre in PCRE before 8.44 allows an integer overflow\n via a large number after a (?C\n substring.(CVE-2020-14155)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1819\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8fe072ae\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected pcre package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:pcre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:pcre-cpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:pcre-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:pcre-utf16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:pcre-utf32\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"pcre-8.42-4.h2.eulerosv2r8\",\n \"pcre-cpp-8.42-4.h2.eulerosv2r8\",\n \"pcre-devel-8.42-4.h2.eulerosv2r8\",\n \"pcre-utf16-8.42-4.h2.eulerosv2r8\",\n \"pcre-utf32-8.42-4.h2.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pcre\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T09:06:56", "description": "According to the version of the pcre packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - libpcre in PCRE before 8.44 allows an integer overflow\n via a large number after a (?C\n substring.(CVE-2020-14155)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2020-11-03T00:00:00", "title": "EulerOS 2.0 SP2 : pcre (EulerOS-SA-2020-2379)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-14155"], "modified": "2020-11-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:pcre-devel", "p-cpe:/a:huawei:euleros:pcre", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2379.NASL", "href": "https://www.tenable.com/plugins/nessus/142328", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142328);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-14155\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : pcre (EulerOS-SA-2020-2379)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the pcre packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - libpcre in PCRE before 8.44 allows an integer overflow\n via a large number after a (?C\n substring.(CVE-2020-14155)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2379\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?971b0193\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected pcre package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:pcre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:pcre-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"pcre-8.32-15.1.h5\",\n \"pcre-devel-8.32-15.1.h5\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pcre\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T09:06:03", "description": "According to the version of the pcre packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerability :\n\n - libpcre in PCRE before 8.44 allows an integer overflow\n via a large number after a (?C\n substring.(CVE-2020-14155)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2020-09-08T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : pcre (EulerOS-SA-2020-1950)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-14155"], "modified": "2020-09-08T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.2.0", "p-cpe:/a:huawei:euleros:pcre-devel", "p-cpe:/a:huawei:euleros:pcre"], "id": "EULEROS_SA-2020-1950.NASL", "href": "https://www.tenable.com/plugins/nessus/140320", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140320);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-14155\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : pcre (EulerOS-SA-2020-1950)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the pcre packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerability :\n\n - libpcre in PCRE before 8.44 allows an integer overflow\n via a large number after a (?C\n substring.(CVE-2020-14155)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1950\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?09857a4e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected pcre package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:pcre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:pcre-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"pcre-8.32-17.h11\",\n \"pcre-devel-8.32-17.h11\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pcre\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T09:07:04", "description": "According to the version of the pcre packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerability :\n\n - libpcre in PCRE before 8.44 allows an integer overflow\n via a large number after a (?C\n substring.(CVE-2020-14155)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 5, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2020-11-06T00:00:00", "title": "EulerOS Virtualization 3.0.6.6 : pcre (EulerOS-SA-2020-2458)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-14155"], "modified": "2020-11-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:pcre-devel", "p-cpe:/a:huawei:euleros:pcre", "cpe:/o:huawei:euleros:uvp:3.0.6.6"], "id": "EULEROS_SA-2020-2458.NASL", "href": "https://www.tenable.com/plugins/nessus/142534", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142534);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-14155\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : pcre (EulerOS-SA-2020-2458)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the pcre packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerability :\n\n - libpcre in PCRE before 8.44 allows an integer overflow\n via a large number after a (?C\n substring.(CVE-2020-14155)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2458\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?90d3a045\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected pcre package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14155\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:pcre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:pcre-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"pcre-8.32-17.h11.eulerosv2r7\",\n \"pcre-devel-8.32-17.h11.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pcre\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-10T08:56:54", "description": "An update of the pcre package has been released.", "edition": 2, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2020-07-07T00:00:00", "title": "Photon OS 2.0: Pcre PHSA-2020-2.0-0256", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-14155"], "modified": "2020-07-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:pcre", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2020-2_0-0256_PCRE.NASL", "href": "https://www.tenable.com/plugins/nessus/138191", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-2.0-0256. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138191);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/09\");\n\n script_cve_id(\"CVE-2020-14155\");\n\n script_name(english:\"Photon OS 2.0: Pcre PHSA-2020-2.0-0256\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the pcre package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-256.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14155\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:pcre\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"pcre-8.44-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"pcre-devel-8.44-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"pcre-libs-8.44-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pcre\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T09:06:21", "description": "According to the version of the pcre packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - libpcre in PCRE before 8.44 allows an integer overflow\n via a large number after a (?C\n substring.(CVE-2020-14155)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2020-09-28T00:00:00", "title": "EulerOS 2.0 SP3 : pcre (EulerOS-SA-2020-2088)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-14155"], "modified": "2020-09-28T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:pcre-devel", "p-cpe:/a:huawei:euleros:pcre", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2088.NASL", "href": "https://www.tenable.com/plugins/nessus/140855", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140855);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-14155\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : pcre (EulerOS-SA-2020-2088)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the pcre packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - libpcre in PCRE before 8.44 allows an integer overflow\n via a large number after a (?C\n substring.(CVE-2020-14155)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2088\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e7229d41\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected pcre package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:pcre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:pcre-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"pcre-8.32-15.1.h12\",\n \"pcre-devel-8.32-15.1.h12\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pcre\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "apple": [{"lastseen": "2021-02-02T04:44:57", "bulletinFamily": "software", "cvelist": ["CVE-2021-1818", "CVE-2021-1772", "CVE-2021-1778", "CVE-2021-1743", "CVE-2021-1769", "CVE-2021-1761", "CVE-2021-1792", "CVE-2021-1757", "CVE-2021-1744", "CVE-2021-1786", "CVE-2021-1791", "CVE-2021-1748", "CVE-2021-1773", "CVE-2021-1758", "CVE-2021-1787", "CVE-2021-1760", "CVE-2021-1746", "CVE-2021-1785", "CVE-2021-1759", "CVE-2021-1741", "CVE-2021-1747", "CVE-2021-1801", "CVE-2021-1799", "CVE-2021-1788", "CVE-2021-1782", "CVE-2021-1766", "CVE-2021-1783", "CVE-2021-1797", "CVE-2021-1793", "CVE-2021-1776", "CVE-2021-1789", "CVE-2021-1764", "CVE-2021-1750"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## tvOS 14.4\n\nReleased January 26, 2021\n\n**Analytics**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2021-1761: Cees Elzinga\n\nEntry added February 1, 2021\n\n**APFS**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A local user may be able to read arbitrary files\n\nDescription: The issue was addressed with improved permissions logic.\n\nCVE-2021-1797: Thomas Tempelmann\n\nEntry added February 1, 2021\n\n**CoreAnimation**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application could execute arbitrary code leading to compromise of user information\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2021-1760: @S0rryMybad of 360 Vulcan Team\n\nEntry added February 1, 2021\n\n**CoreAudio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab\n\nEntry added February 1, 2021\n\n**CoreGraphics**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2021-1776: Ivan Fratric of Google Project Zero\n\nEntry added February 1, 2021\n\n**CoreMedia**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT\n\nEntry added February 1, 2021\n\n**CoreText**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A stack overflow was addressed with improved input validation.\n\nCVE-2021-1772: Mickey Jin of Trend Micro\n\nEntry added February 1, 2021\n\n**CoreText**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro\n\nEntry added February 1, 2021\n\n**Crash Reporter**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A local user may be able to create or modify system files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security\n\nEntry added February 1, 2021\n\n**Crash Reporter**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2021-1787: James Hutchins\n\nEntry added February 1, 2021\n\n**FairPlay**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to disclose kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.\n\nCVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend Micro\n\nEntry added February 1, 2021\n\n**FontParser**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2021-1758: Peter Nguyen of STAR Labs\n\nEntry added February 1, 2021\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2021-1766: Danny Rosseau of Carve Systems\n\nEntry added February 1, 2021\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2021-1785: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added February 1, 2021\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added February 1, 2021\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2021-1818: Xingwei Lin from Ant-financial Light-Year Security Lab\n\nEntry added February 1, 2021\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2021-1746: Xingwei Lin of Ant Security Light-Year Lab, and Mickey Jin & Qi Sun of Trend Micro\n\nCVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added February 1, 2021\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added February 1, 2021\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab\n\nCVE-2021-1743: Xingwei Lin of Ant Security Light-Year Lab, and Mickey Jin & Junzhi Lu of Trend Micro\n\nEntry added February 1, 2021\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: An out-of-bounds read issue existed in the curl. This issue was addressed with improved bounds checking.\n\nCVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added February 1, 2021\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An access issue was addressed with improved memory management.\n\nCVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added February 1, 2021\n\n**IOSkywalkFamily**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2021-1757: Proteas and Pan ZhenPeng (@Peterpan0927) of Alibaba Security\n\nEntry added February 1, 2021\n\n**iTunes Store**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted URL may lead to arbitrary javascript code execution\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2021-1748: CodeColorist of Ant-Financial Light-Year Labs\n\nEntry added February 1, 2021\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2021-1764: Maxime Villard (m00nbsd)\n\nEntry added February 1, 2021\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2021-1750: @0xalsr\n\nEntry added February 1, 2021\n\n**Kernel**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: A race condition was addressed with improved locking.\n\nCVE-2021-1782: an anonymous researcher\n\n**Swift**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs\n\nEntry added February 1, 2021\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2021-1788: Francisco Alonso (@revskills)\n\nEntry added February 1, 2021\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2021-1789: @S0rryMybad of 360 Vulcan Team\n\nEntry added February 1, 2021\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Maliciously crafted web content may violate iframe sandboxing policy\n\nDescription: This issue was addressed with improved iframe sandbox enforcement.\n\nCVE-2021-1801: Eliya Stein of Confiant\n\nEntry added February 1, 2021\n\n**WebRTC**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious website may be able to access restricted ports on arbitrary servers\n\nDescription: A port redirection issue was addressed with additional port validation.\n\nCVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and Samy Kamkar\n\nEntry added February 1, 2021\n\n\n\n## Additional recognition\n\n**iTunes Store**\n\nWe would like to acknowledge CodeColorist of Ant-Financial Light-Year Labs for their assistance.\n\nEntry added February 1, 2021\n\n**Kernel**\n\nWe would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse Change of Trend Micro for their assistance.\n\nEntry added February 1, 2021\n\n**libpthread**\n\nWe would like to acknowledge CodeColorist of Ant-Financial Light-Year Labs for their assistance.\n\nEntry added February 1, 2021\n\n**Store Demo**\n\nWe would like to acknowledge @08Tc3wBB for their assistance.\n\nEntry added February 1, 2021\n", "edition": 2, "modified": "2021-02-01T06:39:19", "published": "2021-02-01T06:39:19", "id": "APPLE:HT212149", "href": "https://support.apple.com/kb/HT212149", "title": "About the security content of tvOS 14.4 - Apple Support", "type": "apple", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-02-02T04:43:06", "bulletinFamily": "software", "cvelist": ["CVE-2021-1818", "CVE-2021-1772", "CVE-2021-1778", "CVE-2021-1743", "CVE-2021-1769", "CVE-2021-1761", "CVE-2021-1792", "CVE-2021-1757", "CVE-2021-1744", "CVE-2021-1786", "CVE-2021-1791", "CVE-2021-1748", "CVE-2021-1773", "CVE-2021-1758", "CVE-2021-1787", "CVE-2021-1760", "CVE-2021-1746", "CVE-2021-1785", "CVE-2021-1741", "CVE-2021-1747", "CVE-2021-1801", "CVE-2021-1799", "CVE-2021-1788", "CVE-2021-1782", "CVE-2021-1766", "CVE-2021-1783", "CVE-2021-1797", "CVE-2021-1793", "CVE-2021-1776", "CVE-2021-1789", "CVE-2021-1764", "CVE-2021-1750"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## watchOS 7.3\n\nReleased January 26, 2021\n\n**Analytics**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2021-1761: Cees Elzinga\n\nEntry added February 1, 2021\n\n**APFS**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A local user may be able to read arbitrary files\n\nDescription: The issue was addressed with improved permissions logic.\n\nCVE-2021-1797: Thomas Tempelmann\n\nEntry added February 1, 2021\n\n**CoreAnimation**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application could execute arbitrary code leading to compromise of user information\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2021-1760: @S0rryMybad of 360 Vulcan Team\n\nEntry added February 1, 2021\n\n**CoreAudio**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab\n\nEntry added February 1, 2021\n\n**CoreGraphics**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2021-1776: Ivan Fratric of Google Project Zero\n\nEntry added February 1, 2021\n\n**CoreText**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A stack overflow was addressed with improved input validation.\n\nCVE-2021-1772: Mickey Jin of Trend Micro\n\nEntry added February 1, 2021\n\n**CoreText**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro\n\nEntry added February 1, 2021\n\n**Crash Reporter**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A local user may be able to create or modify system files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security\n\nEntry added February 1, 2021\n\n**Crash Reporter**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2021-1787: James Hutchins\n\nEntry added February 1, 2021\n\n**FairPlay**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to disclose kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.\n\nCVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend Micro\n\nEntry added February 1, 2021\n\n**FontParser**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2021-1758: Peter Nguyen of STAR Labs\n\nEntry added February 1, 2021\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added February 1, 2021\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2021-1766: Danny Rosseau of Carve Systems\n\nEntry added February 1, 2021\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2021-1785: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added February 1, 2021\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added February 1, 2021\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2021-1818: Xingwei Lin from Ant-Financial Light-Year Security Lab\n\nEntry added February 1, 2021\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2021-1746: Xingwei Lin of Ant Security Light-Year Lab, and Mickey Jin & Qi Sun of Trend Micro\n\nCVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added February 1, 2021\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab\n\nCVE-2021-1743: Xingwei Lin of Ant Security Light-Year Lab, and Mickey Jin & Junzhi Lu of Trend Micro\n\nEntry added February 1, 2021\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: An out-of-bounds read issue existed in the curl. This issue was addressed with improved bounds checking.\n\nCVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added February 1, 2021\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An access issue was addressed with improved memory management.\n\nCVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added February 1, 2021\n\n**IOSkywalkFamily**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2021-1757: Proteas and Pan ZhenPeng (@Peterpan0927) of Alibaba Security\n\nEntry added February 1, 2021\n\n**iTunes Store**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted URL may lead to arbitrary javascript code execution\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2021-1748: CodeColorist of Ant-Financial Light-Year Labs\n\nEntry added February 1, 2021\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2021-1764: Maxime Villard (m00nbsd)\n\nEntry added February 1, 2021\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2021-1750: @0xalsr\n\nEntry added February 1, 2021\n\n**Kernel**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: A race condition was addressed with improved locking.\n\nCVE-2021-1782: an anonymous researcher\n\n**Swift**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs\n\nEntry added February 1, 2021\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2021-1788: Francisco Alonso (@revskills)\n\nEntry added February 1, 2021\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2021-1789: @S0rryMybad of 360 Vulcan Team\n\nEntry added February 1, 2021\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Maliciously crafted web content may violate iframe sandboxing policy\n\nDescription: This issue was addressed with improved iframe sandbox enforcement.\n\nCVE-2021-1801: Eliya Stein of Confiant\n\nEntry added February 1, 2021\n\n**WebRTC**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious website may be able to access restricted ports on arbitrary servers\n\nDescription: A port redirection issue was addressed with additional port validation.\n\nCVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and Samy Kamkar\n\nEntry added February 1, 2021\n\n\n\n## Additional recognition\n\n**iTunes Store**\n\nWe would like to acknowledge CodeColorist of Ant-Financial Light-Year Labs for their assistance.\n\nEntry added February 1, 2021\n\n**Kernel**\n\nWe would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse Change of Trend Micro for their assistance.\n\nEntry added February 1, 2021\n\n**libpthread**\n\nWe would like to acknowledge CodeColorist of Ant-Financial Light-Year Labs for their assistance.\n\nEntry added February 1, 2021\n\n**Store Demo**\n\nWe would like to acknowledge @08Tc3wBB for their assistance.\n\nEntry added February 1, 2021\n", "edition": 2, "modified": "2021-02-01T06:39:19", "published": "2021-02-01T06:39:19", "id": "APPLE:HT212148", "href": "https://support.apple.com/kb/HT212148", "title": "About the security content of watchOS 7.3 - Apple Support", "type": "apple", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-02-02T04:42:46", "bulletinFamily": "software", "cvelist": ["CVE-2021-1753", "CVE-2021-1818", "CVE-2021-1871", "CVE-2021-1772", "CVE-2021-1763", "CVE-2021-1778", "CVE-2021-1743", "CVE-2021-1769", "CVE-2021-1761", "CVE-2021-1762", "CVE-2021-1780", "CVE-2021-1792", "CVE-2021-1794", "CVE-2021-1757", "CVE-2021-1795", "CVE-2021-1744", "CVE-2021-1786", "CVE-2021-1791", "CVE-2021-1748", "CVE-2021-1773", "CVE-2021-1767", "CVE-2021-1758", "CVE-2021-1787", "CVE-2021-1760", "CVE-2021-1768", "CVE-2021-1870", "CVE-2021-1746", "CVE-2021-1745", "CVE-2021-1785", "CVE-2021-1759", "CVE-2021-1756", "CVE-2021-1741", "CVE-2021-1747", "CVE-2021-1801", "CVE-2021-1781", "CVE-2021-1799", "CVE-2021-1788", "CVE-2021-1782", "CVE-2021-1766", "CVE-2021-1783", "CVE-2021-1797", "CVE-2021-1793", "CVE-2021-1776", "CVE-2021-1789", "CVE-2021-1796", "CVE-2021-1764", "CVE-2021-1750"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iOS 14.4 and iPadOS 14.4\n\nReleased January 26, 2021\n\n**Analytics**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2021-1761: Cees Elzinga\n\nEntry added February 1, 2021\n\n**APFS**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A local user may be able to read arbitrary files\n\nDescription: The issue was addressed with improved permissions logic.\n\nCVE-2021-1797: Thomas Tempelmann\n\nEntry added February 1, 2021\n\n**Bluetooth**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2021-1794: Jianjun Dai of 360 Alpha Lab\n\nEntry added February 1, 2021\n\n**Bluetooth**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2021-1795: Jianjun Dai of 360 Alpha Lab\n\nCVE-2021-1796: Jianjun Dai of 360 Alpha Lab\n\nEntry added February 1, 2021\n\n**Bluetooth**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker in a privileged position may be able to perform a denial of service attack\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2021-1780: Jianjun Dai of 360 Alpha Lab\n\nEntry added February 1, 2021\n\n**CoreAnimation**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application could execute arbitrary code leading to compromise of user information\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2021-1760: @S0rryMybad of 360 Vulcan Team\n\nEntry added February 1, 2021\n\n**CoreAudio**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab\n\nEntry added February 1, 2021\n\n**CoreGraphics**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2021-1776: Ivan Fratric of Google Project Zero\n\nEntry added February 1, 2021\n\n**CoreMedia**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT\n\nEntry added February 1, 2021\n\n**CoreText**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A stack overflow was addressed with improved input validation.\n\nCVE-2021-1772: Mickey Jin of Trend Micro\n\nEntry added February 1, 2021\n\n**CoreText**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro\n\nEntry added February 1, 2021\n\n**Crash Reporter**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A local user may be able to create or modify system files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security\n\nEntry added February 1, 2021\n\n**Crash Reporter**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2021-1787: James Hutchins\n\nEntry added February 1, 2021\n\n**FairPlay**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to disclose kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.\n\nCVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend Micro\n\nEntry added February 1, 2021\n\n**FontParser**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2021-1758: Peter Nguyen of STAR Labs\n\nEntry added February 1, 2021\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added February 1, 2021\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2021-1766: Danny Rosseau of Carve Systems\n\nEntry added February 1, 2021\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2021-1785: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added February 1, 2021\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added February 1, 2021\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2021-1818: Xingwei Lin from Ant-Financial Light-Year Security Lab\n\nEntry added February 1, 2021\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2021-1746: Xingwei Lin of Ant Security Light-Year Lab, and Mickey Jin & Qi Sun of Trend Micro\n\nCVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added February 1, 2021\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab\n\nCVE-2021-1743: Xingwei Lin of Ant Security Light-Year Lab, and Mickey Jin & Junzhi Lu of Trend Micro\n\nEntry added February 1, 2021\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: An out-of-bounds read issue existed in the curl. This issue was addressed with improved bounds checking.\n\nCVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added February 1, 2021\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An access issue was addressed with improved memory management.\n\nCVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added February 1, 2021\n\n**IOSkywalkFamily**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2021-1757: Proteas and Pan ZhenPeng (@Peterpan0927) of Alibaba Security\n\nEntry added February 1, 2021\n\n**iTunes Store**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted URL may lead to arbitrary javascript code execution\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2021-1748: CodeColorist of Ant-Financial Light-Year Labs\n\nEntry added February 1, 2021\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2021-1764: Maxime Villard (@m00nbsd)\n\nEntry added February 1, 2021\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2021-1750: @0xalsr\n\nEntry added February 1, 2021\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: A race condition was addressed with improved locking.\n\nCVE-2021-1782: an anonymous researcher\n\n**Messages**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management.\n\nCVE-2021-1781: Csaba Fitzl (@theevilbit) of Offensive Security\n\nEntry added February 1, 2021\n\n**Model I/O**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2021-1763: Mickey Jin of Trend Micro\n\nEntry added February 1, 2021\n\n**Model I/O**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2021-1768: Mickey Jin & Junzhi Lu of Trend Micro\n\nEntry added February 1, 2021\n\n**Model I/O**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2021-1745: Mickey Jin & Junzhi Lu of Trend Micro\n\nEntry added February 1, 2021\n\n**Model I/O**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2021-1762: Mickey Jin of Trend Micro\n\nEntry added February 1, 2021\n\n**Model I/O**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to heap corruption\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2021-1767: Mickey Jin & Junzhi Lu of Trend Micro\n\nEntry added February 1, 2021\n\n**Model I/O**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2021-1753: Mickey Jin of Trend Micro\n\nEntry added February 1, 2021\n\n**Phone Keypad**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: An attacker with physical access to a device may be able to see private contact information\n\nDescription: A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management.\n\nCVE-2021-1756: Ryan Pickren (ryanpickren.com)\n\nEntry added February 1, 2021\n\n**Swift**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs\n\nEntry added February 1, 2021\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2021-1788: Francisco Alonso (@revskills)\n\nEntry added February 1, 2021\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2021-1789: @S0rryMybad of 360 Vulcan Team\n\nEntry added February 1, 2021\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: Maliciously crafted web content may violate iframe sandboxing policy\n\nDescription: This issue was addressed with improved iframe sandbox enforcement.\n\nCVE-2021-1801: Eliya Stein of Confiant\n\nEntry added February 1, 2021\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2021-1871: an anonymous researcher\n\nCVE-2021-1870: an anonymous researcher\n\n**WebRTC**\n\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)\n\nImpact: A malicious website may be able to access restricted ports on arbitrary servers\n\nDescription: A port redirection issue was addressed with additional port validation.\n\nCVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and Samy Kamkar\n\nEntry added February 1, 2021\n\n\n\n## Additional recognition\n\n**iTunes Store**\n\nWe would like to acknowledge CodeColorist of Ant-Financial Light-Year Labs for their assistance.\n\nEntry added February 1, 2021\n\n**Kernel**\n\nWe would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse Change of Trend Micro for their assistance.\n\nEntry added February 1, 2021\n\n**libpthread**\n\nWe would like to acknowledge CodeColorist of Ant-Financial Light-Year Labs for their assistance.\n\nEntry added February 1, 2021\n\n**Mail**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) and an anonymous researcher for their assistance.\n\nEntry added February 1, 2021\n\n**Store Demo**\n\nWe would like to acknowledge @08Tc3wBB for their assistance.\n\nEntry added February 1, 2021\n\n**WebRTC**\n\nWe would like to acknowledge Philipp Hancke for their assistance.\n\nEntry added February 1, 2021\n\n**Wi-Fi**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\nEntry added February 1, 2021\n", "edition": 2, "modified": "2021-02-01T06:39:19", "published": "2021-02-01T06:39:19", "id": "APPLE:HT212146", "href": "https://support.apple.com/kb/HT212146", "title": "About the security content of iOS 14.4 and iPadOS 14.4 - Apple Support", "type": "apple", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-02-02T04:42:33", "bulletinFamily": "software", "cvelist": ["CVE-2021-1799", "CVE-2021-1788", "CVE-2021-1789"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## Safari 14.0.3\n\nReleased February 1, 2021\n\n**WebKit**\n\nAvailable for: macOS Catalina and macOS Mojave\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2021-1788: Francisco Alonso (@revskills)\n\n**WebKit**\n\nAvailable for: macOS Catalina and macOS Mojave\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2021-1789: @S0rryMybad of 360 Vulcan Team\n\n**WebRTC**\n\nAvailable for: macOS Catalina and macOS Mojave\n\nImpact: A malicious website may be able to access restricted ports on arbitrary servers\n\nDescription: A port redirection issue was addressed with additional port validation.\n\nCVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and Samy Kamkar\n", "edition": 1, "modified": "2021-02-02T01:16:45", "published": "2021-02-02T01:16:45", "id": "APPLE:HT212152", "href": "https://support.apple.com/kb/HT212152", "title": "About the security content of Safari 14.0.3 - Apple Support", "type": "apple", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-12-24T20:42:26", "bulletinFamily": "software", "cvelist": ["CVE-2020-9991", "CVE-2020-9952", "CVE-2020-15358"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iCloud for Windows 7.21\n\nReleased September 24, 2020\n\n**SQLite**\n\nAvailable for: Windows 7 and later\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9991\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: Windows 7 and later\n\nImpact: Multiple issues in SQLite\n\nDescription: Multiple issues were addressed by updating SQLite to version 3.32.3.\n\nCVE-2020-15358\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: Windows 7 and later\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2020-9952: Ryan Pickren (ryanpickren.com)\n", "edition": 6, "modified": "2020-11-12T10:19:34", "published": "2020-11-12T10:19:34", "id": "APPLE:HT211847", "href": "https://support.apple.com/kb/HT211847", "title": "About the security content of iCloud for Windows 7.21 - Apple Support", "type": "apple", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-02-02T04:45:01", "bulletinFamily": "software", "cvelist": ["CVE-2020-27926", "CVE-2020-27943", "CVE-2020-29612", "CVE-2020-27931", "CVE-2020-9974", "CVE-2020-27898", "CVE-2020-29620", "CVE-2020-15969", "CVE-2020-29617", "CVE-2020-27923", "CVE-2020-29614", "CVE-2020-27944", "CVE-2020-9967", "CVE-2020-13520", "CVE-2020-29616", "CVE-2020-27949", "CVE-2020-10004", "CVE-2020-27896", "CVE-2020-27903", "CVE-2020-27912", "CVE-2020-29615", "CVE-2020-27941", "CVE-2020-27897", "CVE-2020-27901", "CVE-2020-10010", "CVE-2020-10009", "CVE-2020-27919", "CVE-2020-29633", "CVE-2020-10007", "CVE-2020-10015", "CVE-2020-10001", "CVE-2020-29619", "CVE-2020-10012", "CVE-2020-27906", "CVE-2020-9962", "CVE-2020-9943", "CVE-2020-27924", "CVE-2020-9978", "CVE-2020-27939", "CVE-2020-27907", "CVE-2020-27936", "CVE-2020-27915", "CVE-2020-10002", "CVE-2020-27938", "CVE-2020-9956", "CVE-2020-29611", "CVE-2020-27908", "CVE-2020-27921", "CVE-2020-29623", "CVE-2020-9960", "CVE-2020-10016", "CVE-2020-29621", "CVE-2020-29608", "CVE-2020-9944", "CVE-2020-29625", "CVE-2020-27952", "CVE-2020-27947", "CVE-2020-27920", "CVE-2020-27911", "CVE-2020-13524", "CVE-2020-9972", "CVE-2020-10014", "CVE-2020-27910", "CVE-2020-9975", "CVE-2020-10017", "CVE-2020-27914", "CVE-2020-29624", "CVE-2020-27946", "CVE-2020-29618", "CVE-2020-27916", "CVE-2020-27948", "CVE-2020-27922"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave\n\nReleased December 14, 2020\n\n**AMD**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27914: Yu Wang of Didi Research America\n\nCVE-2020-27915: Yu Wang of Didi Research America\n\n**AMD**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.\n\nCVE-2020-27936: Yu Wang of Didi Research America\n\nEntry added February 1, 2021\n\n**App Store**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: This issue was addressed by removing the vulnerable code.\n\nCVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\n**AppleGraphicsControl**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A validation issue was addressed with improved logic.\n\nCVE-2020-27941: shrek_wzw\n\n**AppleMobileFileIntegrity**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: A malicious application may be able to bypass Privacy preferences\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-29621: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\n**Audio**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab\n\n**Audio**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A malicious application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9943: JunDong Xie of Ant Security Light-Year Lab\n\n**Audio**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9944: JunDong Xie of Ant Security Light-Year Lab\n\n**Audio**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab\n\n**Bluetooth**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A remote attacker may be able to cause unexpected application termination or heap corruption\n\nDescription: Multiple integer overflows were addressed with improved input validation.\n\nCVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab\n\n**CoreAudio**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-27948: JunDong Xie of Ant Security Light-Year Lab\n\n**CoreAudio**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9960: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab\n\nCVE-2020-27908: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab\n\n**CoreAudio**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-10017: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Security Light-Year Lab\n\n**CoreText**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-27922: Mickey Jin of Trend Micro\n\n**CUPS**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A malicious application may be able to read restricted memory\n\nDescription: An input validation issue was addressed with improved memory handling.\n\nCVE-2020-10001: Niky <kittymore83@gmail.com> of China Mobile\n\nEntry added February 1, 2021\n\n**FontParser**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted font may result in the disclosure of process memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-27946: Mateusz Jurczyk of Google Project Zero\n\n**FontParser**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2020-9962: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\n**FontParser**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of Trend Micro\n\n**FontParser**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile Security Research Team working with Trend Micro\u2019s Zero Day Initiative\n\n**FontParser**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation.\n\nCVE-2020-27931: Apple\n\nCVE-2020-27943: Mateusz Jurczyk of Google Project Zero\n\nCVE-2020-27944: Mateusz Jurczyk of Google Project Zero\n\nCVE-2020-29624: Mateusz Jurczyk of Google Project Zero\n\nEntry updated December 22, 2020\n\n**FontParser**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-29608: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added February 1, 2021\n\n**Foundation**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A local user may be able to read arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10002: James Hutchins\n\n**Graphics Drivers**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27947: ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\n**Graphics Drivers**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-29612: ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\n**HomeKit**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An attacker in a privileged network position may be able to unexpectedly alter application state\n\nDescription: This issue was addressed with improved setting propagation.\n\nCVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana University Bloomington, Yan Jia of Xidian University and University of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University of Science and Technology\n\n**ImageIO**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-27939: Xingwei Lin of Ant Security Light-Year Lab\n\nCVE-2020-29625: XingWei Lin of Ant Security Light-Year Lab\n\nEntry added December 22, 2020, updated February 1, 2021\n\n**ImageIO**\n\nAvailable for: macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted image may lead to a denial of service\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-29615: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added February 1, 2021\n\n**ImageIO**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-29616: zhouat working with Trend Micro Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27924: Lei Sun\n\nCVE-2020-29618: XingWei Lin of Ant Security Light-Year Lab\n\n**ImageIO**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-29611: Alexandru-Vlad Niculae working with Google Project Zero\n\nEntry updated December 17, 2020\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted image may lead to heap corruption\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-29617: XingWei Lin of Ant Security Light-Year Lab\n\nCVE-2020-29619: XingWei Lin of Ant Security Light-Year Lab\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab\n\nCVE-2020-27923: Lei Sun\n\n**Image Processing**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei Lin of Ant Security Light-Year Lab\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\nCVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9974: Tommy Muir (@Muirey03)\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-10016: Alex Helie\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: Multiple memory corruption issues were addressed with improved input validation.\n\nCVE-2020-9967: Alex Plaskett (@alexjplaskett)\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9975: Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2020-27921: Linus Henze (pinauten.de)\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: A malicious application may cause unexpected changes in memory belonging to processes traced by DTrace\n\nDescription: This issue was addressed with improved checks to prevent unauthorized actions.\n\nCVE-2020-27949: Steffen Klee (@_kleest) of TU Darmstadt, Secure Mobile Networking Lab\n\n**Kernel**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2020-29620: Csaba Fitzl (@theevilbit) of Offensive Security\n\n**libxml2**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-27911: found by OSS-Fuzz\n\n**libxml2**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27920: found by OSS-Fuzz\n\n**libxml2**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27926: found by OSS-Fuzz\n\n**libxpc**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A parsing issue in the handling of directory paths was addressed with improved path validation.\n\nCVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\n**Logging**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-10010: Tommy Muir (@Muirey03)\n\n**Login Window**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: An attacker in a privileged network position may be able to bypass authentication policy\n\nDescription: An authentication issue was addressed with improved state management.\n\nCVE-2020-29633: Jewel Lambert of Original Spin, LLC.\n\nEntry added February 1, 2021\n\n**Model I/O**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted file may lead to heap corruption\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-29614: ZhiWei Sun(@5n1p3r0010) from Topsec Alpha Lab\n\nEntry added February 1, 2021\n\n**Model I/O**\n\nAvailable for: macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-13520: Aleksandar Nikolic of Cisco Talos\n\nEntry added February 1, 2021\n\n**Model I/O**\n\nAvailable for: macOS Catalina 10.15.7, macOS Big Sur 11.0.1\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9972: Aleksandar Nikolic of Cisco Talos\n\nEntry added February 1, 2021\n\n**Model I/O**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-13524: Aleksandar Nikolic of Cisco Talos\n\n**Model I/O**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10004: Aleksandar Nikolic of Cisco Talos\n\n**NSRemoteView**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-27901: Thijs Alkemade of Computest Research Division\n\n**Power Management**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-27938: Tim Michaud (@TimGMichaud) of Leviathan\n\nEntry added February 1, 2021\n\n**Power Management**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10007: singi@theori working with Trend Micro Zero Day Initiative\n\n**Quick Look**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: Processing a maliciously crafted document may lead to a cross site scripting attack\n\nDescription: An access issue was addressed with improved access restrictions.\n\nCVE-2020-10012: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)\n\n**Ruby**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A remote attacker may be able to modify the file system\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-27896: an anonymous researcher\n\n**System Preferences**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10009: Thijs Alkemade of Computest Research Division\n\n**WebKit Storage**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: A user may be unable to fully delete browsing history\n\nDescription: \"Clear History and Website Data\" did not clear the history. The issue was addressed with improved data deletion.\n\nCVE-2020-29623: Simon Hunt of OvalTwo LTD\n\nEntry added February 1, 2021\n\n**WebRTC**\n\nAvailable for: macOS Big Sur 11.0.1\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-15969: an anonymous researcher\n\n**Wi-Fi**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\n\nImpact: An attacker may be able to bypass Managed Frame Protection\n\nDescription: A denial of service issue was addressed with improved state handling.\n\nCVE-2020-27898: Stephan Marais of University of Johannesburg\n", "edition": 5, "modified": "2021-02-01T06:39:19", "published": "2021-02-01T06:39:19", "id": "APPLE:HT212011", "href": "https://support.apple.com/kb/HT212011", "title": "About the security content of macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave - Apple Support", "type": "apple", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-19T04:44:31", "bulletinFamily": "software", "cvelist": ["CVE-2020-27950", "CVE-2020-27931", "CVE-2020-9974", "CVE-2020-27918", "CVE-2020-13434", "CVE-2020-27898", "CVE-2020-27923", "CVE-2020-9996", "CVE-2020-9991", "CVE-2020-9988", "CVE-2020-9967", "CVE-2020-10008", "CVE-2020-9965", "CVE-2020-10004", "CVE-2020-9883", "CVE-2020-27896", "CVE-2020-27935", "CVE-2020-27903", "CVE-2020-27912", "CVE-2020-14155", "CVE-2020-27897", "CVE-2020-27901", "CVE-2020-10010", "CVE-2020-10009", "CVE-2020-9977", "CVE-2020-27909", "CVE-2020-27919", "CVE-2020-9963", "CVE-2020-10007", "CVE-2020-10015", "CVE-2020-9876", "CVE-2020-9969", "CVE-2020-9942", "CVE-2020-10012", "CVE-2020-27906", "CVE-2020-9962", "CVE-2020-9943", "CVE-2020-27927", "CVE-2020-27924", "CVE-2020-9978", "CVE-2020-9999", "CVE-2020-13631", "CVE-2019-20838", "CVE-2020-9955", "CVE-2020-9945", "CVE-2020-27907", "CVE-2020-9989", "CVE-2020-27915", "CVE-2020-9949", "CVE-2020-27900", "CVE-2020-10002", "CVE-2020-10006", "CVE-2020-27904", "CVE-2020-9941", "CVE-2020-9956", "CVE-2020-9849", "CVE-2020-27908", "CVE-2020-27921", "CVE-2019-14899", "CVE-2020-9960", "CVE-2020-10016", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-10003", "CVE-2020-10663", "CVE-2020-9944", "CVE-2020-10011", "CVE-2020-27952", "CVE-2020-27920", "CVE-2020-27911", "CVE-2020-13524", "CVE-2020-10014", "CVE-2020-15358", "CVE-2020-27910", "CVE-2020-27917", "CVE-2020-9975", "CVE-2020-10017", "CVE-2020-27930", "CVE-2020-27914", "CVE-2020-27932", "CVE-2020-27916", "CVE-2020-27899", "CVE-2020-27894", "CVE-2020-9971", "CVE-2020-27922", "CVE-2020-9966"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## macOS Big Sur 11.0.1\n\nReleased November 12, 2020\n\n**AMD**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27914: Yu Wang of Didi Research America\n\nCVE-2020-27915: Yu Wang of Didi Research America\n\nEntry added December 14, 2020\n\n**App Store**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: This issue was addressed by removing the vulnerable code.\n\nCVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\n**Audio**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab\n\n**Audio**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab\n\n**Audio**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab\n\n**Audio**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab\n\n**Bluetooth**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A remote attacker may be able to cause unexpected application termination or heap corruption\n\nDescription: Multiple integer overflows were addressed with improved input validation.\n\nCVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab\n\n**CoreAudio**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27908: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab\n\nCVE-2020-27909: Anonymous working with Trend Micro Zero Day Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year Lab\n\nCVE-2020-9960: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab\n\nEntry added December 14, 2020\n\n**CoreAudio**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-10017: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Security Light-Year Lab\n\n**CoreCapture**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9949: Proteas\n\n**CoreGraphics**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\n**Crash Reporter**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan\n\n**CoreText**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-27922: Mickey Jin of Trend Micro\n\nEntry added December 14, 2020\n\n**CoreText**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9999: Apple\n\nEntry updated December 14, 2020\n\n**Disk Images**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9965: Proteas\n\nCVE-2020-9966: Proteas\n\n**Finder**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Users may be unable to remove metadata indicating where files were downloaded from\n\nDescription: The issue was addressed with additional user controls.\n\nCVE-2020-27894: Manuel Trezza of Shuggr (shuggr.com)\n\n**FontParser**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved size validation.\n\nCVE-2020-9962: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nEntry added December 14, 2020\n\n**FontParser**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of Trend Micro\n\nEntry added December 14, 2020\n\n**FontParser**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile Security Research Team working with Trend Micro\u2019s Zero Day Initiative\n\nEntry added December 14, 2020\n\n**FontParser**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation.\n\nCVE-2020-27931: Apple\n\nEntry added December 14, 2020\n\n**FontParser**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-27930: Google Project Zero\n\n**FontParser**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab\n\n**Foundation**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A local user may be able to read arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10002: James Hutchins\n\n**HomeKit**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An attacker in a privileged network position may be able to unexpectedly alter application state\n\nDescription: This issue was addressed with improved setting propagation.\n\nCVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana University Bloomington, Yan Jia of Xidian University and University of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University of Science and Technology\n\nEntry added December 14, 2020\n\n**ImageIO**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9955: Mickey Jin of Trend Micro, Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added December 14, 2020\n\n**ImageIO**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-27924: Lei Sun\n\nEntry added December 14, 2020\n\n**ImageIO**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab\n\nCVE-2020-27923: Lei Sun\n\nEntry updated December 14, 2020\n\n**ImageIO**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\n**Intel Graphics Driver**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\nCVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc., and Luyi Xing of Indiana University Bloomington\n\nEntry added December 14, 2020\n\n**Intel Graphics Driver**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\nEntry added December 14, 2020\n\n**Image Processing**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write was addressed with improved input validation.\n\nCVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added December 14, 2020\n\n**Kernel**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: Multiple memory corruption issues were addressed with improved input validation.\n\nCVE-2020-9967: Alex Plaskett (@alexjplaskett)\n\nEntry added December 14, 2020\n\n**Kernel**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9975: Tielei Wang of Pangu Lab\n\nEntry added December 14, 2020\n\n**Kernel**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2020-27921: Linus Henze (pinauten.de)\n\nEntry added December 14, 2020\n\n**Kernel**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A logic issue existed resulting in memory corruption. This was addressed with improved state management.\n\nCVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqong Security Lab\n\n**Kernel**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel\n\nDescription: A routing issue was addressed with improved restrictions.\n\nCVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall\n\n**Kernel**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A memory initialization issue was addressed.\n\nCVE-2020-27950: Google Project Zero\n\n**Kernel**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9974: Tommy Muir (@Muirey03)\n\n**Kernel**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-10016: Alex Helie\n\n**Kernel**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.\n\nDescription: A type confusion issue was addressed with improved state handling.\n\nCVE-2020-27932: Google Project Zero\n\n**libxml2**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27917: found by OSS-Fuzz\n\nCVE-2020-27920: found by OSS-Fuzz\n\nEntry updated December 14, 2020\n\n**libxml2**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-27911: found by OSS-Fuzz\n\n**libxpc**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-9971: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nEntry added December 14, 2020\n\n**libxpc**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A parsing issue in the handling of directory paths was addressed with improved path validation.\n\nCVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\n**Logging**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-10010: Tommy Muir (@Muirey03)\n\n**Mail**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A remote attacker may be able to unexpectedly alter application state\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9941: Fabian Ising of FH M\u00fcnster University of Applied Sciences and Damian Poddebniak of FH M\u00fcnster University of Applied Sciences\n\n**Messages**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A local user may be able to discover a user\u2019s deleted messages\n\nDescription: The issue was addressed with improved deletion.\n\nCVE-2020-9988: William Breuer of the Netherlands\n\nCVE-2020-9989: von Brunn Media\n\n**Model I/O**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-10011: Aleksandar Nikolic of Cisco Talos\n\nEntry added December 14, 2020\n\n**Model I/O**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-13524: Aleksandar Nikolic of Cisco Talos\n\n**Model I/O**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10004: Aleksandar Nikolic of Cisco Talos\n\n**NetworkExtension**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and Mickey Jin of Trend Micro\n\n**NSRemoteView**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-27901: Thijs Alkemade of Computest Research Division\n\nEntry added December 14, 2020\n\n**NSRemoteView**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to preview files it does not have access to\n\nDescription: An issue existed in the handling of snapshots. The issue was resolved with improved permissions logic.\n\nCVE-2020-27900: Thijs Alkemade of Computest Research Division\n\n**PCRE**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Multiple issues in pcre\n\nDescription: Multiple issues were addressed by updating to version 8.44.\n\nCVE-2019-20838\n\nCVE-2020-14155\n\n**Power Management**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10007: singi@theori working with Trend Micro Zero Day Initiative\n\n**python**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Cookies belonging to one origin may be sent to another origin\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-27896: an anonymous researcher\n\n**Quick Look**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious app may be able to determine the existence of files on the computer\n\nDescription: The issue was addressed with improved handling of icon caches.\n\nCVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security\n\n**Quick Look**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing a maliciously crafted document may lead to a cross site scripting attack\n\nDescription: An access issue was addressed with improved access restrictions.\n\nCVE-2020-10012: Heige of KnownSec 404 Team (https://www.knownsec.com/) and Bo Qu of Palo Alto Networks (https://www.paloaltonetworks.com/)\n\n**Ruby**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A remote attacker may be able to modify the file system\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-27896: an anonymous researcher\n\n**Ruby**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: When parsing certain JSON documents, the json gem can be coerced into creating arbitrary objects in the target system\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-10663: Jeremy Evans\n\n**Safari**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.\n\nCVE-2020-9945: Narendra Bhati From Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati\n\n**Safari**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to determine a user's open tabs in Safari\n\nDescription: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement.\n\nCVE-2020-9977: Josh Parnham (@joshparnham)\n\n**Safari**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: An inconsistent user interface issue was addressed with improved state management.\n\nCVE-2020-9942: an anonymous researcher, Rahul d Kankrale (servicenger.com), Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter, Ruilin Yang of Tencent Security Xuanwu Lab, YoKo Kho (@YoKoAcc) of PT Telekomunikasi Indonesia (Persero) Tbk, Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab\n\n**Sandbox**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A local user may be able to view senstive user information\n\nDescription: An access issue was addressed with additional sandbox restrictions.\n\nCVE-2020-9969: Wojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\n**SQLite**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9991\n\n**SQLite**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9849\n\n**SQLite**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Multiple issues in SQLite\n\nDescription: Multiple issues were addressed with improved checks.\n\nCVE-2020-15358\n\n**SQLite**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A maliciously crafted SQL query may lead to data corruption\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13631\n\n**SQLite**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13434\n\nCVE-2020-13435\n\nCVE-2020-9991\n\n**SQLite**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-13630\n\n**Symptom Framework**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27899: 08Tc3wBB working with ZecOps\n\nEntry added December 14, 2020\n\n**System Preferences**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10009: Thijs Alkemade of Computest Research Division\n\n**TCC**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application with root privileges may be able to access private information\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-10008: Wojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nEntry added December 14, 2020\n\n**WebKit**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-27918: Liu Long of Ant Security Light-Year Lab\n\nEntry updated December 14, 2020\n\n**Wi-Fi**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: An attacker may be able to bypass Managed Frame Protection\n\nDescription: A denial of service issue was addressed with improved state handling.\n\nCVE-2020-27898: Stephan Marais of University of Johannesburg\n\n**XNU**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: Multiple issues were addressed with improved logic.\n\nCVE-2020-27935: Lior Halphon (@LIJI32)\n\nEntry added December 17, 2020\n\n**Xsan**\n\nAvailable for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)\n\nImpact: A malicious application may be able to access restricted files\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2020-10006: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\n\n\n## Additional recognition\n\n**802.1X**\n\nWe would like to acknowledge Kenana Dalle of Hamad bin Khalifa University and Ryan Riley of Carnegie Mellon University in Qatar for their assistance.\n\nEntry added December 14, 2020\n\n**Audio**\n\nWe would like to acknowledge JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab, an anonymous researcher for their assistance.\n\n**Bluetooth**\n\nWe would like to acknowledge Andy Davis of NCC Group, Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their assistance.\n\nEntry updated December 14, 2020\n\n**Clang**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n\n**Core Location**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for their assistance.\n\n**Crash Reporter**\n\nWe would like to acknowledge Artur Byszko of AFINE for their assistance.\n\nEntry added December 14, 2020\n\n**Directory Utility**\n\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing for their assistance.\n\n**iAP**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero, Stephen R\u00f6ttger of Google for their assistance.\n\n**libxml2**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\nEntry added December 14, 2020\n\n**Login Window**\n\nWe would like to acknowledge Rob Morton of Leidos for their assistance.\n\n**Photos Storage**\n\nWe would like to acknowledge Paulos Yibelo of LimeHats for their assistance.\n\n**Quick Look**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) and Wojciech Regu\u0142a of SecuRing (wojciechregula.blog) for their assistance.\n\n**Safari**\n\nWe would like to acknowledge Gabriel Corona and Narendra Bhati From Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati for their assistance.\n\n**Security**\n\nWe would like to acknowledge Christian Starkjohann of Objective Development Software GmbH for their assistance.\n\n**System Preferences**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.\n", "edition": 6, "modified": "2021-02-18T06:14:03", "published": "2021-02-18T06:14:03", "id": "APPLE:HT211931", "href": "https://support.apple.com/kb/HT211931", "title": "About the security content of macOS Big Sur 11.0.1 - Apple Support", "type": "apple", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:41:58", "bulletinFamily": "software", "cvelist": ["CVE-2020-9954", "CVE-2020-13434", "CVE-2020-9991", "CVE-2020-9951", "CVE-2020-9968", "CVE-2020-10013", "CVE-2020-9965", "CVE-2020-9981", "CVE-2020-9952", "CVE-2020-9950", "CVE-2020-9983", "CVE-2020-9976", "CVE-2020-9961", "CVE-2020-9876", "CVE-2020-9969", "CVE-2020-9943", "CVE-2020-9979", "CVE-2020-9999", "CVE-2020-13631", "CVE-2020-9955", "CVE-2020-9949", "CVE-2020-9849", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-9947", "CVE-2020-9944", "CVE-2020-15358", "CVE-2020-9971", "CVE-2020-9966"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## tvOS 14.0\n\nReleased September 16, 2020\n\n**Assets**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An attacker may be able to misuse a trust relationship to download malicious content\n\nDescription: A trust issue was addressed by removing a legacy API.\n\nCVE-2020-9979: CodeColorist of LightYear Security Lab of AntGroup\n\nEntry updated November 12, 2020\n\n**Audio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab\n\nEntry added November 12, 2020\n\n**Audio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab\n\nEntry added November 12, 2020\n\n**CoreAudio**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Playing a malicious audio file may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9954: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Group Light-Year Security Lab\n\nEntry added November 12, 2020\n\n**CoreCapture**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9949: Proteas\n\nEntry added November 12, 2020\n\n**CoreText**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9999: Apple\n\nEntry added December 15, 2020\n\n**Disk Images**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9965: Proteas\n\nCVE-2020-9966: Proteas\n\nEntry added November 12, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added November 12, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9955: Mickey Jin of Trend Micro, Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added December 15, 2020\n\n**ImageIO**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\nEntry added November 12, 2020\n\n**Keyboard**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany\n\n**libxml2**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9981: found by OSS-Fuzz\n\nEntry added November 12, 2020\n\n**libxpc**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-9971: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nEntry added December 15, 2020\n\n**Sandbox**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A local user may be able to view senstive user information\n\nDescription: An access issue was addressed with additional sandbox restrictions.\n\nCVE-2020-9969: Wojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nEntry added November 12, 2020\n\n**Sandbox**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A malicious application may be able to access restricted files\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9968: Adam Chester (@_xpn_) of TrustedSec\n\nEntry updated September 17, 2020\n\n**SQLite**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13434\n\nCVE-2020-13435\n\nCVE-2020-9991\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Multiple issues in SQLite\n\nDescription: Multiple issues were addressed by updating SQLite to version 3.32.3.\n\nCVE-2020-15358\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A maliciously crafted SQL query may lead to data corruption\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13631\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9849\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-13630\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9947: cc working with Trend Micro Zero Day Initiative\n\nCVE-2020-9950: cc working with Trend Micro Zero Day Initiative\n\nCVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9983: zhunki\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2020-9952: Ryan Pickren (ryanpickren.com)\n\n**Wi-Fi**\n\nAvailable for: Apple TV 4K and Apple TV HD\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10013: Yu Wang of Didi Research America\n\nEntry added November 12, 2020\n\n\n\n## Additional recognition\n\n**802.1X**\n\nWe would like to acknowledge Kenana Dalle of Hamad bin Khalifa University and Ryan Riley of Carnegie Mellon University in Qatar for their assistance.\n\nEntry added December 15, 2020\n\n**Audio**\n\nWe would like to acknowledge JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab for their assistance.\n\nEntry added November 12, 2020\n\n**Bluetooth**\n\nWe would like to acknowledge Andy Davis of NCC Group and Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their assistance.\n\n**Clang**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n\nEntry added November 12, 2020\n\n**Core Location**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for their assistance.\n\n**Crash Reporter**\n\nWe would like to acknowledge Artur Byszko of AFINE for their assistance.\n\nEntry added December 15, 2020\n\n**iAP**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero, Stephen R\u00f6ttger of Google for their assistance.\n\nEntry updated November 12, 2020\n\n**Location Framework**\n\nWe would like to acknowledge Nicolas Brunner (linkedin.com/in/nicolas-brunner-651bb4128) for their assistance.\n\nEntry updated October 19, 2020\n\n**Safari**\n\nWe would like to acknowledge Ryan Pickren (ryanpickren.com) for their assistance.\n\nEntry added November 12, 2020\n\n**WebKit**\n\nWe would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan Pickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance.\n\nEntry added November 12, 2020\n", "edition": 8, "modified": "2020-12-15T05:52:05", "published": "2020-12-15T05:52:05", "id": "APPLE:HT211843", "href": "https://support.apple.com/kb/HT211843", "title": "About the security content of tvOS 14.0 - Apple Support", "type": "apple", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:44:55", "bulletinFamily": "software", "cvelist": ["CVE-2020-9954", "CVE-2020-13434", "CVE-2020-9991", "CVE-2020-9951", "CVE-2020-9968", "CVE-2020-9965", "CVE-2020-9981", "CVE-2020-9952", "CVE-2020-9950", "CVE-2020-9983", "CVE-2020-9946", "CVE-2020-9976", "CVE-2020-9961", "CVE-2020-9876", "CVE-2020-9969", "CVE-2020-9943", "CVE-2020-9999", "CVE-2020-13631", "CVE-2020-9955", "CVE-2020-9989", "CVE-2020-9949", "CVE-2020-9941", "CVE-2020-9849", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-9947", "CVE-2020-9944", "CVE-2020-15358", "CVE-2020-9971", "CVE-2020-9993", "CVE-2020-9966"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## watchOS 7.0\n\nReleased September 16, 2020\n\n**Audio**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab\n\nEntry added November 12, 2020\n\n**Audio**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab\n\nEntry added November 12, 2020\n\n**CoreAudio**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Playing a malicious audio file may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9954: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Group Light-Year Security Lab\n\nEntry added November 12, 2020\n\n**CoreCapture**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9949: Proteas\n\nEntry added November 12, 2020\n\n**CoreText**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9999: Apple\n\nEntry added December 15, 2020\n\n**Disk Images**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9965: Proteas\n\nCVE-2020-9966: Proteas\n\nEntry added November 12, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added November 12, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\nEntry added November 12, 2020\n\n**ImageIO**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9955: Mickey Jin of Trend Micro, Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added December 15, 2020\n\n**Keyboard**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany\n\n**libxml2**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9981: found by OSS-Fuzz\n\nEntry added November 12, 2020\n\n**libxpc**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-9971: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nEntry added December 15, 2020\n\n**Mail**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote attacker may be able to unexpectedly alter application state\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9941: Fabian Ising of FH M\u00fcnster University of Applied Sciences and Damian Poddebniak of FH M\u00fcnster University of Applied Sciences\n\nEntry added November 12, 2020\n\n**Messages**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A local user may be able to discover a user\u2019s deleted messages\n\nDescription: The issue was addressed with improved deletion.\n\nCVE-2020-9989: von Brunn Media\n\nEntry added November 12, 2020\n\n**Phone**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: The screen lock may not engage after the specified time period\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9946: Daniel Larsson of iolight AB\n\n**Safari**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: The issue was addressed with improved UI handling.\n\nCVE-2020-9993: Masato Sugiyama (@smasato) of University of Tsukuba, Piotr Duszynski\n\nEntry added November 12, 2020\n\n**Sandbox**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A local user may be able to view senstive user information\n\nDescription: An access issue was addressed with additional sandbox restrictions.\n\nCVE-2020-9969: Wojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nEntry added November 12, 2020\n\n**Sandbox**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A malicious application may be able to access restricted files\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9968: Adam Chester (@_xpn_) of TrustedSec\n\nEntry updated September 17, 2020\n\n**SQLite**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13434\n\nCVE-2020-13435\n\nCVE-2020-9991\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Multiple issues in SQLite\n\nDescription: Multiple issues were addressed by updating SQLite to version 3.32.3.\n\nCVE-2020-15358\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9849\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A maliciously crafted SQL query may lead to data corruption\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13631\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-13630\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9947: cc working with Trend Micro Zero Day Initiative\n\nCVE-2020-9950: cc working with Trend Micro Zero Day Initiative\n\nCVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9983: zhunki\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: Apple Watch Series 3 and later\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2020-9952: Ryan Pickren (ryanpickren.com)\n\n\n\n## Additional recognition\n\n**Audio**\n\nWe would like to acknowledge JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab for their assistance.\n\nEntry added November 12, 2020\n\n**Bluetooth**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\n**Clang**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n\nEntry added November 12, 2020\n\n**Core Location**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for their assistance.\n\n**Crash Reporter**\n\nWe would like to acknowledge Artur Byszko of AFINE for their assistance.\n\nEntry added December 15, 2020\n\n**iAP**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\nEntry added November 12, 2020\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero, Stephen R\u00f6ttger of Google for their assistance.\n\nEntry updated November 12, 2020\n\n**Location Framework**\n\nWe would like to acknowledge Nicolas Brunner (linkedin.com/in/nicolas-brunner-651bb4128) for their assistance.\n\nEntry updated October 19, 2020\n\n**Mail Drafts**\n\nWe would like to acknowledge Jon Bottarini of HackerOne for their assistance.\n\nEntry added November 12, 2020\n\n**Safari**\n\nWe would like to acknowledge Andreas Gutmann (@KryptoAndI) of OneSpan's Innovation Centre (onespan.com) and University College London, Steven J. Murdoch (@SJMurdoch) of OneSpan's Innovation Centre (onespan.com) and University College London, Jack Cable of Lightning Security, Ryan Pickren (ryanpickren.com), Yair Amit for their assistance.\n\nEntry added October 19, 2020, updated November 12, 2020\n\n**WebKit**\n\nWe would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan Pickren (ryanpickren.com) for their assistance.\n\nEntry added November 12, 2020\n", "edition": 9, "modified": "2020-12-15T05:33:40", "published": "2020-12-15T05:33:40", "id": "APPLE:HT211844", "href": "https://support.apple.com/kb/HT211844", "title": "About the security content of watchOS 7.0 - Apple Support", "type": "apple", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-24T20:42:51", "bulletinFamily": "software", "cvelist": ["CVE-2020-9773", "CVE-2020-9954", "CVE-2020-13434", "CVE-2020-9996", "CVE-2020-9991", "CVE-2020-9951", "CVE-2020-9988", "CVE-2020-9968", "CVE-2020-13520", "CVE-2020-10013", "CVE-2020-9965", "CVE-2020-9981", "CVE-2020-9952", "CVE-2020-9950", "CVE-2020-9977", "CVE-2020-9963", "CVE-2020-9983", "CVE-2020-9946", "CVE-2020-9976", "CVE-2020-9961", "CVE-2020-9876", "CVE-2020-6147", "CVE-2020-9958", "CVE-2020-9969", "CVE-2020-9943", "CVE-2020-9979", "CVE-2020-9973", "CVE-2020-9999", "CVE-2020-13631", "CVE-2020-9955", "CVE-2020-9964", "CVE-2020-9989", "CVE-2020-9949", "CVE-2020-9941", "CVE-2020-9849", "CVE-2019-14899", "CVE-2020-13435", "CVE-2020-9992", "CVE-2020-13630", "CVE-2020-9959", "CVE-2020-9947", "CVE-2020-9944", "CVE-2020-9972", "CVE-2020-15358", "CVE-2020-9971", "CVE-2020-9993", "CVE-2020-9966"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## iOS 14.0 and iPadOS 14.0\n\nReleased September 16, 2020\n\n**AppleAVD**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: An application may be able to cause unexpected system termination or write kernel memory\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9958: Mohamed Ghannam (@_simo36)\n\n**Assets**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: An attacker may be able to misuse a trust relationship to download malicious content\n\nDescription: A trust issue was addressed by removing a legacy API.\n\nCVE-2020-9979: CodeColorist of LightYear Security Lab of AntGroup\n\nEntry updated November 12, 2020\n\n**Audio**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A malicious application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab\n\nEntry added November 12, 2020\n\n**Audio**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: An application may be able to read restricted memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab\n\nEntry added November 12, 2020\n\n**CoreAudio**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Playing a malicious audio file may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9954: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Group Light-Year Security Lab\n\nEntry added November 12, 2020\n\n**CoreCapture**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9949: Proteas\n\nEntry added November 12, 2020\n\n**CoreText**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted text file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9999: Apple\n\nEntry added December 15, 2020\n\n**Disk Images**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9965: Proteas\n\nCVE-2020-9966: Proteas\n\nEntry added November 12, 2020\n\n**Icons**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A malicious application may be able to identify what other applications a user has installed\n\nDescription: The issue was addressed with improved handling of icon caches.\n\nCVE-2020-9773: Chilik Tamir of Zimperium zLabs\n\n**IDE Device Support**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network\n\nDescription: This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7.\n\nCVE-2020-9992: Dany Lisiansky (@DanyL931), Nikias Bassen of Zimperium zLabs\n\nEntry updated September 17, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9955: Mickey Jin of Trend Micro, Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added December 15, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added November 12, 2020\n\n**ImageIO**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\nEntry added November 12, 2020\n\n**IOSurfaceAccelerator**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A local user may be able to read kernel memory\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2020-9964: Mohamed Ghannam (@_simo36), Tommy Muir (@Muirey03)\n\n**Kernel**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel\n\nDescription: A routing issue was addressed with improved restrictions.\n\nCVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall\n\nEntry added November 12, 2020\n\n**Keyboard**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A malicious application may be able to leak sensitive user information\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany\n\n**libxml2**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted file may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9981: found by OSS-Fuzz\n\nEntry added November 12, 2020\n\n**libxpc**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-9971: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nEntry added December 15, 2020\n\n**Mail**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A remote attacker may be able to unexpectedly alter application state\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9941: Fabian Ising of FH M\u00fcnster University of Applied Sciences and Damian Poddebniak of FH M\u00fcnster University of Applied Sciences\n\nEntry added November 12, 2020\n\n**Messages**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A local user may be able to discover a user\u2019s deleted messages\n\nDescription: The issue was addressed with improved deletion.\n\nCVE-2020-9988: William Breuer of the Netherlands\n\nCVE-2020-9989: von Brunn Media\n\nEntry added November 12, 2020\n\n**Model I/O**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-13520: Aleksandar Nikolic of Cisco Talos\n\nEntry added November 12, 2020\n\n**Model I/O**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-6147: Aleksandar Nikolic of Cisco Talos\n\nCVE-2020-9972: Aleksandar Nikolic of Cisco Talos\n\nEntry added November 12, 2020\n\n**Model I/O**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9973: Aleksandar Nikolic of Cisco Talos\n\n**NetworkExtension**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A malicious application may be able to elevate privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and Mickey Jin of Trend Micro\n\nEntry added November 12, 2020\n\n**Phone**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: The screen lock may not engage after the specified time period\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9946: Daniel Larsson of iolight AB\n\n**Quick Look**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A malicious app may be able to determine the existence of files on the computer\n\nDescription: The issue was addressed with improved handling of icon caches.\n\nCVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security\n\nEntry added November 12, 2020\n\n**Safari**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A malicious application may be able to determine a user's open tabs in Safari\n\nDescription: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement.\n\nCVE-2020-9977: Josh Parnham (@joshparnham)\n\nEntry added November 12, 2020\n\n**Safari**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Visiting a malicious website may lead to address bar spoofing\n\nDescription: The issue was addressed with improved UI handling.\n\nCVE-2020-9993: Masato Sugiyama (@smasato) of University of Tsukuba, Piotr Duszynski\n\nEntry added November 12, 2020 \n\n\n**Sandbox**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A local user may be able to view senstive user information\n\nDescription: An access issue was addressed with additional sandbox restrictions.\n\nCVE-2020-9969: Wojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nEntry added November 12, 2020\n\n**Sandbox**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A malicious application may be able to access restricted files\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9968: Adam Chester (@_xpn_) of TrustedSec\n\nEntry updated September 17, 2020\n\n**Siri**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A person with physical access to an iOS device may be able to view notification contents from the lockscreen\n\nDescription: A lock screen issue allowed access to messages on a locked device. This issue was addressed with improved state management.\n\nCVE-2020-9959: an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, Andrew Goldberg The University of Texas at Austin, McCombs School of Business, Meli\u0307h Kerem G\u00fcne\u015f of Li\u0307v College, Sinan Gulguler\n\nEntry updated December 15, 2020\n\n**SQLite**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13434\n\nCVE-2020-13435\n\nCVE-2020-9991\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9849\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Multiple issues in SQLite\n\nDescription: Multiple issues were addressed by updating SQLite to version 3.32.3.\n\nCVE-2020-15358\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A maliciously crafted SQL query may lead to data corruption\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-13631\n\nEntry added November 12, 2020\n\n**SQLite**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-13630\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing maliciously crafted web content may lead to arbitrary code execution\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9947: cc working with Trend Micro Zero Day Initiative\n\nCVE-2020-9950: cc working with Trend Micro Zero Day Initiative\n\nCVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing maliciously crafted web content may lead to code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9983: zhunki\n\nEntry added November 12, 2020\n\n**WebKit**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: Processing maliciously crafted web content may lead to a cross site scripting attack\n\nDescription: An input validation issue was addressed with improved input validation.\n\nCVE-2020-9952: Ryan Pickren (ryanpickren.com)\n\n**Wi-Fi**\n\nAvailable for: iPhone 6s and later, iPod touch (7th generation), iPad Air 2 and later, and iPad mini 4 and later\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-10013: Yu Wang of Didi Research America\n\nEntry added November 12, 2020\n\n\n\n## Additional recognition\n\n**802.1X**\n\nWe would like to acknowledge Kenana Dalle of Hamad bin Khalifa University and Ryan Riley of Carnegie Mellon University in Qatar for their assistance.\n\nEntry added December 15, 2020\n\n**App Store**\n\nWe would like to acknowledge Giyas Umarov of Holmdel High School for their assistance.\n\n**Audio**\n\nWe would like to acknowledge JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab for their assistance.\n\nEntry added November 12, 2020\n\n**Bluetooth**\n\nWe would like to acknowledge Andy Davis of NCC Group and Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their assistance.\n\n**CallKit**\n\nWe would like to acknowledge Federico Zanetello for their assistance.\n\n**CarPlay**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\n**Clang**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n\nEntry added November 12, 2020\n\n**Core Location**\n\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for their assistance.\n\n**Crash Reporter**\n\nWe would like to acknowledge Artur Byszko of AFINE for their assistance.\n\nEntry added December 15, 2020\n\n**debugserver**\n\nWe would like to acknowledge Linus Henze (pinauten.de) for their assistance.\n\n**iAP**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\n**iBoot**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero for their assistance.\n\n**Kernel**\n\nWe would like to acknowledge Brandon Azad of Google Project Zero, Stephen R\u00f6ttger of Google for their assistance.\n\nEntry updated November 12, 2020\n\n**libarchive**\n\n****We would like to acknowledge Dzmitry Plotnikau and an anonymous researcher for their assistance.\n\n**lldb**\n\nWe would like to acknowledge Linus Henze (pinauten.de) for their assistance.\n\nEntry added November 12, 2020\n\n**Location Framework**\n\nWe would like to acknowledge Nicolas Brunner (linkedin.com/in/nicolas-brunner-651bb4128) for their assistance.\n\nEntry updated October 19, 2020\n\n**Mail**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\nEntry added November 12, 2020\n\n**Mail Drafts**\n\nWe would like to acknowledge Jon Bottarini of HackerOne for their assistance.\n\nEntry added November 12, 2020\n\n**Maps**\n\nWe would like to acknowledge Matthew Dolan of Amazon Alexa for their assistance.\n\n**NetworkExtension**\n\nWe would like to acknowledge Thijs Alkemade of Computest and \u2018Qubo Song\u2019 of \u2018Symantec, a division of Broadcom\u2019 for their assistance.\n\n**Phone Keypad**\n\nWe would like to acknowledge Hasan Fahrettin Kaya of Akdeniz University Faculty of Tourism, an anonymous researcher for their assistance.\n\nEntry added November 12, 2020, updated December 15, 2020\n\n**Safari**\n\nWe would like to acknowledge Andreas Gutmann (@KryptoAndI) of OneSpan's Innovation Centre (onespan.com) and University College London, Steven J. Murdoch (@SJMurdoch) of OneSpan's Innovation Centre (onespan.com) and University College London, Jack Cable of Lightning Security, Ryan Pickren (ryanpickren.com), Yair Amit for their assistance.\n\nEntry added November 12, 2020\n\n**Safari Reader**\n\nWe would like to acknowledge Zhiyang Zeng (@Wester) of OPPO ZIWU Security Lab for their assistance.\n\nEntry added November 12, 2020\n\n**Security**\n\nWe would like to acknowledge Christian Starkjohann of Objective Development Software GmbH for their assistance.\n\nEntry added November 12, 2020\n\n**Status Bar**\n\nWe would like to acknowledge Abdul M. Majumder, Abdullah Fasihallah of Taif university, Adwait Vikas Bhide, Frederik Schmid, Nikita, and an anonymous researcher for their assistance.\n\n**Telephony**\n\nWe would like to acknowledge Onur Can B\u0131kmaz, Vodafone Turkey @canbkmaz, Yi\u011fit Can YILMAZ (@yilmazcanyigit), an anonymous researcher for their assistance.\n\nEntry updated November 12, 2020\n\n**UIKit**\n\nWe would like to acknowledge Borja Marcos of Sarenet, Simon de Vegt, and Talal Haj Bakry (@hajbakri) and Tommy Mysk (@tommymysk) of Mysk Inc for their assistance.\n\n**Web App**\n\nWe would like to acknowledge Augusto Alvarez of Outcourse Limited for their assistance.\n\n**WebKit**\n\nWe would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan Pickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance.\n\nEntry added November 12, 2020\n", "edition": 7, "modified": "2020-12-15T05:43:15", "published": "2020-12-15T05:43:15", "id": "APPLE:HT211850", "href": "https://support.apple.com/kb/HT211850", "title": "About the security content of iOS 14.0 and iPadOS 14.0 - Apple Support", "type": "apple", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2021-02-11T14:27:22", "description": "A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.", "edition": 8, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-08T21:15:00", "title": "CVE-2020-27904", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27904"], "modified": "2021-02-10T15:49:00", "cpe": [], "id": "CVE-2020-27904", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27904", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2021-02-11T14:27:14", "description": "libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.", "edition": 15, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 1.4}, "published": "2020-06-15T17:15:00", "title": "CVE-2020-14155", "type": "cve", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14155"], "modified": "2021-02-10T16:40:00", "cpe": [], "id": "CVE-2020-14155", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14155", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2021-02-12T14:38:46", "description": "libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \\X or \\R has more than one fixed quantifier, a related issue to CVE-2019-20454.", "edition": 13, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-15T17:15:00", "title": "CVE-2019-20838", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20838"], "modified": "2021-02-11T15:19:00", "cpe": [], "id": "CVE-2019-20838", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20838", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2021-02-11T14:27:15", "description": "In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.", "edition": 21, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-27T12:15:00", "title": "CVE-2020-15358", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15358"], "modified": "2021-02-10T15:59:00", "cpe": ["cpe:/a:oracle:hyperion_infrastructure_technology:11.1.2.4", "cpe:/o:canonical:ubuntu_linux:20.04", "cpe:/a:oracle:outside_in_technology:8.5.5", "cpe:/a:oracle:communications_network_charging_and_control:12.0.2", "cpe:/a:oracle:outside_in_technology:8.5.4", "cpe:/a:oracle:enterprise_manager_ops_center:12.4.0.0", "cpe:/a:oracle:mysql:8.0.22", "cpe:/a:oracle:communications_network_charging_and_control:6.0.1"], "id": "CVE-2020-15358", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15358", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:8.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*"]}], "threatpost": [{"lastseen": "2021-01-27T12:35:42", "bulletinFamily": "info", "cvelist": ["CVE-2021-1782", "CVE-2021-1870", "CVE-2021-1871"], "description": "Apple continues to put out potential security fires by patching zero-day vulnerabilities, releasing an emergency update this week to patch three more recently discovered in iOS after a major software update in November already fixed three that were being actively exploited.\n\nThe newly patched bugs are part of a [security update](<https://support.apple.com/en-us/HT212146>) released Tuesday for iOS 14.4 and iPadOS 14.4. One bug, tracked as CVE-2021-1782, was found in the OS kernel, while the other two\u2013CVE-2021-1870 and CVE-2021-1871\u2013were discovered in the WebKit browser engine.\n\nThe most recent vulnerabilities apparently weren\u2019t known when Apple released iOS 14.2 and iPadOS 14.2, a comprehensive update that patched a total of 24 vulnerabilities [back in November](<https://threatpost.com/apple-patches-bugs-zero-days/161010/>). That update included fixes for three zero-day flaws discovered by the Google Project Zero team that were actively being exploited in the wild. \n[](<https://threatpost.com/newsletter-sign/>)Attackers also may be actively taking advantage of the latest bugs, according to Apple. The company described the kernel flaw as a \u201ca race condition\u201d that the update addresses \u201cwith improved locking.\u201d If exploited, the vulnerability can allow a malicious application to elevate privileges.\n\nThe WebKit vulnerabilities are both logic issues that the update addresses with improved restrictions, according to Apple. Exploiting these flaws would allow a remote attacker \u201cto cause arbitrary code execution,\u201d the company said.\n\nAll the zero-days and thus the fixes affect iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation), according to Apple. Security experts believe the three are part of an exploit chain attackers can use to escalate privileges and compromise a device after its unsuspecting user falls victim to a malicious website leveraging the WebKit flaw.\n\nAs is custom, however, Apple did not go into detail about how the bugs are being used in attacks, as it doesn\u2019t typically reveal this type of info until most of the affected devices are patched.\n\nThe proliferation of iPhones across the world makes news of any Apple iOS zero-day a security threat to its hundreds of millions of users, and thus a very big deal. In fact, four nation-state-backed advanced persistent threats (APTs) used a zero-day iPhone exploit in a highly publicized [espionage hack](<https://threatpost.com/zero-click-apple-zero-day-pegasus-spy-attack/162515/>) against Al Jazeera journalists, producers, anchors and executives late last year.\n\nPredictably, numerous [iPhone users](<https://twitter.com/Gurgling_MrD/status/1354191338221285377>), [tech professionals](<https://twitter.com/GustavoCols/status/1354160831366361089>) and [security experts](<https://twitter.com/Riazjavedbutt/status/1354307444961406976>) took to Twitter as news of the latest spate of iOS zero-days broke to warn iPhone users to update their devices immediately.\n\n\u201ciOS release notes are always comforting when you have firsts like this,\u201d [tweeted](<https://twitter.com/_DanielSinclair/status/1354299572177268737>) one iPhone user [Daniel Sinclair](<https://twitter.com/_DanielSinclair/status/1348631971480666112>) sarcastically. \u201c3 zero-days actively exploited in the wild. 2 involving WebKit.\u201d\n\nSinclair also [tweeted](<https://twitter.com/_DanielSinclair/status/1348631971480666112>) earlier in the month that his iPhone \u201cinexplicably became bricked,\u201d though it\u2019s unclear if that issue was related to the recently discovered zero-days.\n", "modified": "2021-01-27T12:21:28", "published": "2021-01-27T12:21:28", "id": "THREATPOST:233067E74345C95478CA096160DFCE43", "href": "https://threatpost.com/apple-patches-zero-days-ios-emergency-update/163374/", "type": "threatpost", "title": "Apple Patches Three Actively Exploited Zero-Days, Part of iOS Emergency Update", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-02-17T16:39:38", "bulletinFamily": "info", "cvelist": ["CVE-2021-1801"], "description": "Details of a flaw in Apple\u2019s Safari browser, publicly disclosed Tuesday, outline how the cybergang known as ScamClub reached 50 million users with a three-month-long malicious ad campaign pushing malware to mobile iOS Chrome and macOS desktop browsers.\n\nThe Safari bug, [patched on Dec. 2 by Apple](<https://support.apple.com/en-us/HT212147>), was exploited by a malvertising campaign that redirected traffic to scam sites that flogged gift cards, prizes and malware to victims. Impacted was Apple\u2019s Safari browser running on macOS Big Sur 11.0.1 and Google\u2019s iOS-based Chrome browser. The common thread is Apple\u2019s WebKit browser engine framework.\n\nThe attacks, which researchers at Confiant Security attributed to ScamClub, exploited a flaw in the open-source WebKit engine, according to [a blog post](<https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba>) published Tuesday by Eliya Stein, senior security engineer who found the bug on June 22, 2020.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nHe reports that the malicious campaign exploited a privilege-escalation vulnerability, tracked as [CVE-2021\u20131801](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1801>). Stein did not report how many, if any, people may have been impacted by the campaign or what type of malicious activity the threat actors may have engaged in post-exploit. Typically, a privilege-escalation attack\u2019s primary goal is to obtain unauthorized access to a targeted system.\n\n## **What is ScamClub? **\n\nScamClub is a well-established cybergang that for the past three years has hijacked hundreds-of-millions of browser sessions with malvertising campaigns that redirect users to adult and gift card scams.\n\nUntil today, the group is best known for a massive 2018 campaign where it redirected 300 million users to shady phishing sites, serving up adult content and gift card scams.\n\nConfiant dubbed the group ScamClub, because of the criminal\u2019s use of multiple fast-changing redirection chains eventually spitting up shady gift-card offers and adult content.\n\nScamClub typically uses a \u201cbombardment\u201d strategy to flood ad-delivery systems with \u201ctons of horrendous demand\u201d rather than trying to obfuscate its nefarious activity, researchers note.\n\n\u201cThey do this at incredibly high volumes in the hopes that the small percentage that slips through will do significant damage,\u201d he explained.\n\n## **What are the ScamClub Details of the WebKit Exploit? **\n\nIn his Tuesday-report, Stein said this most recent ScamClub campaign redirected users to landing pages that offer prizes, such as \u201cYou\u2019ve won a Walmart gift card!\u201d or \u201cYou\u2019ve won an iPhone!\u201d to rather successful effect, he wrote.\n\nOver the last 90 days alone, ScamClub has delivered over 50 million malicious impressions, \u201cmaintaining a low baseline of activity augmented by frequent manic bursts,\u201d with as many as 16 million impacted ads being served in a single day, according to Stein.\n\nThis type of attack vector can be difficult for both the average person using the internet and businesses alike to handle, given the potential number of malicious ads being served, observed Saryu Nayyar, CEO of unified security and risk analytics firm Gurucul.\n\n\u201cAttacks like this can be a challenge to mitigate for home users, beyond keeping their patches up to date relying on an ISP provided or third-party service to block known malicious DNS domains,\u201d she said in an email to Threatpost. \u201cOrganizations have a similar challenge with the sheer volume of malicious ads, but can benefit from enabling the same techniques and security analytics that can help identify malicious activities by their behaviors.\u201d\n\n## **Diary of a WebKit Exploit**\n\nThe latest ScamCard payload has a number of steps to it, starting with an ad tag that loads a malicious Content Delivery Network-hosted dependency typically \u201cobfuscated in absurd ways in attempt to evade URL blocklists\u201d that can expand to thousands of lines of code, Stein wrote.\n\nHe said that Confiant researchers narrowed their investigation down to four lines of code that ultimately alerted them to ScamClub\u2019s use of the WebKit bug in its campaign:[](<https://media.threatpost.com/wp-content/uploads/sites/103/2021/02/17102521/scamclub-four-lines-of-code-webkit.png>)Observing that the code seemed different than a typical malvertising tactic of trying \u201cto spray a bunch of redirect attempts in a single payload that try to do the redirect in different ways,\u201d researchers investigated by staging a simple HTML file that implemented a cross-origin sandboxed frame and a button that dispatched their event.\n\n\u201cThe `allow-top-navigation-by-user-activation` sandbox attribute, which is often lauded as one of the most vital tools in an anti-malvertising strategy, should in theory prevent any redirection unless a proper activation takes place,\u201d Stein explained. \u201cActivation in this context typically means a tap or a click _inside_ the frame.\u201d\n\nIf this was the case, then Confiant\u2019s proof of concept should not have been able to redirect the page. However, it did, which proved to researchers that ScamClub\u2019s use of \u201ca long tail iframe sandbox bypass\u201d was leveraging a browser bug that turned out to be in WebKit, Stein said.\n\n### _Is your small- to medium-sized business an easy mark for attackers?_\n\n**Threatpost WEBINAR:** _ Save your spot for __\u201c**15 Cybersecurity Pitfalls and Fixes for SMBs**__,\u201d a _[**_FREE Threatpost webinar_**](<https://threatpost.com/webinars/15-cybersecurity-gaffes-and-fixes-mid-size-businesses-face/?utm_source=ART&utm_medium=ART&utm_campaign=Feb_webinar>)** _on Feb. 24 at 2 p.m. ET._**_ Cybercriminals count on you making these mistakes, but our experts will help you lock down your small- to mid-sized business like it was a Fortune 100. _[_Register NOW_](<https://threatpost.com/webinars/15-cybersecurity-gaffes-and-fixes-mid-size-businesses-face/?utm_source=ART&utm_medium=ART&utm_campaign=Feb_webinar>)_ for this _**_LIVE_****_ _**_webinar on Wed., Feb. 24._\n", "modified": "2021-02-17T15:30:37", "published": "2021-02-17T15:30:37", "id": "THREATPOST:4EC160EC2EBC650C54F5047502D0F7A4", "href": "https://threatpost.com/safari-browser-scamclub-campaign-revealed/164023/", "type": "threatpost", "title": "Details Tied to Safari Browser-based 'ScamClub' Campaign Revealed", "cvss": {"score": 0.0, "vector": "NONE"}}], "thn": [{"lastseen": "2021-01-27T06:26:27", "bulletinFamily": "info", "cvelist": ["CVE-2021-1782", "CVE-2021-1870", "CVE-2021-1871"], "description": "[](<https://thehackernews.com/images/-jMlIotpt0jU/YBD-s7n5YQI/AAAAAAAABmI/X0k_6KZYvcAOxTj1nJiddOWRAnW-eYg9ACLcBGAsYHQ/s0/apple-iphone-hacking.jpg>)\n\nApple on Tuesday released updates for iOS, iPadOS, and tvOS with fixes for three security vulnerabilities that it says may have been actively exploited in the wild.\n\nReported by an anonymous researcher, the three [zero-day](<https://support.apple.com/en-us/HT212146>) [flaws](<https://support.apple.com/en-us/HT212149>) \u2014 CVE-2021-1782, CVE-2021-1870, and CVE-2021-1871 \u2014 could have allowed an attacker to elevate privileges and achieve remote code execution.\n\nThe iPhone maker did not disclose how widespread the attack was or reveal the identities of the attackers actively exploiting them.\n\n[](<https://go.thn.li/password-auditor> \"password auditor\" )\n\nWhile the privilege escalation bug in the kernel (CVE-2021-1782) was noted as a race condition that could cause a malicious application to elevate its privileges, the other two shortcomings \u2014 dubbed a \"logic issue\" \u2014 were discovered in the WebKit browser engine (CVE-2021-1870 and CVE-2021-1871), permitting an attacker to achieve arbitrary code execution inside Safari.\n\nApple said the race condition and the WebKit flaws were addressed with improved locking and restrictions, respectively.\n\n[](<https://thehackernews.com/images/-fdpXkbfWGTA/YBD_Bui-nuI/AAAAAAAABmQ/MgynC4sTjqETJbW_z8c8Hc-4lAuJHG5rgCLcBGAsYHQ/s0/hacking.jpg>)\n\nWhile exact details of the exploit leveraging the flaws are unlikely to be made public until the patches have been widely applied, it wouldn't be a surprise if they were chained together to carry out watering hole attacks against potential targets.\n\nSuch an attack would involve delivering the malicious code simply by visiting a compromised website that then takes advantage of the aforementioned vulnerabilities to escalate its privileges and run arbitrary commands to take control of the device.\n\nThe updates are now available for iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation), as well as Apple TV 4K and Apple TV HD.\n\nNews of the latest zero-days comes after the company resolved three actively exploited vulnerabilities in [November 2020](<https://thehackernews.com/2020/11/update-your-ios-devices-now-3-actively.html>) and a separate zero-day bug in iOS 13.5.1 that was disclosed as used in a [cyberespionage campaign](<https://thehackernews.com/2020/12/iphones-of-36-journalists-hacked-using.html>) targeting Al Jazeera journalists last year.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "modified": "2021-01-27T05:50:09", "published": "2021-01-27T05:50:00", "id": "THN:739D9EFE8C7F1B29E2430DAC65CDEE52", "href": "https://thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html", "type": "thn", "title": "Apple Warns of 3 iOS Zero-Day Security Vulnerabilities Exploited in the Wild", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-02-17T08:27:03", "bulletinFamily": "info", "cvelist": ["CVE-2021-1801"], "description": "[](<https://thehackernews.com/images/-pZbqnOXttL8/YCzABraKY3I/AAAAAAAAByk/dQW5ke2LZIAZWJFS08DEBVN6InouwoA9ACLcBGAsYHQ/s0/visa-hacking.jpg>)\n\nA malvertising group known as \"ScamClub\" exploited a zero-day vulnerability in WebKit-based browsers to inject malicious payloads that redirected users to fraudulent websites gift card scams.\n\nThe attacks, first [spotted](<https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba>) by ad security firm Confiant in late June 2020, leveraged a bug (CVE-2021\u20131801) that allowed malicious parties to bypass the [iframe](<https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe>) sandboxing policy in the browser engine that powers Safari and Google Chrome for iOS and run malicious code.\n\n[](<https://go.thn.li/password-auditor> \"password auditor\" )\n\nSpecifically, the technique exploited the manner how WebKit handles JavaScript [event listeners](<https://developer.mozilla.org/en-US/docs/Web/API/EventListener>), thus making it possible to break out of the sandbox associated with an ad's inline frame element despite the presence of \"allow-top-navigation-by-user-activation\" attribute that explicitly forbids any redirection unless the click event occurs inside the iframe.\n\nTo test this hypothesis, the researchers set about creating a simple HTML file containing a cross-origin sandboxed iframe and a button outside it that triggered an event to access the iframe and redirect the clicks to rogue websites.\n\n\"The [...] button is outside of the sandboxed frame after all,\" Confiant researcher Eliya Stein said. \"However, if it does redirect, that means we have a browser security bug on our hands, which turned out to be the case when tested on WebKit based browsers, namely Safari on desktop and iOS.\"\n\n[](<https://thehackernews.com/images/-7WViMHKcxyc/YCy_iTMdyXI/AAAAAAAAByc/HhYwiGvYNGM6PgKkorIbgfB6p02dr7A7wCLcBGAsYHQ/s0/hacking.jpg>)\n\nFollowing responsible disclosure to Apple on June 23, 2020, the tech giant [patched](<https://trac.webkit.org/changeset/270373/webkit>) WebKit on December 2, 2020, and subsequently addressed the issue \"with improved iframe sandbox enforcement\" as part of security updates released earlier this month for [iOS 14.4](<https://support.apple.com/en-in/HT212146>) and [macOS Big Sur](<https://support.apple.com/en-us/HT212147>).\n\nConfiant said the operators of ScamClub have delivered more than 50 million malicious impressions over the last 90 days, with as many as 16MM impacted ads being served in a single day.\n\n\"On the tactics side, this attacker historically favors what we refer to as a 'bombardment' strategy,\" Stein elaborated.\n\n\"Instead of trying to fly under the radar, they flood the ad tech ecosystem with tons of horrendous demand well aware that the majority of it will be blocked by some kind of gatekeeping, but they do this at incredibly high volumes in the hopes that the small percentage that slips through will do significant damage.\"\n\nConfiant has also [published](<https://github.com/WeAreConfiant/security/blob/master/stix-feeds/scamclub.stix.json>) a list of websites used by the ScamClub group to run its recent scam campaign.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "modified": "2021-02-17T07:11:54", "published": "2021-02-17T07:11:00", "id": "THN:99F0C5326CD3398017C19279EE84B66E", "href": "https://thehackernews.com/2021/02/malvertisers-exploited-webkit-0-day-to.html", "type": "thn", "title": "Malvertisers Exploited WebKit 0-Day to Redirect Browser Users to Scam Sites", "cvss": {"score": 0.0, "vector": "NONE"}}], "zdi": [{"lastseen": "2021-02-04T17:31:06", "bulletinFamily": "info", "cvelist": ["CVE-2021-1743"], "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the ImageIO framework. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before reading memory. An attacker can leverage this vulnerability to execute code in the context of the current process.", "edition": 1, "modified": "2021-02-04T00:00:00", "published": "2021-02-04T00:00:00", "id": "ZDI-21-147", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-147/", "title": "Apple macOS ImageIO EXR Parsing Integer Overflow Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-02-04T17:31:06", "bulletinFamily": "info", "cvelist": ["CVE-2021-1753"], "description": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the ModelIO framework. Crafted data in a USD file can trigger a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.", "edition": 1, "modified": "2021-02-04T00:00:00", "published": "2021-02-04T00:00:00", "id": "ZDI-21-139", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-139/", "title": "Apple macOS ModelIO USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "type": "zdi", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-02-04T17:31:06", "bulletinFamily": "info", "cvelist": ["CVE-2021-1772"], "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the CoreText library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of TTF fonts. Crafted data in a TTF file can trigger a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process.", "edition": 1, "modified": "2021-02-04T00:00:00", "published": "2021-02-04T00:00:00", "id": "ZDI-21-149", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-149/", "title": "Apple macOS CoreText TTF Parsing Out-of-Bounds Write Remote Code Execution", "type": "zdi", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-02-04T17:31:06", "bulletinFamily": "info", "cvelist": ["CVE-2021-1768"], "description": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the ModelIO framework. Crafted data in a USD file can trigger a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.", "edition": 1, "modified": "2021-02-04T00:00:00", "published": "2021-02-04T00:00:00", "id": "ZDI-21-145", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-145/", "title": "Apple macOS ModelIO USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "type": "zdi", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-02-04T17:31:06", "bulletinFamily": "info", "cvelist": ["CVE-2021-1775"], "description": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the libFontParser library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of TTF fonts. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before reading from memory. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.", "edition": 1, "modified": "2021-02-04T00:00:00", "published": "2021-02-04T00:00:00", "id": "ZDI-21-138", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-138/", "title": "Apple macOS libFontParser TTF Parsing Integer Underflow Information Disclosure Vulnerability", "type": "zdi", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-02-04T17:31:06", "bulletinFamily": "info", "cvelist": ["CVE-2021-1746"], "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the ImageIO framework. Crafted data in a PICT image can trigger a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process.", "edition": 1, "modified": "2021-02-04T00:00:00", "published": "2021-02-04T00:00:00", "id": "ZDI-21-146", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-146/", "title": "Apple macOS ImageIO PICT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-02-04T17:31:06", "bulletinFamily": "info", "cvelist": ["CVE-2021-1763"], "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the ModelIO framework. Crafted data in a USD file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.", "edition": 1, "modified": "2021-02-04T00:00:00", "published": "2021-02-04T00:00:00", "id": "ZDI-21-143", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-143/", "title": "Apple macOS ModelIO USD Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-02-04T17:31:06", "bulletinFamily": "info", "cvelist": ["CVE-2021-1762"], "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the ModelIO framework. Crafted data in a USD file can trigger a write past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process", "edition": 1, "modified": "2021-02-04T00:00:00", "published": "2021-02-04T00:00:00", "id": "ZDI-21-142", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-142/", "title": "Apple macOS ModelIO USD Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-02-04T17:31:06", "bulletinFamily": "info", "cvelist": ["CVE-2021-1745"], "description": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the ModelIO framework. Crafted data in a USD file can trigger a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process", "edition": 1, "modified": "2021-02-04T00:00:00", "published": "2021-02-04T00:00:00", "id": "ZDI-21-141", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-141/", "title": "Apple macOS ModelIO USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "type": "zdi", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-02-04T17:31:06", "bulletinFamily": "info", "cvelist": ["CVE-2021-1767"], "description": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the ModelIO framework. Crafted data in a USD file can trigger a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.", "edition": 1, "modified": "2021-02-04T00:00:00", "published": "2021-02-04T00:00:00", "id": "ZDI-21-144", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-144/", "title": "Apple macOS ModelIO USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability", "type": "zdi", "cvss": {"score": 0.0, "vector": "NONE"}}], "malwarebytes": [{"lastseen": "2021-02-22T13:33:51", "bulletinFamily": "blog", "cvelist": ["CVE-2021-1801"], "description": "Last week on Malwarebytes Labs, the spotlight fell on [the State of Malware 2021 report](<https://blog.malwarebytes.com/reports/2021/02/state-of-malware-2021-report/>), wherein we have seen cyberthreats evolve.\n\nWe also touched on ransomware, such as [Egregor](<https://blog.malwarebytes.com/ransomware/2021/02/egregor-ransomware-hit-by-arrests/>) and [a tactic](<https://blog.malwarebytes.com/malwarebytes-news/2021/02/rdp-the-ransomware-problem-that-wont-go-away/>) known as Remote Desktop Protocol (RDP) brute forcing that has long been part of the ransomware operators' toolkit; insider threats, such as [what Yandex recently experienced](<https://blog.malwarebytes.com/awareness/2021/02/yandex-sysadmin-caught-selling-access-to-email-accounts/>) with one of its own sysadmins; [romance scams](<https://blog.malwarebytes.com/privacy-2/2021/02/romance-scams-ftc-reveals-304-million-of-heartache/>); and put social media under scrutiny\u2014looking at you, [Clubhouse](<https://blog.malwarebytes.com/awareness/2021/02/clubhouse-under-scrutiny-for-sending-data-to-chinese-servers/>) and [Omegle](<https://blog.malwarebytes.com/awareness/2021/02/omegle-investigation-raises-new-concerns-for-kids-safety/>); [some wins](<https://blog.malwarebytes.com/awareness/2021/02/north-korean-hackers-charged-with-1-3-billion-of-cyberheists/>) for the good guys; and course, [Cyberpunk 2077](<https://blog.malwarebytes.com/malwarebytes-news/2021/02/cybersecurity-in-cyberpunk-2077-the-good-the-bad-and-the-cringeworthy/>). \n\n### Other cybersecurity news\n\n * Following the water supply hack in a Florida city, the US government [warned](<https://www.securityweek.com/us-gov-warning-water-supply-hack-get-rid-windows-7>) critical infrastructure operators to upgrade their Windows 7 operating systems. (Source: Security Week)\n * Baby monitor vulnerabilities are in the spotlight once again after the cybersecurity team at SafetyDetectives, an independent review site, [unearthed a flaw](<https://www.safetydetectives.com/blog/babymonitor-exposed-report/>) that allows miscreants to take over a camera\u2019s video stream. (Source: SafetyDetectives)\n * Phishers used ["financial bonus" as lure](<https://www.zdnet.com/article/this-phishing-email-promises-you-a-bonus-but-actually-delivers-this-windows-trojan-malware/>) to deliver the Bazar Trojan. (Source: ZDNet)\n * Speaking of phishing scams, they're also promising free COVID vaccines. [Again](<https://www.infosecurity-magazine.com/news/nhs-phishing-scam-promises-covid19/>). (Source: Infosecurity Magazine)\n * Intelligence officials from South Korea claimed that North Korea is behind the [COVID vaccine cyberattack](<https://www.computerweekly.com/news/252496416/North-Korea-accused-of-Pfizer-Covid-vaccine-cyber-attack>) against Pfizer. (Source: Computer Weekly)\n * A flaw in Agora, a voice and video platform, was discovered that could allow attackers to [spy on private calls](<https://www.cyberscoop.com/flaw-agora-video-calling-software-eavesdroppers/>). (Source: CyberScoop)\n * Palo Alto\u2019s Unit42 uncovered [a cryptojacking ](<https://unit42.paloaltonetworks.com/watchdog-cryptojacking/>)[c](<https://unit42.paloaltonetworks.com/watchdog-cryptojacking/>)[ampaign](<https://unit42.paloaltonetworks.com/watchdog-cryptojacking/>) that has been in operation for the last couple of years. (Source: Palo Alto Networks)\n * [ScamClub](<https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba>), a malvertising group, was discovered using an iPhone browser bug to push ads. (Source: Confiant)\n * With the introduction of Apple\u2019s M1 computer processors, [new malware](<https://www.vice.com/en/article/v7mnk4/hackers-are-starting-to-code-malware-specifically-for-apples-m1-computers>) made for them is starting to emerge. (Source: Motherboard)\n\nStay safe, everyone!\n\nThe post [A week in security (February 15 \u2013 February 21)](<https://blog.malwarebytes.com/a-week-in-security/2021/02/a-week-in-security-february-15-february-21/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "modified": "2021-02-22T11:37:19", "published": "2021-02-22T11:37:19", "id": "MALWAREBYTES:571F8A177DE5469D82A8C2F7E8BE43CB", "href": "https://blog.malwarebytes.com/a-week-in-security/2021/02/a-week-in-security-february-15-february-21/", "type": "malwarebytes", "title": "A week in security (February 15 \u2013 February 21)", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntu": [{"lastseen": "2020-07-27T19:34:33", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15358"], "description": "It was discovered that SQLite incorrectly handled query-flattener \noptimization. An attacker could use this issue to cause SQLite to crash, \nresulting in a denial of service, or possibly execute arbitrary code.", "edition": 1, "modified": "2020-07-27T00:00:00", "published": "2020-07-27T00:00:00", "id": "USN-4438-1", "href": "https://ubuntu.com/security/notices/USN-4438-1", "title": "SQLite vulnerability", "type": "ubuntu", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-23T16:51:52", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25710", "CVE-2020-25709"], "description": "USN-4634-1 fixed several vulnerabilities in OpenLDAP. This update provides \nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.\n\nOriginal advisory details:\n\nIt was discovered that OpenLDAP incorrectly handled certain malformed \ninputs. A remote attacker could possibly use this issue to cause OpenLDAP \nto crash, resulting in a denial of service.", "edition": 1, "modified": "2020-11-23T00:00:00", "published": "2020-11-23T00:00:00", "id": "USN-4634-2", "href": "https://ubuntu.com/security/notices/USN-4634-2", "title": "OpenLDAP vulnerabilities", "type": "ubuntu", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-11-18T08:53:58", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25710", "CVE-2020-25709"], "description": "It was discovered that OpenLDAP incorrectly handled certain malformed \ninputs. A remote attacker could possibly use this issue to cause OpenLDAP \nto crash, resulting in a denial of service.", "edition": 1, "modified": "2020-11-17T00:00:00", "published": "2020-11-17T00:00:00", "id": "USN-4634-1", "href": "https://ubuntu.com/security/notices/USN-4634-1", "title": "OpenLDAP vulnerabilities", "type": "ubuntu", "cvss": {"score": 0.0, "vector": "NONE"}}], "debian": [{"lastseen": "2020-12-05T01:16:38", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25710", "CVE-2020-25709"], "description": "- -----------------------------------------------------------------------\nDebian LTS Advisory DLA-2481-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Utkarsh Gupta\nDecember 04, 2020 https://wiki.debian.org/LTS\n- -----------------------------------------------------------------------\n\nPackage : openldap\nVersion : 2.4.44+dfsg-5+deb9u6\nCVE ID : CVE-2020-25709 CVE-2020-25710\n\nTwo vulnerabilities in the certificate list syntax verification and\nin the handling of CSN normalization were discovered in OpenLDAP, a\nfree implementation of the Lightweight Directory Access Protocol.\nAn unauthenticated remote attacker can take advantage of these\nflaws to cause a denial of service (slapd daemon crash) via\nspecially crafted packets.\n\nFor Debian 9 stretch, these problems have been fixed in version\n2.4.44+dfsg-5+deb9u6.\n\nWe recommend that you upgrade your openldap packages.\n\nFor the detailed security status of openldap please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openldap\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 1, "modified": "2020-12-04T17:36:14", "published": "2020-12-04T17:36:14", "id": "DEBIAN:DLA-2481-1:F1C1C", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202012/msg00008.html", "title": "[SECURITY] [DLA 2481-1] openldap security update", "type": "debian", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-11-18T01:28:40", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25710", "CVE-2020-25709"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4792-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nNovember 17, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openldap\nCVE ID : CVE-2020-25709 CVE-2020-25710\n\nTwo vulnerabilities in the certificate list syntax verification and\nin the handling of CSN normalization were discovered in OpenLDAP, a\nfree implementation of the Lightweight Directory Access Protocol.\nAn unauthenticated remote attacker can take advantage of these\nflaws to cause a denial of service (slapd daemon crash) via\nspecially crafted packets.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.4.47+dfsg-3+deb10u4.\n\nWe recommend that you upgrade your openldap packages.\n\nFor the detailed security status of openldap please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/openldap\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "modified": "2020-11-17T14:50:27", "published": "2020-11-17T14:50:27", "id": "DEBIAN:DSA-4792-1:9EED2", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2020/msg00199.html", "title": "[SECURITY] [DSA 4792-1] openldap security update", "type": "debian", "cvss": {"score": 0.0, "vector": "NONE"}}], "freebsd": [{"lastseen": "2020-07-02T23:23:43", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11082", "CVE-2020-14155", "CVE-2019-0542"], "description": "\nGitlab reports:\n\nMissing Permission Check on Time Tracking\nCross-Site Scripting in PyPi Files API\nInsecure Authorization Check on Private Project Security Dashboard\nCross-Site Scripting in References\nCross-Site Scripting in Group Names\nCross-Site Scripting in Blob Viewer\nCross-Site Scripting in Error Tracking\nInsecure Authorisation Check on Creation and Deletion of Deploy Tokens\nUser Name Format Restiction Bypass\nDenial of Service in Issue Comments\nCross-Site Scripting in Wiki Pages\nPrivate Merge Request Updates Leaked via Todos\nPrivate User Activity Leaked via API\nCross-Site Scripting in Bitbucket Import Feature\nGithub Project Restriction Bypass\nUpdate PCRE Dependency\nUpdate Kaminari Gem\nCross-Site Scripting in User Profile\nUpdate Xterm.js\n\n", "edition": 1, "modified": "2020-07-01T00:00:00", "published": "2020-07-01T00:00:00", "id": "0A305431-BC98-11EA-A051-001B217B3468", "href": "https://vuxml.freebsd.org/freebsd/0a305431-bc98-11ea-a051-001b217b3468.html", "title": "Gitlab -- Multiple Vulnerabilities", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2020-07-27T03:27:02", "bulletinFamily": "unix", "cvelist": ["CVE-2020-13434", "CVE-2019-20218", "CVE-2020-13632", "CVE-2020-11656", "CVE-2020-13631", "CVE-2020-11655", "CVE-2020-13435", "CVE-2020-13630", "CVE-2020-15358", "CVE-2020-13871"], "description": "### Background\n\nSQLite is a C library that implements an SQL database engine.\n\n### Description\n\nMultiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll SQLite users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/sqlite-3.32.3\"", "edition": 1, "modified": "2020-07-27T00:00:00", "published": "2020-07-27T00:00:00", "id": "GLSA-202007-26", "href": "https://security.gentoo.org/glsa/202007-26", "title": "SQLite: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "lenovo": [{"lastseen": "2021-02-23T21:28:10", "bulletinFamily": "info", "cvelist": ["CVE-2020-8695", "CVE-2020-0587", "CVE-2020-12890", "CVE-2020-0588", "CVE-2020-29633", "CVE-2020-8696", "CVE-2020-0592", "CVE-2020-8698", "CVE-2020-1292", "CVE-2020-1025", "CVE-2020-0591", "CVE-2020-8354", "CVE-2020-12926", "CVE-2020-8352", "CVE-2020-0593", "CVE-2020-1289", "CVE-2020-8694", "CVE-2020-2963", "CVE-2020-0590"], "description": "**Lenovo Security Advisory: **LEN-49266\n\n**Potential Impact: **Information disclosure, privilege escalation, denial of service\n\n**Severity: **High\n\n**Scope of Impact: **Industry-wide\n\n**CVE Identifier: **CVE-2020-0587, CVE-2020-0588, CVE-2020-0590, CVE-2020-0591, CVE-2020-0592, CVE-2020-0593, CVE-2020-1025, CVE-2020-1289, CVE-2020-1292, CVE-2020-2963, CVE-2020-8694, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698, CVE-2020-8352, CVE-2020-8354\n\n**Summary Description:**\n\nWhen possible, Lenovo consolidates multiple BIOS security fixes and enhancements into as few updates as possible. The following list of vulnerabilities were reported by suppliers and researchers or were found during our regular internal testing. Not all products listed in the Product Impact section of this advisory were affected by every CVE summarized here.\n\nAMD reported a potential vulnerability that may impact AMD\u2019s TPM implementation of non-orderly shutdown-failedTries with the USE_DA_USED build flag. CVE-2020-12926 (AMD), CVE-2020-29633 (TCG)\n\nAMD reported a potential vulnerability in some AMD notebook or embedded processors that may allow privilege escalation. CVE-2020-12890\n\nAMI has released AMI Aptio V BIOS security enhancements. No CVEs available\n\nIntel reported potential security vulnerabilities in the BIOS firmware for some Intel\u00ae Processors that may allow escalation of privilege or denial of service. INTEL-SA-00358: CVE-2020-0587, CVE-2020-0588, CVE-2020-0590, CVE-2020-0591, CVE-2020-0592, CVE-2020-0593\n\nIntel reported potential security vulnerabilities in some Intel\u00ae Processors that may allow information disclosure. INTEL-SA-00381: CVE-2020-8696, CVE-2020-8698\n\nIntel reported potential security vulnerabilities in the Intel\u00ae Running Average Power Limit (RAPL) Interface that may allow information disclosure. INTEL-SA-00389: CVE-2020-8694, CVE-2020-8695\n\nA potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution. CVE-2020-8354\n\nIn some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes. CVE-2020-8352\n\nPhoenix has released security enhancements for Phoenix BIOS. No CVEs available\n\n**Mitigation Strategy for Customers (what you should do to protect yourself):**\n\nUpdate system firmware to the version (or newer) indicated for your model in the Product Impact section.\n", "edition": 31, "modified": "2021-01-13T03:23:04", "published": "2020-11-04T15:47:25", "id": "LENOVO:PS500368-MULTI-VENDOR-BIOS-SECURITY-VULNERABILITIES-NOVEMBER-2020-NOSID", "href": "https://support.lenovo.com/us/en/product_security/ps500368-multi-vendor-bios-security-vulnerabilities-november-2020", "title": "Multi-vendor BIOS Security Vulnerabilities (November 2020) - Lenovo Support US", "type": "lenovo", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-21T07:27:38", "bulletinFamily": "info", "cvelist": ["CVE-2020-12356", "CVE-2020-8750", "CVE-2020-8756", "CVE-2020-8757", "CVE-2020-12354", "CVE-2020-8752", "CVE-2020-29633", "CVE-2020-12355", "CVE-2020-8751", "CVE-2020-8745", "CVE-2020-8761", "CVE-2020-8747", "CVE-2020-12297", "CVE-2020-8705", "CVE-2020-8744", "CVE-2020-8746", "CVE-2020-8753", "CVE-2020-12303", "CVE-2020-8760", "CVE-2020-8749", "CVE-2020-12304", "CVE-2020-8755", "CVE-2020-8754"], "description": "**Lenovo Security Advisory: **LEN-39432\n\n**Potential Impact: **Privilege escalation, denial of service, information disclosure\n\n**Severity: **High\n\n**Scope of Impact: **Industry-wide\n\n**CVE Identifier: **CVE-2020-12297, CVE-2020-12303, CVE-2020-12304, CVE-2020-12354, CVE-2020-12355, CVE-2020-12356, CVE-2020-8705, CVE-2020-8744, CVE-2020-8745, CVE-2020-8746, CVE-2020-8747, CVE-2020-8749, CVE-2020-8750, CVE-2020-8751, CVE-2020-8752, CVE-2020-8753, CVE-2020-8754, CVE-2020-8755, CVE-2020-8756, CVE-2020-8757, CVE-2020-8760, CVE-2020-8761, CVE-2020-29633 (TCG)\n\n**Summary Description:**\n\nIntel reported potential security vulnerabilities in Intel\u00ae Converged Security and Manageability Engine (CSME), Server Platform Services (SPS), Intel\u00ae Trusted Execution Engine (TXE), Intel\u00ae Dynamic Application Loader (DAL), Intel\u00ae Active Management Technology (AMT), Intel\u00ae Standard Manageability (ISM) and Intel\u00ae Dynamic Application Loader (Intel\u00ae DAL) that may allow escalation of privilege, denial of service or information disclosure.\n\n**Mitigation Strategy for Customers (what you should do to protect yourself):**\n\nIntel recommends updating Intel\u00ae CSME, Intel\u00ae SPS, and Intel\u00ae TXE to the version (or newer) of firmware and software indicated for your model in the Product Impact section below.\n\nIntel is not releasing updates to mitigate a potential vulnerability and has issued a Product Discontinuation Notice for Intel\u00ae DAL.\n", "edition": 33, "modified": "2021-02-01T17:05:57", "published": "2020-11-04T15:56:16", "id": "LENOVO:PS500369-INTEL-CSME-SPS-TXE-DAL-AND-AMT-ADVISORY-NOSID", "href": "https://support.lenovo.com/us/en/product_security/ps500369-intel-csme-sps-txe-dal-and-amt-advisory", "title": "Intel CSME, SPS, TXE, DAL and AMT Advisory - Lenovo Support US", "type": "lenovo", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oracle": [{"lastseen": "2020-12-24T15:41:14", "bulletinFamily": "software", "cvelist": ["CVE-2013-7285", "CVE-2015-1832", "CVE-2015-9251", "CVE-2016-0701", "CVE-2016-1000031", "CVE-2016-1000338", "CVE-2016-1000339", "CVE-2016-1000340", "CVE-2016-1000341", "CVE-2016-1000342", "CVE-2016-1000343", "CVE-2016-1000344", "CVE-2016-1000345", "CVE-2016-1000346", "CVE-2016-1000352", "CVE-2016-10244", "CVE-2016-10328", "CVE-2016-2167", "CVE-2016-2168", "CVE-2016-2183", "CVE-2016-2510", "CVE-2016-3189", "CVE-2016-4800", "CVE-2016-5000", "CVE-2016-5300", "CVE-2016-5725", "CVE-2016-6153", "CVE-2016-6306", "CVE-2016-8610", "CVE-2016-8734", "CVE-2017-10989", "CVE-2017-12626", "CVE-2017-13098", "CVE-2017-13685", "CVE-2017-13745", "CVE-2017-14232", "CVE-2017-15095", "CVE-2017-15286", "CVE-2017-17485", "CVE-2017-3164", "CVE-2017-5644", "CVE-2017-5645", "CVE-2017-5662", "CVE-2017-7525", "CVE-2017-7656", "CVE-2017-7657", "CVE-2017-7658", "CVE-2017-7857", "CVE-2017-7858", "CVE-2017-7864", "CVE-2017-8105", "CVE-2017-8287", "CVE-2017-9096", "CVE-2017-9735", "CVE-2017-9800", "CVE-2018-1000180", "CVE-2018-1000613", "CVE-2018-1000873", "CVE-2018-11054", "CVE-2018-11055", "CVE-2018-11056", "CVE-2018-11057", "CVE-2018-11058", "CVE-2018-11307", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-12536", "CVE-2018-12538", "CVE-2018-12545", "CVE-2018-14718", "CVE-2018-15769", "CVE-2018-17196", "CVE-2018-18873", "CVE-2018-19139", "CVE-2018-19539", "CVE-2018-19540", "CVE-2018-19541", "CVE-2018-19542", "CVE-2018-19543", "CVE-2018-20346", "CVE-2018-20505", "CVE-2018-20506", "CVE-2018-20570", "CVE-2018-20584", "CVE-2018-20622", "CVE-2018-20843", "CVE-2018-2765", "CVE-2018-3693", "CVE-2018-5382", "CVE-2018-5968", "CVE-2018-6942", "CVE-2018-7489", "CVE-2018-8013", "CVE-2018-8088", "CVE-2018-8740", "CVE-2018-9055", "CVE-2018-9154", "CVE-2018-9252", "CVE-2019-0192", "CVE-2019-0201", "CVE-2019-10072", "CVE-2019-10097", "CVE-2019-1010239", "CVE-2019-10173", "CVE-2019-10241", "CVE-2019-10246", "CVE-2019-10247", "CVE-2019-10744", "CVE-2019-11048", "CVE-2019-11358", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11834", "CVE-2019-11835", "CVE-2019-11922", "CVE-2019-12086", "CVE-2019-12260", "CVE-2019-12261", "CVE-2019-12384", "CVE-2019-12402", "CVE-2019-12415", "CVE-2019-12419", "CVE-2019-12423", "CVE-2019-12814", "CVE-2019-12900", "CVE-2019-13990", "CVE-2019-14379", "CVE-2019-14540", "CVE-2019-14893", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1552", "CVE-2019-1563", "CVE-2019-15903", "CVE-2019-16168", "CVE-2019-16335", "CVE-2019-16942", "CVE-2019-16943", "CVE-2019-17091", "CVE-2019-17267", "CVE-2019-17359", "CVE-2019-17495", "CVE-2019-17531", "CVE-2019-17543", "CVE-2019-17558", "CVE-2019-17569", "CVE-2019-17632", "CVE-2019-17638", "CVE-2019-18348", "CVE-2019-20330", "CVE-2019-2897", "CVE-2019-2904", "CVE-2019-3738", "CVE-2019-3739", "CVE-2019-3740", "CVE-2019-5018", "CVE-2019-5427", "CVE-2019-5435", "CVE-2019-5436", "CVE-2019-5443", "CVE-2019-5481", "CVE-2019-5482", "CVE-2019-8457", "CVE-2019-9511", "CVE-2019-9513", "CVE-2019-9936", "CVE-2019-9937", "CVE-2020-10108", "CVE-2020-10543", "CVE-2020-10650", "CVE-2020-10672", "CVE-2020-10673", "CVE-2020-10683", "CVE-2020-10722", "CVE-2020-10723", "CVE-2020-10724", "CVE-2020-10878", "CVE-2020-10968", "CVE-2020-10969", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-11080", "CVE-2020-11111", "CVE-2020-11112", "CVE-2020-11113", "CVE-2020-11619", "CVE-2020-11620", "CVE-2020-11655", "CVE-2020-11656", "CVE-2020-11971", "CVE-2020-11972", "CVE-2020-11973", "CVE-2020-11984", "CVE-2020-11993", "CVE-2020-11996", "CVE-2020-12243", "CVE-2020-12723", "CVE-2020-13630", "CVE-2020-13631", "CVE-2020-13632", "CVE-2020-13920", "CVE-2020-13934", "CVE-2020-13935", "CVE-2020-14060", "CVE-2020-14061", "CVE-2020-14062", "CVE-2020-14195", "CVE-2020-14672", "CVE-2020-14731", "CVE-2020-14732", "CVE-2020-14734", "CVE-2020-14735", "CVE-2020-14736", "CVE-2020-14740", "CVE-2020-14741", "CVE-2020-14742", "CVE-2020-14743", "CVE-2020-14744", "CVE-2020-14745", "CVE-2020-14746", "CVE-2020-14752", "CVE-2020-14753", "CVE-2020-14754", "CVE-2020-14757", "CVE-2020-14758", "CVE-2020-14759", "CVE-2020-14760", "CVE-2020-14761", "CVE-2020-14762", "CVE-2020-14763", "CVE-2020-14764", "CVE-2020-14765", "CVE-2020-14766", "CVE-2020-14767", "CVE-2020-14768", "CVE-2020-14769", "CVE-2020-14770", "CVE-2020-14771", "CVE-2020-14772", "CVE-2020-14773", "CVE-2020-14774", "CVE-2020-14775", "CVE-2020-14776", "CVE-2020-14777", "CVE-2020-14778", "CVE-2020-14779", "CVE-2020-14780", "CVE-2020-14781", "CVE-2020-14782", "CVE-2020-14783", "CVE-2020-14784", "CVE-2020-14785", "CVE-2020-14786", "CVE-2020-14787", "CVE-2020-14788", "CVE-2020-14789", "CVE-2020-14790", "CVE-2020-14791", "CVE-2020-14792", "CVE-2020-14793", "CVE-2020-14794", "CVE-2020-14795", "CVE-2020-14796", "CVE-2020-14797", "CVE-2020-14798", "CVE-2020-14799", "CVE-2020-14800", "CVE-2020-14801", "CVE-2020-14802", "CVE-2020-14803", "CVE-2020-14804", "CVE-2020-14805", "CVE-2020-14806", "CVE-2020-14807", "CVE-2020-14808", "CVE-2020-14809", "CVE-2020-14810", "CVE-2020-14811", "CVE-2020-14812", "CVE-2020-14813", "CVE-2020-14814", "CVE-2020-14815", "CVE-2020-14816", "CVE-2020-14817", "CVE-2020-14818", "CVE-2020-14819", "CVE-2020-14820", "CVE-2020-14821", "CVE-2020-14822", "CVE-2020-14823", "CVE-2020-14824", "CVE-2020-14825", "CVE-2020-14826", "CVE-2020-14827", "CVE-2020-14828", "CVE-2020-14829", "CVE-2020-14830", "CVE-2020-14831", "CVE-2020-14832", "CVE-2020-14833", "CVE-2020-14834", "CVE-2020-14835", "CVE-2020-14836", "CVE-2020-14837", "CVE-2020-14838", "CVE-2020-14839", "CVE-2020-14840", "CVE-2020-14841", "CVE-2020-14842", "CVE-2020-14843", "CVE-2020-14844", "CVE-2020-14845", "CVE-2020-14846", "CVE-2020-14847", "CVE-2020-14848", "CVE-2020-14849", "CVE-2020-14850", "CVE-2020-14851", "CVE-2020-14852", "CVE-2020-14853", "CVE-2020-14854", "CVE-2020-14855", "CVE-2020-14856", "CVE-2020-14857", "CVE-2020-14858", "CVE-2020-14859", "CVE-2020-14860", "CVE-2020-14861", "CVE-2020-14862", "CVE-2020-14863", "CVE-2020-14864", "CVE-2020-14865", "CVE-2020-14866", "CVE-2020-14867", "CVE-2020-14868", "CVE-2020-14869", "CVE-2020-14870", "CVE-2020-14871", "CVE-2020-14872", "CVE-2020-14873", "CVE-2020-14875", "CVE-2020-14876", "CVE-2020-14877", "CVE-2020-14878", "CVE-2020-14879", "CVE-2020-14880", "CVE-2020-14881", "CVE-2020-14882", "CVE-2020-14883", "CVE-2020-14884", "CVE-2020-14885", "CVE-2020-14886", "CVE-2020-14887", "CVE-2020-14888", "CVE-2020-14889", "CVE-2020-14890", "CVE-2020-14891", "CVE-2020-14892", "CVE-2020-14893", "CVE-2020-14894", "CVE-2020-14895", "CVE-2020-14896", "CVE-2020-14897", "CVE-2020-14898", "CVE-2020-14899", "CVE-2020-14900", "CVE-2020-14901", "CVE-2020-15358", "CVE-2020-15389", "CVE-2020-1730", "CVE-2020-1935", "CVE-2020-1938", "CVE-2020-1941", "CVE-2020-1945", "CVE-2020-1950", "CVE-2020-1951", "CVE-2020-1953", "CVE-2020-1954", "CVE-2020-1967", "CVE-2020-2555", "CVE-2020-3235", "CVE-2020-3909", "CVE-2020-4051", "CVE-2020-5397", "CVE-2020-5398", "CVE-2020-5407", "CVE-2020-5408", "CVE-2020-7067", "CVE-2020-8172", "CVE-2020-8174", "CVE-2020-8840", "CVE-2020-9281", "CVE-2020-9327", "CVE-2020-9409", "CVE-2020-9410", "CVE-2020-9484", "CVE-2020-9488", "CVE-2020-9489", "CVE-2020-9490", "CVE-2020-9546", "CVE-2020-9547", "CVE-2020-9548"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Refer to [\u201cCritical Patch Updates, Security Alerts and Bulletins\u201d](<https://www.oracle.com/security-alerts/>) for information about Oracle Security advisories. \n \nStarting with the October 2020 Critical Patch Update, Oracle lists updates that address vulnerabilities in third-party components which are not exploitable in the context of their inclusion in their respective Oracle product beneath the product's risk matrix. Oracle has published two versions of the October 2020 Critical Patch Update Advisory: this version of the advisory implemented the change in how non-exploitable vulnerabilities in third-party components are reported, and the \u201ctraditional\u201d advisory follows the same format as the previous advisories. The \u201ctraditional\u201d advisory is published at <https://www.oracle.com/security-alerts/cpuoct2020traditional.html>. \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 403 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ October 2020 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2712240.1>).\n", "modified": "2020-12-08T00:00:00", "published": "2020-10-20T00:00:00", "id": "ORACLE:CPUOCT2020", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - October 2020", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}