ID CVE-2020-9793 Type cve Reporter cve@mitre.org Modified 2020-06-11T17:29:00
Description
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause arbitrary code execution.
{"openvas": [{"lastseen": "2020-07-21T19:27:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-9827", "CVE-2020-9792", "CVE-2020-9856", "CVE-2020-9791", "CVE-2020-9824", "CVE-2020-9844", "CVE-2020-9852", "CVE-2020-3882", "CVE-2020-3878", "CVE-2020-9804", "CVE-2020-9831", "CVE-2020-9788", "CVE-2020-9815", "CVE-2020-9855", "CVE-2020-9825", "CVE-2020-9851", "CVE-2020-9793", "CVE-2020-9794"], "description": "This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.", "modified": "2020-07-16T00:00:00", "published": "2020-05-27T00:00:00", "id": "OPENVAS:1361412562310817130", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817130", "type": "openvas", "title": "Apple MacOSX Security Updates(HT211170) - 01", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817130\");\n script_version(\"2020-07-16T11:59:37+0000\");\n script_cve_id(\"CVE-2020-9815\", \"CVE-2020-9788\", \"CVE-2020-9831\", \"CVE-2020-9852\",\n \"CVE-2020-9856\", \"CVE-2020-9855\", \"CVE-2020-3882\", \"CVE-2020-9793\",\n \"CVE-2020-9844\", \"CVE-2020-9804\", \"CVE-2020-9791\", \"CVE-2020-9792\",\n \"CVE-2020-9827\", \"CVE-2020-9794\", \"CVE-2020-9824\", \"CVE-2020-9825\",\n \"CVE-2020-9851\", \"CVE-2020-3878\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-16 11:59:37 +0000 (Thu, 16 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-27 12:16:54 +0530 (Wed, 27 May 2020)\");\n script_name(\"Apple MacOSX Security Updates(HT211170) - 01\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Multiple out-of-bounds read errors.\n\n - Insufficient input sanitization.\n\n - An integer overflow.\n\n - Insufficient validation of symlinks.\n\n - A memory corruption issue.\n\n - A double free error.\n\n - A logic issue.\n\n - An error in sandbox restrictions.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, execute arbitrary javascript code, gain access to\n sensitive information, gain elevated privileges, conduct a DoS attck, modify\n restricted network settings and bypass security restrictions.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X versions 10.15.x through 10.15.4\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Mac OS X 10.15.5 or later.\n Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT211170\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"ssh_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.15\" || \"Mac OS X\" >!< osName)\n exit(0);\n\nif(osVer =~ \"^10\\.15\")\n{\n if(version_in_range(version:osVer, test_version:\"10.15\", test_version2:\"10.15.4\"))\n {\n report = report_fixed_ver(installed_version:osVer, fixed_version:\"10.15.5\");\n security_message(data:report);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-10-03T15:12:05", "description": "The remote host is running a version of macOS / Mac OS X that is 10.15.x prior to 10.15.5, 10.13.x prior to 10.13.6\nSecurity Update 2020-003, 10.14.x prior to 10.14.6 Security Update 2020-003. It is, therefore, affected by multiple\nvulnerabilities:\n\n - In ksh version 20120801, a flaw was found in the way it\n evaluates certain environment variables. An attacker\n could use this flaw to override or bypass environment\n restrictions to execute shell commands. Services and\n applications that allow remote unauthenticated attackers\n to provide one of those environment variables could\n allow them to exploit this issue remotely.\n (CVE-2019-14868)\n\n - In Zsh before 5.8, attackers able to execute commands\n can regain privileges dropped by the --no-PRIVILEGED\n option. Zsh fails to overwrite the saved uid, so the\n original privileges can be restored by executing\n MODULE_PATH=/dir/with/module zmodload with a module that\n calls setuid(). (CVE-2019-20044)\n\n - An out-of-bounds read was addressed with improved input\n validation. This issue is fixed in iOS 13.3.1 and iPadOS\n 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS\n 6.1.2. Processing a maliciously crafted image may lead\n to arbitrary code execution. (CVE-2020-3878)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.", "edition": 7, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-05-28T00:00:00", "title": "macOS 10.15.x < 10.15.5 / 10.14.x < 10.14.6 Security Update 2020-003 / 10.13.x < 10.13.6 Security Update 2020-003", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-9822", "CVE-2020-9827", "CVE-2020-9817", "CVE-2020-9857", "CVE-2020-9771", "CVE-2020-9792", "CVE-2020-9772", "CVE-2020-9828", "CVE-2020-9856", "CVE-2020-9837", "CVE-2020-9791", "CVE-2020-9824", "CVE-2020-9844", "CVE-2020-9832", "CVE-2020-9852", "CVE-2020-9834", "CVE-2019-14868", "CVE-2020-3882", "CVE-2020-9826", "CVE-2020-9812", "CVE-2020-3878", "CVE-2020-9839", "CVE-2020-9804", "CVE-2020-9795", "CVE-2020-9831", "CVE-2020-9813", "CVE-2020-9821", "CVE-2020-9788", "CVE-2020-9809", "CVE-2020-9842", "CVE-2020-9815", "CVE-2020-9790", "CVE-2020-9855", "CVE-2020-9830", "CVE-2020-9841", "CVE-2020-9833", "CVE-2020-9825", "CVE-2020-9808", "CVE-2020-9851", "CVE-2020-9811", "CVE-2020-9793", "CVE-2019-20044", "CVE-2020-9814", "CVE-2020-9816", "CVE-2020-9789", "CVE-2020-9797", "CVE-2020-9847", "CVE-2020-9794"], "modified": "2020-05-28T00:00:00", "cpe": ["cpe:/o:apple:macos", "cpe:/o:apple:mac_os_x"], "id": "MACOS_HT211170.NASL", "href": "https://www.tenable.com/plugins/nessus/136930", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136930);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/02\");\n\n script_cve_id(\n \"CVE-2019-14868\",\n \"CVE-2019-20044\",\n \"CVE-2020-3878\",\n \"CVE-2020-3882\",\n \"CVE-2020-9771\",\n \"CVE-2020-9772\",\n \"CVE-2020-9788\",\n \"CVE-2020-9789\",\n \"CVE-2020-9790\",\n \"CVE-2020-9791\",\n \"CVE-2020-9792\",\n \"CVE-2020-9793\",\n \"CVE-2020-9794\",\n \"CVE-2020-9795\",\n \"CVE-2020-9797\",\n \"CVE-2020-9804\",\n \"CVE-2020-9808\",\n \"CVE-2020-9809\",\n \"CVE-2020-9811\",\n \"CVE-2020-9812\",\n \"CVE-2020-9813\",\n \"CVE-2020-9814\",\n \"CVE-2020-9815\",\n \"CVE-2020-9816\",\n \"CVE-2020-9817\",\n \"CVE-2020-9821\",\n \"CVE-2020-9822\",\n \"CVE-2020-9824\",\n \"CVE-2020-9825\",\n \"CVE-2020-9826\",\n \"CVE-2020-9827\",\n \"CVE-2020-9828\",\n \"CVE-2020-9830\",\n \"CVE-2020-9831\",\n \"CVE-2020-9832\",\n \"CVE-2020-9833\",\n \"CVE-2020-9834\",\n \"CVE-2020-9837\",\n \"CVE-2020-9839\",\n \"CVE-2020-9841\",\n \"CVE-2020-9842\",\n \"CVE-2020-9844\",\n \"CVE-2020-9847\",\n \"CVE-2020-9851\",\n \"CVE-2020-9852\",\n \"CVE-2020-9855\",\n \"CVE-2020-9856\",\n \"CVE-2020-9857\"\n );\n script_xref(name:\"APPLE-SA\", value:\"HT211170\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2020-05-18\");\n script_xref(name:\"IAVA\", value:\"2020-A-0227-S\");\n\n script_name(english:\"macOS 10.15.x < 10.15.5 / 10.14.x < 10.14.6 Security Update 2020-003 / 10.13.x < 10.13.6 Security Update 2020-003\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS update that fixes multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is 10.15.x prior to 10.15.5, 10.13.x prior to 10.13.6\nSecurity Update 2020-003, 10.14.x prior to 10.14.6 Security Update 2020-003. It is, therefore, affected by multiple\nvulnerabilities:\n\n - In ksh version 20120801, a flaw was found in the way it\n evaluates certain environment variables. An attacker\n could use this flaw to override or bypass environment\n restrictions to execute shell commands. Services and\n applications that allow remote unauthenticated attackers\n to provide one of those environment variables could\n allow them to exploit this issue remotely.\n (CVE-2019-14868)\n\n - In Zsh before 5.8, attackers able to execute commands\n can regain privileges dropped by the --no-PRIVILEGED\n option. Zsh fails to overwrite the saved uid, so the\n original privileges can be restored by executing\n MODULE_PATH=/dir/with/module zmodload with a module that\n calls setuid(). (CVE-2019-20044)\n\n - An out-of-bounds read was addressed with improved input\n validation. This issue is fixed in iOS 13.3.1 and iPadOS\n 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS\n 6.1.2. Processing a maliciously crafted image may lead\n to arbitrary code execution. (CVE-2020-3878)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT211170\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macOS 10.15.5 / 10.14.x < 10.14.6 Security Update 2020-003 / 10.13.x < 10.13.6 Security Update 2020-003 or\nlater\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9852\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Safari in Operator Side Effect Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('lists.inc');\ninclude('vcf_extras_apple.inc'); \n\napp_info = vcf::apple::macos::get_app_info();\n\nconstraints = [\n { 'max_version' : '10.15.4', 'min_version' : '10.15', 'fixed_build' : '19F96', 'fixed_display' : 'macOS Catalina 10.15.5' },\n { 'max_version' : '10.13.6', 'min_version' : '10.13', 'fixed_build' : '17G13033', 'fixed_display' : '10.13.6 Security Update 2020-003' },\n { 'max_version' : '10.14.6', 'min_version' : '10.14', 'fixed_build' : '18G5033', 'fixed_display' : '10.14.6 Security Update 2020-003' }\n];\n\nvcf::apple::macos::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "apple": [{"lastseen": "2020-12-24T20:43:20", "bulletinFamily": "software", "cvelist": ["CVE-2020-9822", "CVE-2020-9827", "CVE-2020-9817", "CVE-2014-9512", "CVE-2020-9857", "CVE-2020-9771", "CVE-2020-9792", "CVE-2020-9772", "CVE-2020-9779", "CVE-2020-9828", "CVE-2020-9856", "CVE-2020-9837", "CVE-2020-9791", "CVE-2020-9824", "CVE-2020-9844", "CVE-2020-9832", "CVE-2020-9852", "CVE-2020-9854", "CVE-2020-9834", "CVE-2019-14868", "CVE-2020-3882", "CVE-2020-9826", "CVE-2020-9812", "CVE-2020-3878", "CVE-2020-9839", "CVE-2020-9804", "CVE-2020-9795", "CVE-2020-9831", "CVE-2020-9813", "CVE-2020-9821", "CVE-2020-9788", "CVE-2020-9809", "CVE-2020-9842", "CVE-2020-9796", "CVE-2020-9815", "CVE-2020-9790", "CVE-2020-9855", "CVE-2020-9830", "CVE-2020-9841", "CVE-2020-9833", "CVE-2020-9825", "CVE-2020-9810", "CVE-2020-9808", "CVE-2020-9851", "CVE-2020-9811", "CVE-2020-9793", "CVE-2019-20044", "CVE-2020-9814", "CVE-2020-9816", "CVE-2020-9789", "CVE-2020-9797", "CVE-2020-9847", "CVE-2020-9794", "CVE-2020-9994"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra\n\nReleased May 26, 2020\n\n**Accounts**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed with improved input validation.\n\nCVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt\n\n**Accounts**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9772: Allison Husain of UC Berkeley\n\n**AirDrop**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed with improved input validation.\n\nCVE-2020-9826: Dor Hadad of Palo Alto Networks\n\n**AppleMobileFileIntegrity**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4\n\nImpact: A malicious application could interact with system processes to access private information and perform privileged actions\n\nDescription: An entitlement parsing issue was addressed with improved parsing.\n\nCVE-2020-9842: Linus Henze (pinauten.de)\n\n**AppleUSBNetworking**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: Inserting a USB device that sends invalid messages may cause a kernel panic\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9804: Andy Davis of NCC Group\n\n**Audio**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative\n\n**Audio**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative\n\n**Bluetooth**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9831: Yu Wang of Didi Research America\n\n**Bluetooth**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9779: Yu Wang of Didi Research America\n\nEntry added September 21, 2020\n\n**Calendar**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: Importing a maliciously crafted calendar invitation may exfiltrate user information\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-3882: Andy Grant of NCC Group\n\n**CoreBluetooth**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: A remote attacker may be able to leak sensitive user information\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9828: Jianjun Dai of Qihoo 360 Alpha Lab\n\n**CVMS**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9856: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\n**DiskArbitration**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9847: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud (bugcloud.360.cn)\n\n**Find My**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.\n\nCVE-2020-9855: Zhongcheng Li(CK01) of Topsec Alpha Team\n\n**FontParser**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend Micro Zero Day Initiative\n\n**ImageIO**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-3878: Samuel Gro\u00df of Google Project Zero\n\n**ImageIO**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9789: Wenchao Li of VARAS@IIE\n\nCVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab\n\n**Intel Graphics Driver**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9822: ABC Research s.r.o\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2020-9796: ABC Research s.r.o.\n\nEntry added July 28, 2020\n\n**IPSec**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4\n\nImpact: A remote attacker may be able to leak memory\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9837: Thijs Alkemade of Computest\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to determine another application's memory layout\n\nDescription: An information disclosure issue was addressed by removing the vulnerable code.\n\nCVE-2020-9797: an anonymous researcher\n\n**Kernel**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: An application may be able to cause unexpected system termination or write kernel memory\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.4\n\nImpact: A local user may be able to read kernel memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9811: Tielei Wang of Pangu Lab\n\nCVE-2020-9812: derrek (@derrekr6)\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A logic issue existed resulting in memory corruption. This was addressed with improved state management.\n\nCVE-2020-9813: Xinru Chi of Pangu Lab\n\nCVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab\n\n**Kernel**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9809: Benjamin Randazzo (@____benjamin)\n\n**ksh**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A local user may be able to execute arbitrary shell commands\n\nDescription: An issue existed in the handling of environment variables. This issue was addressed with improved validation.\n\nCVE-2019-14868\n\n**libxpc**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to overwrite arbitrary files\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-9994: Apple\n\nEntry added September 21, 2020\n\n**NSURL**\n\nAvailable for: macOS Mojave 10.14.6\n\nImpact: A malicious website may be able to exfiltrate autofilled data in Safari\n\nDescription: An issue existed in the parsing of URLs. This issue was addressed with improved input validation.\n\nCVE-2020-9857: Dlive of Tencent Security Xuanwu Lab\n\n**PackageKit**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to gain root privileges\n\nDescription: A permissions issue existed. This issue was addressed with improved permission validation.\n\nCVE-2020-9817: Andy Grant of NCC Group\n\n**PackageKit**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to modify protected parts of the file system\n\nDescription: An access issue was addressed with improved access restrictions.\n\nCVE-2020-9851: an anonymous researcher, Linus Henze (pinauten.de)\n\nEntry updated July 15, 2020\n\n**Python**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9793\n\n**rsync**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A remote attacker may be able to overwrite existing files\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.\n\nCVE-2014-9512: gaojianfeng\n\nEntry added July 28, 2020\n\n**Sandbox**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to bypass Privacy preferences\n\nDescription: An access issue was addressed with additional sandbox restrictions.\n\nCVE-2020-9825: Sreejith Krishnan R (@skr0x1C0)\n\n**Sandbox**\n\nAvailable for: macOS Mojave 10.14.6\n\nImpact: A user may gain access to protected parts of the file system\n\nDescription: This issue was addressed with a new entitlement.\n\nCVE-2020-9771: Csaba Fitzl (@theevilbit) of Offensive Security\n\n**Security**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A file may be incorrectly rendered to execute JavaScript\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2020-9788: Wojciech Regu\u0142a of SecuRing (wojciechregula.blog)\n\nEntry updated July 15, 2020\n\n**Security**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-9854: Ilias Morad (A2nkF)\n\nEntry added July 28, 2020\n\n**SIP**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A non-privileged user may be able to modify restricted network settings\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9824: @jamestraynor, Csaba Fitzl (@theevilbit) of Offensive Security\n\nEntry updated June 10, 2020\n\n**Software Update**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A person with physical access to a Mac may be able to bypass Login Window\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9810: Francis @francisschmaltz\n\nEntry added July 15, 2020\n\n**SQLite**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A malicious application may cause a denial of service or potentially disclose memory contents\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9794\n\n**System Preferences**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A race condition was addressed with improved state handling.\n\nCVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\n**USB Audio**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A USB device may be able to cause a denial of service\n\nDescription: A validation issue was addressed with improved input sanitization.\n\nCVE-2020-9792: Andy Davis of NCC Group\n\n**Wi-Fi**\n\nAvailable for: macOS Catalina 10.15.4\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: A double free issue was addressed with improved memory management.\n\nCVE-2020-9844: Ian Beer of Google Project Zero\n\n**Wi-Fi**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9830: Tielei Wang of Pangu Lab\n\n**Wi-Fi**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9834: Yu Wang of Didi Research America\n\n**Wi-Fi**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A local user may be able to read kernel memory\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2020-9833: Yu Wang of Didi Research America\n\n**Wi-Fi**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9832: Yu Wang of Didi Research America\n\n**WindowServer**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: An integer overflow was addressed with improved input validation.\n\nCVE-2020-9841: ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\n**zsh**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An authorization issue was addressed with improved state management.\n\nCVE-2019-20044: Sam Foxman\n\n\n\n## Additional recognition\n\n**CoreBluetooth**\n\nWe would like to acknowledge Maximilian von Tschirschnitz (@maxinfosec1) of Technical University Munich and Ludwig Peuckert of Technical University Munich for their assistance.\n\n**CoreText**\n\nWe would like to acknowledge Jiska Classen (@naehrdine) and Dennis Heinze (@ttdennis) of Secure Mobile Networking Lab for their assistance.\n\n**Endpoint Security**\n\nWe would like to acknowledge an anonymous researcher for their assistance.\n\n**ImageIO**\n\n****We would like to acknowledge Lei Sun for their assistance.\n\n**IOHIDFamily**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n\n**IPSec**\n\nWe would like to acknowledge Thijs Alkemade of Computest for their assistance.\n\n**Login Window**\n\nWe would like to acknowledge Jon Morby and an anonymous researcher for their assistance.\n\n**Sandbox**\n\nWe would like to acknowledge Jason L Lang of Optum for their assistance.\n\n**Spotlight**\n\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.\n", "edition": 7, "modified": "2020-09-21T04:32:17", "published": "2020-09-21T04:32:17", "id": "APPLE:HT211170", "href": "https://support.apple.com/kb/HT211170", "title": "About the security content of macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra - Apple Support", "type": "apple", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}