ID CVE-2020-9799 Type cve Reporter product-security@apple.com Modified 2020-10-19T19:05:00
Description
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges.
{"nessus": [{"lastseen": "2021-04-09T08:45:33", "description": "The remote host is running a version of macOS / Mac OS X that is 10.13.x prior to 10.13.6 Security Update 2020-004,\n10.14.x prior to 10.14.6 Security Update 2020-004, or 10.15.x prior to 10.15.6. It is, therefore, affected by multiple\nvulnerabilities, including the following:\n\n - A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious\n access point, or an adjacent user, to determine if a connected user is using a VPN, make positive\n inferences about the websites they are visiting, and determine the correct sequence and acknowledgement\n numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that\n is needed for an attacker to hijack active connections inside the VPN tunnel. (CVE-2019-14899)\n\n - cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote\n denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an\n off-by-one error in _sasl_add_string in common.c in cyrus-sasl. (CVE-2019-19906)\n\n - In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands\n via scripting interfaces (e.g., Python, Ruby, or Lua). (CVE-2019-20807)\n\n - rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the\n synchronization path. (CVE-2014-9512)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.", "edition": 8, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-10-01T00:00:00", "title": "macOS 10.15.x < 10.15.6 / 10.14.x < 10.14.6 Security Update 2020-004 / 10.13.x < 10.13.6 Security Update 2020-004", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-9871", "CVE-2014-9512", "CVE-2019-19906", "CVE-2020-9884", "CVE-2020-9870", "CVE-2020-9889", "CVE-2020-9905", "CVE-2020-9927", "CVE-2020-9868", "CVE-2020-9874", "CVE-2020-9990", "CVE-2020-11761", "CVE-2020-9883", "CVE-2020-9854", "CVE-2020-9885", "CVE-2020-9928", "CVE-2020-9906", "CVE-2020-9939", "CVE-2020-9984", "CVE-2020-9904", "CVE-2020-11763", "CVE-2020-9929", "CVE-2020-11765", "CVE-2020-9901", "CVE-2020-9891", "CVE-2020-9876", "CVE-2020-9875", "CVE-2020-9887", "CVE-2020-9898", "CVE-2020-9866", "CVE-2020-9908", "CVE-2020-9864", "CVE-2020-9938", "CVE-2020-9940", "CVE-2020-9888", "CVE-2020-9934", "CVE-2019-14899", "CVE-2020-9880", "CVE-2020-9877", "CVE-2020-9919", "CVE-2020-9865", "CVE-2020-11758", "CVE-2020-9863", "CVE-2020-11760", "CVE-2020-9924", "CVE-2019-20807", "CVE-2020-9900", "CVE-2020-9879", "CVE-2020-9878", "CVE-2020-9921", "CVE-2020-9920", "CVE-2020-9985", "CVE-2020-9980", "CVE-2020-11759", "CVE-2020-9882", "CVE-2020-11764", "CVE-2020-9935", "CVE-2020-9913", "CVE-2020-11762", "CVE-2020-9899", "CVE-2020-9799", "CVE-2020-9936", "CVE-2020-9918", "CVE-2020-9902", "CVE-2020-9881", "CVE-2020-9869", "CVE-2020-9892", "CVE-2020-12243", "CVE-2020-9997", "CVE-2020-9994", "CVE-2020-9890", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9937"], "modified": "2020-10-01T00:00:00", "cpe": ["cpe:/o:apple:macos", "cpe:/o:apple:mac_os_x"], "id": "MACOS_HT211289.NASL", "href": "https://www.tenable.com/plugins/nessus/141100", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141100);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/08\");\n\n script_cve_id(\n \"CVE-2014-9512\",\n \"CVE-2019-14899\",\n \"CVE-2019-19906\",\n \"CVE-2019-20807\",\n \"CVE-2020-9799\",\n \"CVE-2020-9854\",\n \"CVE-2020-9863\",\n \"CVE-2020-9864\",\n \"CVE-2020-9865\",\n \"CVE-2020-9866\",\n \"CVE-2020-9868\",\n \"CVE-2020-9869\",\n \"CVE-2020-9870\",\n \"CVE-2020-9871\",\n \"CVE-2020-9872\",\n \"CVE-2020-9873\",\n \"CVE-2020-9874\",\n \"CVE-2020-9875\",\n \"CVE-2020-9876\",\n \"CVE-2020-9877\",\n \"CVE-2020-9878\",\n \"CVE-2020-9879\",\n \"CVE-2020-9880\",\n \"CVE-2020-9881\",\n \"CVE-2020-9882\",\n \"CVE-2020-9883\",\n \"CVE-2020-9884\",\n \"CVE-2020-9885\",\n \"CVE-2020-9887\",\n \"CVE-2020-9888\",\n \"CVE-2020-9889\",\n \"CVE-2020-9890\",\n \"CVE-2020-9891\",\n \"CVE-2020-9892\",\n \"CVE-2020-9898\",\n \"CVE-2020-9899\",\n \"CVE-2020-9900\",\n \"CVE-2020-9901\",\n \"CVE-2020-9902\",\n \"CVE-2020-9904\",\n \"CVE-2020-9905\",\n \"CVE-2020-9906\",\n \"CVE-2020-9908\",\n \"CVE-2020-9913\",\n \"CVE-2020-9918\",\n \"CVE-2020-9919\",\n \"CVE-2020-9920\",\n \"CVE-2020-9921\",\n \"CVE-2020-9924\",\n \"CVE-2020-9927\",\n \"CVE-2020-9928\",\n \"CVE-2020-9929\",\n \"CVE-2020-9934\",\n \"CVE-2020-9935\",\n \"CVE-2020-9936\",\n \"CVE-2020-9937\",\n \"CVE-2020-9938\",\n \"CVE-2020-9939\",\n \"CVE-2020-9940\",\n \"CVE-2020-9980\",\n \"CVE-2020-9984\",\n \"CVE-2020-9985\",\n \"CVE-2020-9990\",\n \"CVE-2020-9994\",\n \"CVE-2020-9997\",\n \"CVE-2020-11758\",\n \"CVE-2020-11759\",\n \"CVE-2020-11760\",\n \"CVE-2020-11761\",\n \"CVE-2020-11762\",\n \"CVE-2020-11763\",\n \"CVE-2020-11764\",\n \"CVE-2020-11765\",\n \"CVE-2020-12243\"\n );\n script_xref(name:\"IAVB\", value:\"2020-B-0053\");\n script_xref(name:\"APPLE-SA\", value:\"HT211289\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2020-07-15\");\n script_xref(name:\"IAVA\", value:\"2020-A-0539-S\");\n\n script_name(english:\"macOS 10.15.x < 10.15.6 / 10.14.x < 10.14.6 Security Update 2020-004 / 10.13.x < 10.13.6 Security Update 2020-004\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a macOS security update\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of macOS / Mac OS X that is 10.13.x prior to 10.13.6 Security Update 2020-004,\n10.14.x prior to 10.14.6 Security Update 2020-004, or 10.15.x prior to 10.15.6. It is, therefore, affected by multiple\nvulnerabilities, including the following:\n\n - A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious\n access point, or an adjacent user, to determine if a connected user is using a VPN, make positive\n inferences about the websites they are visiting, and determine the correct sequence and acknowledgement\n numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that\n is needed for an attacker to hijack active connections inside the VPN tunnel. (CVE-2019-14899)\n\n - cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote\n denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an\n off-by-one error in _sasl_add_string in common.c in cyrus-sasl. (CVE-2019-19906)\n\n - In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands\n via scripting interfaces (e.g., Python, Ruby, or Lua). (CVE-2019-20807)\n\n - rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the\n synchronization path. (CVE-2014-9512)\n\nNote that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT211289\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to macos 10.13.6 Security Update 2020-004 / 10.14.6 Security Update 2020-004 / 10.15.6 or later\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-9918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:macos\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/local_checks_enabled\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras_apple.inc');\n\napp_info = vcf::apple::macos::get_app_info();\n\nconstraints = [\n { 'max_version' : '10.15.5', 'min_version' : '10.15', 'fixed_build': '19G73', 'fixed_display' : 'macOS Catalina 10.15.6' },\n { 'max_version' : '10.13.6', 'min_version' : '10.13', 'fixed_build': '17G14019', 'fixed_display' : '10.13.6 Security Update 2020-004' },\n { 'max_version' : '10.14.6', 'min_version' : '10.14', 'fixed_build': '18G6020', 'fixed_display' : '10.14.6 Security Update 2020-004' }\n];\n\nvcf::apple::macos::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "apple": [{"lastseen": "2020-12-24T20:42:23", "bulletinFamily": "software", "cvelist": ["CVE-2020-9871", "CVE-2014-9512", "CVE-2019-19906", "CVE-2020-9884", "CVE-2020-9870", "CVE-2020-9889", "CVE-2020-9905", "CVE-2020-9927", "CVE-2020-9868", "CVE-2020-9874", "CVE-2020-9990", "CVE-2020-11761", "CVE-2020-9883", "CVE-2020-9854", "CVE-2020-9885", "CVE-2020-9928", "CVE-2020-9906", "CVE-2020-9939", "CVE-2020-9984", "CVE-2020-9904", "CVE-2020-11763", "CVE-2020-9929", "CVE-2020-11765", "CVE-2020-9901", "CVE-2020-9891", "CVE-2020-9876", "CVE-2020-9875", "CVE-2020-9887", "CVE-2020-9898", "CVE-2020-9866", "CVE-2020-9908", "CVE-2020-9864", "CVE-2020-9938", "CVE-2020-9949", "CVE-2020-9940", "CVE-2020-9888", "CVE-2020-9934", "CVE-2020-9930", "CVE-2019-14899", "CVE-2020-9880", "CVE-2020-9877", "CVE-2020-9919", "CVE-2020-9865", "CVE-2020-11758", "CVE-2020-9863", "CVE-2020-9922", "CVE-2020-11760", "CVE-2020-9924", "CVE-2019-20807", "CVE-2020-9900", "CVE-2020-9879", "CVE-2020-9878", "CVE-2020-9921", "CVE-2020-9920", "CVE-2020-9985", "CVE-2020-9980", "CVE-2020-11759", "CVE-2020-9882", "CVE-2020-11764", "CVE-2020-9935", "CVE-2020-9913", "CVE-2020-11762", "CVE-2020-9899", "CVE-2020-9799", "CVE-2020-9936", "CVE-2020-9918", "CVE-2020-9902", "CVE-2020-9881", "CVE-2020-9869", "CVE-2020-9892", "CVE-2020-12243", "CVE-2020-9997", "CVE-2020-9994", "CVE-2020-9890", "CVE-2020-9872", "CVE-2020-9873", "CVE-2020-9937"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra\n\nReleased July 15, 2020\n\n**AMD**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9927: Lilang Wu working with TrendMicro\u2019s Zero Day Initiative\n\nEntry updated August 5, 2020\n\n**Audio**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9884: Yu Zhou(@yuzhou6666) of \u5c0f\u9e21\u5e2e working with Trend Micro Zero Day Initiative\n\nCVE-2020-9889: Anonymous working with Trend Micro\u2019s Zero Day Initiative, JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nEntry updated August 5, 2020\n\n**Audio**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted audio file may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9888: JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9890: JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9891: JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab\n\nEntry updated August 5, 2020\n\n**Bluetooth**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed with improved memory handling.\n\nCVE-2020-9928: Yu Wang of Didi Research America\n\nEntry added August 5, 2020\n\n**Bluetooth**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.5\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-9929: Yu Wang of Didi Research America\n\nEntry added August 5, 2020\n\n**Clang**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Clang may generate machine code that does not correctly enforce pointer authentication codes\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-9870: Samuel Gro\u00df of Google Project Zero\n\n**CoreAudio**\n\nAvailable for: macOS High Sierra 10.13.6\n\nImpact: A buffer overflow may result in arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9866: Yu Zhou of \u5c0f\u9e21\u5e2e and Jundong Xie of Ant-financial Light-Year Security Lab\n\n**Core Bluetooth**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A remote attacker may cause an unexpected application termination\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-9869: Patrick Wardle of Jamf\n\nEntry added August 5, 2020\n\n**CoreCapture**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed with improved memory management.\n\nCVE-2020-9949: Proteas\n\nEntry added November 12, 2020\n\n**CoreFoundation**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A local user may be able to view sensitive user information\n\nDescription: An issue existed in the handling of environment variables. This issue was addressed with improved validation.\n\nCVE-2020-9934: Matt Shockley (linkedin.com/in/shocktop)\n\nEntry updated August 5, 2020\n\n**CoreGraphics**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro\n\nEntry added July 24, 2020, updated November 12, 2020\n\n**Crash Reporter**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A malicious application may be able to break out of its sandbox\n\nDescription: A memory corruption issue was addressed by removing the vulnerable code.\n\nCVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud\n\n**Crash Reporter**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-9900: Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group\n\nEntry added August 5, 2020\n\n**FontParser**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9980: Xingwei Lin of Ant Security Light-Year Lab\n\nEntry added September 21, 2020, updated October 19, 2020\n\n**Graphics Drivers**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9799: ABC Research s.r.o.\n\nEntry updated July 24, 2020\n\n**Heimdal**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A local user may be able to leak sensitive user information\n\nDescription: This issue was addressed with improved data protection.\n\nCVE-2020-9913: Cody Thomas of SpecterOps\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: Multiple buffer overflow issues existed in openEXR\n\nDescription: Multiple issues in openEXR were addressed with improved checks.\n\nCVE-2020-11758: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11759: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11760: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11761: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11762: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11763: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11764: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-11765: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9871: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9872: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9874: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nCVE-2020-9936: Mickey Jin of Trend Micro\n\nCVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab\n\nEntry updated August 5, 2020\n\n**ImageIO**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9919: Mickey Jin of Trend Micro\n\nEntry added July 24, 2020\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2020-9876: Mickey Jin of Trend Micro\n\nEntry added July 24, 2020\n\n**ImageIO**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nEntry added July 24, 2020\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9877: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nEntry added August 5, 2020\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An integer overflow was addressed through improved input validation.\n\nCVE-2020-9875: Mickey Jin of Trend Micro\n\nEntry added August 5, 2020\n\n**ImageIO**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted image may lead to arbitrary code execution\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9873: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9938: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nCVE-2020-9984: an anonymous researcher\n\nEntry added September 21, 2020\n\n**Image Processing**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9887: Mickey Jin of Trend Micro\n\nEntry added September 8, 2020\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9908: Junzhi Lu(@pwn0rz) working with Trend Micro\u2019s Zero Day Initiative\n\nEntry added July 24, 2020, updated August 31, 2020\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A malicious application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition was addressed with additional validation.\n\nCVE-2020-9990: ABC Research s.r.l. working with Trend Micro Zero Day Initiative, ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\nEntry added September 21, 2020\n\n**Intel Graphics Driver**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: A memory corruption issue was addressed with improved memory handling.\n\nCVE-2020-9921: ABC Research s.r.o. working with Trend Micro Zero Day Initiative\n\nEntry added August 5, 2020\n\n**Kernel**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel\n\nDescription: A routing issue was addressed with improved restrictions.\n\nCVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved state management.\n\nCVE-2020-9904: Tielei Wang of Pangu Lab\n\nEntry added July 24, 2020\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9924: Matt DeVore of Google\n\nEntry added July 24, 2020\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A malicious application may be able to execute arbitrary code with system privileges\n\nDescription: Multiple memory corruption issues were addressed with improved state management.\n\nCVE-2020-9892: Andy Nguyen of Google\n\nEntry added July 24, 2020\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory initialization issue was addressed with improved memory handling.\n\nCVE-2020-9863: Xinru Chi of Pangu Lab\n\nEntry updated August 5, 2020\n\n**Kernel**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A malicious application may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read was addressed with improved bounds checking.\n\nCVE-2020-9902: Xinru Chi and Tielei Wang of Pangu Lab\n\nEntry added August 5, 2020\n\n**Kernel**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9905: Raz Mashat (@RazMashat) of ZecOps\n\nEntry added August 5, 2020\n\n**Kernel**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A malicious application may disclose restricted memory\n\nDescription: An information disclosure issue was addressed with improved state management.\n\nCVE-2020-9997: Catalin Valeriu Lita of SecurityScorecard\n\nEntry added September 21, 2020\n\n**libxpc**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: A malicious application may be able to overwrite arbitrary files\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-9994: Apple\n\nEntry added September 21, 2020\n\n**Login Window**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A user may be unexpectedly logged in to another user\u2019s account\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9935: an anonymous researcher\n\nEntry added September 21, 2020\n\n**Mail**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: An out-of-bounds write issue was addressed with improved bounds checking.\n\nCVE-2019-19906\n\nEntry added July 24, 2020, updated September 8, 2020\n\n**Mail**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A malicious mail server may overwrite arbitrary mail files\n\nDescription: A path handling issue was addressed with improved validation.\n\nCVE-2020-9920: YongYue Wang AKA BigChan of Hillstone Networks AF Team\n\nEntry added July 24, 2020\n\n**Mail**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted email may lead to writing arbitrary files\n\nDescription: A logic issue was addressed with improved state management.\n\nCVE-2020-9922: Mikko Kentt\u00e4l\u00e4 (@Turmio_) of SensorFu\n\nEntry added November 12, 2020\n\n**Messages**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A user that is removed from an iMessage group could rejoin the group\n\nDescription: An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification.\n\nCVE-2020-9885: an anonymous researcher, Suryansh Mansharamani, of WWP High School North (medium.com/@suryanshmansha)\n\n**Model I/O**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9878: Holger Fuhrmannek of Deutsche Telekom Security\n\n**Model I/O**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow was addressed with improved bounds checking.\n\nCVE-2020-9880: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry added July 24, 2020, updated September 21, 2020\n\n**Model I/O**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.5\n\nImpact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow issue was addressed with improved memory handling.\n\nCVE-2020-9878: Aleksandar Nikolic of Cisco Talos, Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9881: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9882: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9940: Holger Fuhrmannek of Deutsche Telekom Security\n\nCVE-2020-9985: Holger Fuhrmannek of Deutsche Telekom Security\n\nEntry added July 24, 2020, updated September 21, 2020\n\n**OpenLDAP**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-12243\n\nEntry added September 21, 2020\n\n**rsync**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: A remote attacker may be able to overwrite existing files\n\nDescription: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.\n\nCVE-2014-9512: gaojianfeng\n\nEntry added July 24, 2020\n\n**Sandbox**\n\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.5\n\nImpact: A local user may be able to cause unexpected system termination or read kernel memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9930: Zhiyi Zhang from Codesafe Team of Legendsec at Qi'anxin Group\n\nEntry added December 15, 2020\n\n**Sandbox**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A local user may be able to load unsigned kernel extensions\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2020-9939: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\nEntry added August 5, 2020\n\n**Security**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A logic issue was addressed with improved restrictions.\n\nCVE-2020-9864: Alexander Holodny\n\n**Security**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate\n\nDescription: A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation.\n\nCVE-2020-9868: Brian Wolff of Asana\n\nEntry added July 24, 2020\n\n**Security**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6\n\nImpact: An application may be able to gain elevated privileges\n\nDescription: A logic issue was addressed with improved validation.\n\nCVE-2020-9854: Ilias Morad (A2nkF)\n\nEntry added July 24, 2020\n\n**sysdiagnose**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A local attacker may be able to elevate their privileges\n\nDescription: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.\n\nCVE-2020-9901: Tim Michaud (@TimGMichaud) of Leviathan, Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group\n\nEntry added August 5, 2020, updated August 31, 2020\n\n**Vim**\n\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6\n\nImpact: A remote attacker may be able to cause arbitrary code execution\n\nDescription: This issue was addressed with improved checks.\n\nCVE-2019-20807: Guilherme de Almeida Suckevicz\n\n**WebDAV**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: A sandboxed process may be able to circumvent sandbox restrictions\n\nDescription: This issue was addressed with improved entitlements.\n\nCVE-2020-9898: Sreejith Krishnan R (@skr0x1C0)\n\nEntry added September 8, 2020\n\n**Wi-Fi**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: An out-of-bounds read was addressed with improved input validation.\n\nCVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn)\n\n**Wi-Fi**\n\nAvailable for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9899: Yu Wang of Didi Research America\n\nEntry added July 24, 2020\n\n**Wi-Fi**\n\nAvailable for: macOS Catalina 10.15.5\n\nImpact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory\n\nDescription: A memory corruption issue was addressed with improved input validation.\n\nCVE-2020-9906: Ian Beer of Google Project Zero\n\nEntry added July 24, 2020\n\n\n\n## Additional recognition\n\n**CoreFoundation**\n\nWe would like to acknowledge Bobby Pelletier for their assistance.\n\nEntry added September 8, 2020\n\n**ImageIO**\n\nWe would like to acknowledge Xingwei Lin of Ant-financial Light-Year Security Lab for their assistance.\n\nEntry added September 21, 2020\n\n**Siri**\n\nWe would like to acknowledge Yuval Ron, Amichai Shulman, and Eli Biham of the Technion - Israel Institute of Technology for their assistance.\n\nEntry added August 5, 2020\n\n**USB Audio**\n\nWe would like to acknowledge Andy Davis of NCC Group for their assistance.\n", "edition": 13, "modified": "2020-12-15T06:08:19", "published": "2020-12-15T06:08:19", "id": "APPLE:HT211289", "href": "https://support.apple.com/kb/HT211289", "title": "About the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra - Apple Support", "type": "apple", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
