Multiple vulnerabilities in Apple macOS



Published: 2020-01-28 | Updated: 2021-05-19
Risk Medium
Patch available YES
Number of vulnerabilities 20
CVE ID CVE-2020-3847
CVE-2020-3850
CVE-2020-3849
CVE-2020-3848
CVE-2020-3866
CVE-2020-3857
CVE-2020-3851
CVE-2020-3840
CVE-2020-3837
CVE-2020-3845
CVE-2020-3880
CVE-2020-3870
CVE-2020-3826
CVE-2020-3827
CVE-2020-9774
CVE-2020-3863
CVE-2020-3835
CVE-2020-3853
CVE-2020-3872
CVE-2020-3875
CWE ID CWE-125
CWE-119
CWE-552
CWE-416
CWE-193
CWE-276
CWE-61
CWE-843
CWE-665
CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
macOS
Operating systems & Components / Operating system

Vendor Apple Inc.

Security Advisory

1) Out-of-bounds read

Risk: Low

CVSSv3.1: 3.1 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3847

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary error within CoreBluetooth subsystem. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system.

Successful exploitation of this vulnerability requires physical proximity.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.13 17A365, 10.13 17A405, 10.13.1 17B48, 10.13.1 17B1002, 10.13.1 17B1003, 10.13.2 17C88, 10.13.2 17C89, 10.13.2 17C205, 10.13.2 17C2205, 10.13.3 17D47, 10.13.3 17D102, 10.13.3 17D2047, 10.13.3 17D2102, 10.13.4 17E199, 10.13.4 17E202, 10.13.5 17F77, 10.13.6 17G66, 10.13.6 17G2208, 10.13.6 17G3025, 10.13.6 17G4015, 10.13.6 17G5019, 10.13.6 17G6029, 10.13.6 17G6030, 10.13.6 17G7024, 10.13.6 17G8029, 10.13.6 17G8030, 10.13.6 17G8037, 10.13.6 17G9016, 10.13.6 17G10021, 10.14 18A391, 10.14.1 18B75, 10.14.1 18B2107, 10.14.1 18B3094, 10.14.2 18C54, 10.14.3 18D42, 10.14.3 18D43, 10.14.3 18D109, 10.14.4 18E226, 10.14.4 18E227, 10.14.5 18F132, 10.14.6 18G84, 10.14.6 18G87, 10.14.6 18G95, 10.14.6 18G103, 10.14.6 18G1012, 10.14.6 18G2022, 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57

CPE External links

https://support.apple.com/en-us/HT210919

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3850

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within CoreBluetooth subsystem. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires physical proximity.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.13 17A365, 10.13 17A405, 10.13.1 17B48, 10.13.1 17B1002, 10.13.1 17B1003, 10.13.2 17C88, 10.13.2 17C89, 10.13.2 17C205, 10.13.2 17C2205, 10.13.3 17D47, 10.13.3 17D102, 10.13.3 17D2047, 10.13.3 17D2102, 10.13.4 17E199, 10.13.4 17E202, 10.13.5 17F77, 10.13.6 17G66, 10.13.6 17G2208, 10.13.6 17G3025, 10.13.6 17G4015, 10.13.6 17G5019, 10.13.6 17G6029, 10.13.6 17G6030, 10.13.6 17G7024, 10.13.6 17G8029, 10.13.6 17G8030, 10.13.6 17G8037, 10.13.6 17G9016, 10.13.6 17G10021, 10.14 18A391, 10.14.1 18B75, 10.14.1 18B2107, 10.14.1 18B3094, 10.14.2 18C54, 10.14.3 18D42, 10.14.3 18D43, 10.14.3 18D109, 10.14.4 18E226, 10.14.4 18E227, 10.14.5 18F132, 10.14.6 18G84, 10.14.6 18G87, 10.14.6 18G95, 10.14.6 18G103, 10.14.6 18G1012, 10.14.6 18G2022, 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57

CPE External links

https://support.apple.com/en-us/HT210919

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3849

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within CoreBluetooth subsystem. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires physical proximity.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.13 17A365, 10.13 17A405, 10.13.1 17B48, 10.13.1 17B1002, 10.13.1 17B1003, 10.13.2 17C88, 10.13.2 17C89, 10.13.2 17C205, 10.13.2 17C2205, 10.13.3 17D47, 10.13.3 17D102, 10.13.3 17D2047, 10.13.3 17D2102, 10.13.4 17E199, 10.13.4 17E202, 10.13.5 17F77, 10.13.6 17G66, 10.13.6 17G2208, 10.13.6 17G3025, 10.13.6 17G4015, 10.13.6 17G5019, 10.13.6 17G6029, 10.13.6 17G6030, 10.13.6 17G7024, 10.13.6 17G8029, 10.13.6 17G8030, 10.13.6 17G8037, 10.13.6 17G9016, 10.13.6 17G10021, 10.14 18A391, 10.14.1 18B75, 10.14.1 18B2107, 10.14.1 18B3094, 10.14.2 18C54, 10.14.3 18D42, 10.14.3 18D43, 10.14.3 18D109, 10.14.4 18E226, 10.14.4 18E227, 10.14.5 18F132, 10.14.6 18G84, 10.14.6 18G87, 10.14.6 18G95, 10.14.6 18G103, 10.14.6 18G1012, 10.14.6 18G2022, 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57

CPE External links

https://support.apple.com/en-us/HT210919

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer overflow

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3848

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within CoreBluetooth subsystem. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires physical proximity.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.13 17A365, 10.13 17A405, 10.13.1 17B48, 10.13.1 17B1002, 10.13.1 17B1003, 10.13.2 17C88, 10.13.2 17C89, 10.13.2 17C205, 10.13.2 17C2205, 10.13.3 17D47, 10.13.3 17D102, 10.13.3 17D2047, 10.13.3 17D2102, 10.13.4 17E199, 10.13.4 17E202, 10.13.5 17F77, 10.13.6 17G66, 10.13.6 17G2208, 10.13.6 17G3025, 10.13.6 17G4015, 10.13.6 17G5019, 10.13.6 17G6029, 10.13.6 17G6030, 10.13.6 17G7024, 10.13.6 17G8029, 10.13.6 17G8030, 10.13.6 17G8037, 10.13.6 17G9016, 10.13.6 17G10021, 10.14 18A391, 10.14.1 18B75, 10.14.1 18B2107, 10.14.1 18B3094, 10.14.2 18C54, 10.14.3 18D42, 10.14.3 18D43, 10.14.3 18D109, 10.14.4 18E226, 10.14.4 18E227, 10.14.5 18F132, 10.14.6 18G84, 10.14.6 18G87, 10.14.6 18G95, 10.14.6 18G103, 10.14.6 18G1012, 10.14.6 18G2022, 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57

CPE External links

https://support.apple.com/en-us/HT210919

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Files or Directories Accessible to External Parties

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3866

CWE-ID: CWE-552 - Files or Directories Accessible to External Parties

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error in autofs implementation when performing searches and opening files from an attacker controlled NFS mount. A remote attacker can trick the victim to open a file and bypass Gatekeeper restrictions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57

CPE External links

https://support.apple.com/en-us/HT210919

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer overflow

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3857

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Audio subsystem. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary cod on the system with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57

CPE External links

https://support.apple.com/en-us/HT210919

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3851

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in IOThunderboltFamily subsystem. A local user can run a specially crafted program to trigger a use-after-free error and execute arbitrary code with elevated privileges.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.13 17A365, 10.13 17A405, 10.13.1 17B48, 10.13.1 17B1002, 10.13.1 17B1003, 10.13.2 17C88, 10.13.2 17C89, 10.13.2 17C205, 10.13.2 17C2205, 10.13.3 17D47, 10.13.3 17D102, 10.13.3 17D2047, 10.13.3 17D2102, 10.13.4 17E199, 10.13.4 17E202, 10.13.5 17F77, 10.13.6 17G66, 10.13.6 17G2208, 10.13.6 17G3025, 10.13.6 17G4015, 10.13.6 17G5019, 10.13.6 17G6029, 10.13.6 17G6030, 10.13.6 17G7024, 10.13.6 17G8029, 10.13.6 17G8030, 10.13.6 17G8037, 10.13.6 17G9016, 10.13.6 17G10021, 10.13.6 17G11023, 10.14 18A391, 10.14.1 18B75, 10.14.1 18B2107, 10.14.1 18B3094, 10.14.2 18C54, 10.14.3 18D42, 10.14.3 18D43, 10.14.3 18D109, 10.14.4 18E226, 10.14.4 18E227, 10.14.5 18F132, 10.14.6 18G84, 10.14.6 18G87, 10.14.6 18G95, 10.14.6 18G103, 10.14.6 18G1012, 10.14.6 18G2022, 10.14.6 18G3020, 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57

CPE External links

https://support.apple.com/en-us/HT210919
https://support.apple.com/en-us/HT211100

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Off-by-one

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3840

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an off-by-one error when processing racoon configuration files in IPSec implementation. A local user can trigger an off-by-one error with a specially crafted racoon file and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57

CPE External links

https://support.apple.com/en-us/HT210919

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3837

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within IOAcceleratorFamily. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with kernel privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57

CPE External links

https://support.apple.com/en-us/HT210919

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer overflow

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3845

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in Intel Graphics Driver. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.14 18A391, 10.14.1 18B75, 10.14.1 18B2107, 10.14.1 18B3094, 10.14.2 18C54, 10.14.3 18D42, 10.14.3 18D43, 10.14.3 18D109, 10.14.4 18E226, 10.14.4 18E227, 10.14.5 18F132, 10.14.6 18G84, 10.14.6 18G87, 10.14.6 18G95, 10.14.6 18G103, 10.14.6 18G1012, 10.14.6 18G2022, 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57

CPE External links

https://support.apple.com/en-us/HT210919

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Out-of-bounds read

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3880

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing JPEG files in ImageIO. A remote attacker can create a specially crafted JPEG file, trick the victim into opening it, trigger an out-of-bounds read error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.13 17A365, 10.13 17A405, 10.13.1 17B48, 10.13.1 17B1002, 10.13.1 17B1003, 10.13.2 17C88, 10.13.2 17C89, 10.13.2 17C205, 10.13.2 17C2205, 10.13.3 17D47, 10.13.3 17D102, 10.13.3 17D2047, 10.13.3 17D2102, 10.13.4 17E199, 10.13.4 17E202, 10.13.5 17F77, 10.13.6 17G66, 10.13.6 17G2208, 10.13.6 17G3025, 10.13.6 17G4015, 10.13.6 17G5019, 10.13.6 17G6029, 10.13.6 17G6030, 10.13.6 17G7024, 10.13.6 17G8029, 10.13.6 17G8030, 10.13.6 17G8037, 10.13.6 17G9016, 10.13.6 17G10021, 10.14 18A391, 10.14.1 18B75, 10.14.1 18B2107, 10.14.1 18B3094, 10.14.2 18C54, 10.14.3 18D42, 10.14.3 18D43, 10.14.3 18D109, 10.14.4 18E226, 10.14.4 18E227, 10.14.5 18F132, 10.14.6 18G84, 10.14.6 18G87, 10.14.6 18G95, 10.14.6 18G103, 10.14.6 18G1012, 10.14.6 18G2022, 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57

CPE External links

https://support.apple.com/en-us/HT210919

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Out-of-bounds read

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3870

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing JPEG files in ImageIO. A remote attacker can create a specially crafted JPEG file, trick the victim into opening it, trigger an out-of-bounds read error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.13 17A365, 10.13 17A405, 10.13.1 17B48, 10.13.1 17B1002, 10.13.1 17B1003, 10.13.2 17C88, 10.13.2 17C89, 10.13.2 17C205, 10.13.2 17C2205, 10.13.3 17D47, 10.13.3 17D102, 10.13.3 17D2047, 10.13.3 17D2102, 10.13.4 17E199, 10.13.4 17E202, 10.13.5 17F77, 10.13.6 17G66, 10.13.6 17G2208, 10.13.6 17G3025, 10.13.6 17G4015, 10.13.6 17G5019, 10.13.6 17G6029, 10.13.6 17G6030, 10.13.6 17G7024, 10.13.6 17G8029, 10.13.6 17G8030, 10.13.6 17G8037, 10.13.6 17G9016, 10.13.6 17G10021, 10.14 18A391, 10.14.1 18B75, 10.14.1 18B2107, 10.14.1 18B3094, 10.14.2 18C54, 10.14.3 18D42, 10.14.3 18D43, 10.14.3 18D109, 10.14.4 18E226, 10.14.4 18E227, 10.14.5 18F132, 10.14.6 18G84, 10.14.6 18G87, 10.14.6 18G95, 10.14.6 18G103, 10.14.6 18G1012, 10.14.6 18G2022, 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57

CPE External links

https://support.apple.com/en-us/HT210919

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Out-of-bounds read

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3826

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing JPEG files in ImageIO. A remote attacker can create a specially crafted JPEG file, trick the victim into opening it, trigger an out-of-bounds read error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.13 17A365, 10.13 17A405, 10.13.1 17B48, 10.13.1 17B1002, 10.13.1 17B1003, 10.13.2 17C88, 10.13.2 17C89, 10.13.2 17C205, 10.13.2 17C2205, 10.13.3 17D47, 10.13.3 17D102, 10.13.3 17D2047, 10.13.3 17D2102, 10.13.4 17E199, 10.13.4 17E202, 10.13.5 17F77, 10.13.6 17G66, 10.13.6 17G2208, 10.13.6 17G3025, 10.13.6 17G4015, 10.13.6 17G5019, 10.13.6 17G6029, 10.13.6 17G6030, 10.13.6 17G7024, 10.13.6 17G8029, 10.13.6 17G8030, 10.13.6 17G8037, 10.13.6 17G9016, 10.13.6 17G10021, 10.14 18A391, 10.14.1 18B75, 10.14.1 18B2107, 10.14.1 18B3094, 10.14.2 18C54, 10.14.3 18D42, 10.14.3 18D43, 10.14.3 18D109, 10.14.4 18E226, 10.14.4 18E227, 10.14.5 18F132, 10.14.6 18G84, 10.14.6 18G87, 10.14.6 18G95, 10.14.6 18G103, 10.14.6 18G1012, 10.14.6 18G2022, 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57

CPE External links

https://support.apple.com/en-us/HT210919

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Buffer overflow

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3827

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing JPEG files. A remote attacker can create a specially crafted JPEG file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.13 17A365, 10.13 17A405, 10.13.1 17B48, 10.13.1 17B1002, 10.13.1 17B1003, 10.13.2 17C88, 10.13.2 17C89, 10.13.2 17C205, 10.13.2 17C2205, 10.13.3 17D47, 10.13.3 17D102, 10.13.3 17D2047, 10.13.3 17D2102, 10.13.4 17E199, 10.13.4 17E202, 10.13.5 17F77, 10.13.6 17G66, 10.13.6 17G2208, 10.13.6 17G3025, 10.13.6 17G4015, 10.13.6 17G5019, 10.13.6 17G6029, 10.13.6 17G6030, 10.13.6 17G7024, 10.13.6 17G8029, 10.13.6 17G8030, 10.13.6 17G8037, 10.13.6 17G9016, 10.13.6 17G10021, 10.14 18A391, 10.14.1 18B75, 10.14.1 18B2107, 10.14.1 18B3094, 10.14.2 18C54, 10.14.3 18D42, 10.14.3 18D43, 10.14.3 18D109, 10.14.4 18E226, 10.14.4 18E227, 10.14.5 18F132, 10.14.6 18G84, 10.14.6 18G87, 10.14.6 18G95, 10.14.6 18G103, 10.14.6 18G1012, 10.14.6 18G2022, 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57

CPE External links

https://support.apple.com/en-us/HT210919

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Incorrect default permissions

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9774

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to Siri Suggestions can access encrypted data. A local user can gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57

CPE External links

https://support.apple.com/en-us/HT210919

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Buffer overflow

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3863

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in crontab implementation. A local user can create a specially crafted cron job and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57

CPE External links

https://support.apple.com/en-us/HT210919

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) UNIX symbolic link following

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3835

CWE-ID: CWE-61 - UNIX Symbolic Link (Symlink) Following

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue in Crash Reporter. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.

Successful exploitation of this vulnerability may result in privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.13 17A365, 10.13 17A405, 10.13.1 17B48, 10.13.1 17B1002, 10.13.1 17B1003, 10.13.2 17C88, 10.13.2 17C89, 10.13.2 17C205, 10.13.2 17C2205, 10.13.3 17D47, 10.13.3 17D102, 10.13.3 17D2047, 10.13.3 17D2102, 10.13.4 17E199, 10.13.4 17E202, 10.13.5 17F77, 10.13.6 17G66, 10.13.6 17G2208, 10.13.6 17G3025, 10.13.6 17G4015, 10.13.6 17G5019, 10.13.6 17G6029, 10.13.6 17G6030, 10.13.6 17G7024, 10.13.6 17G8029, 10.13.6 17G8030, 10.13.6 17G8037, 10.13.6 17G9016, 10.13.6 17G10021, 10.14 18A391, 10.14.1 18B75, 10.14.1 18B2107, 10.14.1 18B3094, 10.14.2 18C54, 10.14.3 18D42, 10.14.3 18D43, 10.14.3 18D109, 10.14.4 18E226, 10.14.4 18E227, 10.14.5 18F132, 10.14.6 18G84, 10.14.6 18G87, 10.14.6 18G95, 10.14.6 18G103, 10.14.6 18G1012, 10.14.6 18G2022, 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57

CPE External links

https://support.apple.com/en-us/HT210919

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Type Confusion

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3853

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a type confusion error in OS kernel. A local user can run a specially crafted program to trigger type confusion and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.13 17A365, 10.13 17A405, 10.13.1 17B48, 10.13.1 17B1002, 10.13.1 17B1003, 10.13.2 17C88, 10.13.2 17C89, 10.13.2 17C205, 10.13.2 17C2205, 10.13.3 17D47, 10.13.3 17D102, 10.13.3 17D2047, 10.13.3 17D2102, 10.13.4 17E199, 10.13.4 17E202, 10.13.5 17F77, 10.13.6 17G66, 10.13.6 17G2208, 10.13.6 17G3025, 10.13.6 17G4015, 10.13.6 17G5019, 10.13.6 17G6029, 10.13.6 17G6030, 10.13.6 17G7024, 10.13.6 17G8029, 10.13.6 17G8030, 10.13.6 17G8037, 10.13.6 17G9016, 10.13.6 17G10021, 10.14 18A391, 10.14.1 18B75, 10.14.1 18B2107, 10.14.1 18B3094, 10.14.2 18C54, 10.14.3 18D42, 10.14.3 18D43, 10.14.3 18D109, 10.14.4 18E226, 10.14.4 18E227, 10.14.5 18F132, 10.14.6 18G84, 10.14.6 18G87, 10.14.6 18G95, 10.14.6 18G103, 10.14.6 18G1012, 10.14.6 18G2022, 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57

CPE External links

https://support.apple.com/en-us/HT210919

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper Initialization

Risk: Low

CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3872

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper initialization in OS kernel. A local user can run a specially crafted application to read restricted memory.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57

CPE External links

https://support.apple.com/en-us/HT210919

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Input validation error

Risk: Low

CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3875

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input in OS kernel. A local user can read restricted memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.13 17A365, 10.13 17A405, 10.13.1 17B48, 10.13.1 17B1002, 10.13.1 17B1003, 10.13.2 17C88, 10.13.2 17C89, 10.13.2 17C205, 10.13.2 17C2205, 10.13.3 17D47, 10.13.3 17D102, 10.13.3 17D2047, 10.13.3 17D2102, 10.13.4 17E199, 10.13.4 17E202, 10.13.5 17F77, 10.13.6 17G66, 10.13.6 17G2208, 10.13.6 17G3025, 10.13.6 17G4015, 10.13.6 17G5019, 10.13.6 17G6029, 10.13.6 17G6030, 10.13.6 17G7024, 10.13.6 17G8029, 10.13.6 17G8030, 10.13.6 17G8037, 10.13.6 17G9016, 10.13.6 17G10021, 10.14 18A391, 10.14.1 18B75, 10.14.1 18B2107, 10.14.1 18B3094, 10.14.2 18C54, 10.14.3 18D42, 10.14.3 18D43, 10.14.3 18D109, 10.14.4 18E226, 10.14.4 18E227, 10.14.5 18F132, 10.14.6 18G84, 10.14.6 18G87, 10.14.6 18G95, 10.14.6 18G103, 10.14.6 18G1012, 10.14.6 18G2022, 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57

CPE External links

https://support.apple.com/en-us/HT210919

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###