Multiple vulnerabilities in Apple macOS



Published: 2020-07-15 | Updated: 2021-05-19
Risk High
Patch available YES
Number of vulnerabilities 9
CVE ID CVE-2020-9899
CVE-2020-9898
CVE-2020-9892
CVE-2020-9887
CVE-2020-9985
CVE-2020-9940
CVE-2020-9882
CVE-2020-9881
CVE-2020-9880
CWE ID CWE-119
CWE-264
CWE-787
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
macOS
Operating systems & Components / Operating system

Vendor Apple Inc.

Security Advisory

1) Buffer overflow

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9899

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Wi-Fi subsystem. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.13 17A365, 10.13 17A405, 10.13.1 17B48, 10.13.1 17B1002, 10.13.1 17B1003, 10.13.2 17C88, 10.13.2 17C89, 10.13.2 17C205, 10.13.2 17C2205, 10.13.3 17D47, 10.13.3 17D102, 10.13.3 17D2047, 10.13.3 17D2102, 10.13.4 17E199, 10.13.4 17E202, 10.13.5 17F77, 10.13.6 17G66, 10.13.6 17G2208, 10.13.6 17G3025, 10.13.6 17G4015, 10.13.6 17G5019, 10.13.6 17G6029, 10.13.6 17G6030, 10.13.6 17G7024, 10.13.6 17G8029, 10.13.6 17G8030, 10.13.6 17G8037, 10.13.6 17G9016, 10.13.6 17G10021, 10.13.6 17G11023, 10.13.6 17G12034, 10.13.6 17G13033, 10.13.6 17G13035, 10.14 18A391, 10.14.1 18B75, 10.14.1 18B2107, 10.14.1 18B3094, 10.14.2 18C54, 10.14.3 18D42, 10.14.3 18D43, 10.14.3 18D109, 10.14.4 18E226, 10.14.4 18E227, 10.14.5 18F132, 10.14.6 18G84, 10.14.6 18G87, 10.14.6 18G95, 10.14.6 18G103, 10.14.6 18G1012, 10.14.6 18G2022, 10.14.6 18G3020, 10.14.6 18G4032, 10.14.6 18G5033, 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57, 10.15.3 19D76, 10.15.4 19E266, 10.15.4 19E287, 10.15.5 19F96, 10.15.5 19F101

CPE External links

https://support.apple.com/kb/HT211289

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Security restrictions bypass

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9898

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to bypass sandbox restrictions.

The vulnerability exists due to application does not properly impose security restrictions within WebDav implementation. A sandboxed process can circumvent sandbox restrictions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.13 17A365, 10.13 17A405, 10.13.1 17B48, 10.13.1 17B1002, 10.13.1 17B1003, 10.13.2 17C88, 10.13.2 17C89, 10.13.2 17C205, 10.13.2 17C2205, 10.13.3 17D47, 10.13.3 17D102, 10.13.3 17D2047, 10.13.3 17D2102, 10.13.4 17E199, 10.13.4 17E202, 10.13.5 17F77, 10.13.6 17G66, 10.13.6 17G2208, 10.13.6 17G3025, 10.13.6 17G4015, 10.13.6 17G5019, 10.13.6 17G6029, 10.13.6 17G6030, 10.13.6 17G7024, 10.13.6 17G8029, 10.13.6 17G8030, 10.13.6 17G8037, 10.13.6 17G9016, 10.13.6 17G10021, 10.13.6 17G11023, 10.13.6 17G12034, 10.13.6 17G13033, 10.13.6 17G13035, 10.14 18A391, 10.14.1 18B75, 10.14.1 18B2107, 10.14.1 18B3094, 10.14.2 18C54, 10.14.3 18D42, 10.14.3 18D43, 10.14.3 18D109, 10.14.4 18E226, 10.14.4 18E227, 10.14.5 18F132, 10.14.6 18G84, 10.14.6 18G87, 10.14.6 18G95, 10.14.6 18G103, 10.14.6 18G1012, 10.14.6 18G2022, 10.14.6 18G3020, 10.14.6 18G4032, 10.14.6 18G5033, 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57, 10.15.3 19D76, 10.15.4 19E266, 10.15.4 19E287, 10.15.5 19F96, 10.15.5 19F101

CPE External links

https://support.apple.com/en-us/HT211289

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9892

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel subsystem. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.13 17A365, 10.13 17A405, 10.13.1 17B48, 10.13.1 17B1002, 10.13.1 17B1003, 10.13.2 17C88, 10.13.2 17C89, 10.13.2 17C205, 10.13.2 17C2205, 10.13.3 17D47, 10.13.3 17D102, 10.13.3 17D2047, 10.13.3 17D2102, 10.13.4 17E199, 10.13.4 17E202, 10.13.5 17F77, 10.13.6 17G66, 10.13.6 17G2208, 10.13.6 17G3025, 10.13.6 17G4015, 10.13.6 17G5019, 10.13.6 17G6029, 10.13.6 17G6030, 10.13.6 17G7024, 10.13.6 17G8029, 10.13.6 17G8030, 10.13.6 17G8037, 10.13.6 17G9016, 10.13.6 17G10021, 10.13.6 17G11023, 10.13.6 17G12034, 10.13.6 17G13033, 10.13.6 17G13035, 10.14 18A391, 10.14.1 18B75, 10.14.1 18B2107, 10.14.1 18B3094, 10.14.2 18C54, 10.14.3 18D42, 10.14.3 18D43, 10.14.3 18D109, 10.14.4 18E226, 10.14.4 18E227, 10.14.5 18F132, 10.14.6 18G84, 10.14.6 18G87, 10.14.6 18G95, 10.14.6 18G103, 10.14.6 18G1012, 10.14.6 18G2022, 10.14.6 18G3020, 10.14.6 18G4032, 10.14.6 18G5033, 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57, 10.15.3 19D76, 10.15.4 19E266, 10.15.4 19E287, 10.15.5 19F96, 10.15.5 19F101

CPE External links

https://support.apple.com/en-us/HT211289

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds write

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9887

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing JPEG images within the AppleVPA framework. A remote attacker can create a specially crafted JPEG file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.13 17A365, 10.13 17A405, 10.13.1 17B48, 10.13.1 17B1002, 10.13.1 17B1003, 10.13.2 17C88, 10.13.2 17C89, 10.13.2 17C205, 10.13.2 17C2205, 10.13.3 17D47, 10.13.3 17D102, 10.13.3 17D2047, 10.13.3 17D2102, 10.13.4 17E199, 10.13.4 17E202, 10.13.5 17F77, 10.13.6 17G66, 10.13.6 17G2208, 10.13.6 17G3025, 10.13.6 17G4015, 10.13.6 17G5019, 10.13.6 17G6029, 10.13.6 17G6030, 10.13.6 17G7024, 10.13.6 17G8029, 10.13.6 17G8030, 10.13.6 17G8037, 10.13.6 17G9016, 10.13.6 17G10021, 10.13.6 17G11023, 10.13.6 17G12034, 10.13.6 17G13033, 10.13.6 17G13035, 10.14 18A391, 10.14.1 18B75, 10.14.1 18B2107, 10.14.1 18B3094, 10.14.2 18C54, 10.14.3 18D42, 10.14.3 18D43, 10.14.3 18D109, 10.14.4 18E226, 10.14.4 18E227, 10.14.5 18F132, 10.14.6 18G84, 10.14.6 18G87, 10.14.6 18G95, 10.14.6 18G103, 10.14.6 18G1012, 10.14.6 18G2022, 10.14.6 18G3020, 10.14.6 18G4032, 10.14.6 18G5033, 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57, 10.15.3 19D76, 10.15.4 19E266, 10.15.4 19E287, 10.15.5 19F96, 10.15.5 19F101

CPE External links

https://support.apple.com/kb/HT211289
https://www.zerodayinitiative.com/advisories/ZDI-20-1182/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Buffer overflow

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9985

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing USD files within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57, 10.15.3 19D76, 10.15.4 19E266, 10.15.4 19E287, 10.15.5 19F96, 10.15.5 19F101

CPE External links

https://support.apple.com/en-us/HT211289

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer overflow

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9940

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing USD files within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57, 10.15.3 19D76, 10.15.4 19E266, 10.15.4 19E287, 10.15.5 19F96, 10.15.5 19F101

CPE External links

https://support.apple.com/en-us/HT211289

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9882

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing USD files within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57, 10.15.3 19D76, 10.15.4 19E266, 10.15.4 19E287, 10.15.5 19F96, 10.15.5 19F101

CPE External links

https://support.apple.com/en-us/HT211289

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Buffer overflow

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9881

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing USD files within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57, 10.15.3 19D76, 10.15.4 19E266, 10.15.4 19E287, 10.15.5 19F96, 10.15.5 19F101

CPE External links

https://support.apple.com/en-us/HT211289

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9880

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing USD files within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583, 10.15 19A602, 10.15 19A603, 10.15.1 19B88, 10.15.2 19C57, 10.15.3 19D76, 10.15.4 19E266, 10.15.4 19E287, 10.15.5 19F96, 10.15.5 19F101

CPE External links

https://support.apple.com/en-us/HT211289

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###