Apple macOS vulnerabilities

CVE-2020-10002 [MEDIUM] CVE-2020-10002: A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11. A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A local user may be able to read arbitrary files.

CVE-2020-10009 [MEDIUM] CVE-2020-10009: A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11. A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A sandboxed process may be able to circumvent sandbox restrictions.

CVE-2020-9944 [MEDIUM] CWE-125 CVE-2020-9944: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to read restricted memory.

CVE-2020-9922 [MEDIUM] CVE-2020-9922: A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10 A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted email may lead to writing arbitrary files.

CVE-2020-9963 [MEDIUM] CVE-2020-9963: The issue was addressed with improved handling of icon caches. This issue is fixed in macOS Big Sur The issue was addressed with improved handling of icon caches. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious app may be able to determine the existence of files on the computer.

CVE-2020-9945 [MEDIUM] CWE-1021 CVE-2020-9945: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input valid A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, Safari 14.0.1. Visiting a malicious website may lead to address bar spoofing.

CVE-2020-10006 [MEDIUM] CVE-2020-10006: This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.0.1. A This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to access restricted files.

CVE-2020-10014 [MEDIUM] CWE-22 CVE-2020-10014: A parsing issue in the handling of directory paths was addressed with improved path validation. This A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to break out of its sandbox.

CVE-2020-10012 [MEDIUM] CWE-79 CVE-2020-10012: An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Su An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.0.1. Processing a maliciously crafted document may lead to a cross site scripting attack.

CVE-2020-9943 [MEDIUM] CWE-125 CVE-2020-9943: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A malicious application may be able to read restricted memory.

CVE-2020-10007 [MEDIUM] CVE-2020-10007: A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11. A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to determine kernel memory layout.

CVE-2020-9977 [MEDIUM] CWE-20 CVE-2020-9977: A validation issue existed in the entitlement verification. This issue was addressed with improved v A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to determine a user's open tabs in Safari.

CVE-2020-27896 [MEDIUM] CWE-22 CVE-2020-27896: A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 1 A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1. A remote attacker may be able to modify the file system.

CVE-2020-9942 [MEDIUM] CWE-1021 CVE-2020-9942: An inconsistent user interface issue was addressed with improved state management. This issue is fix An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing.

CVE-2020-9974 [MEDIUM] CVE-2020-9974: A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11. A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to determine kernel memory layout.

CVE-2020-9988 [MEDIUM] CVE-2020-9988: The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, iOS 14. The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages.

CVE-2020-9969 [MEDIUM] CVE-2020-9969: An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A local user may be able to view senstive user information.

CVE-2020-9989 [MEDIUM] CVE-2020-9989: The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, watchOS The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages.

CVE-2020-13524 [MEDIUM] CWE-119 CVE-2020-13524: An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS da An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.

CVE-2020-8037 [HIGH] CWE-770 CVE-2020-8037: The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.