Apple macOS vulnerabilities

CVE-2020-9902 [MEDIUM] CWE-125 CVE-2020-9902: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 a An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to determine kernel memory layout.

CVE-2020-9935 [MEDIUM] CVE-2020-9935: A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10 A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A user may be unexpectedly logged in to another user’s account.

CVE-2020-9939 [MEDIUM] CWE-367 CVE-2020-9939: This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.6. A loca This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to load unsigned kernel extensions.

CVE-2020-3918 [MEDIUM] CVE-2020-3918: An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A local user may be able to view sensitive user information.

CVE-2020-9787 [MEDIUM] CVE-2020-9787: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 1 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. Some websites may not have appeared in Safari Preferences.

CVE-2020-9997 [MEDIUM] CVE-2020-9997: An information disclosure issue was addressed with improved state management. This issue is fixed in An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, watchOS 6.2.8. A malicious application may disclose restricted memory.

CVE-2020-9810 [MEDIUM] CVE-2020-9810: A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15. A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. A person with physical access to a Mac may be able to bypass Login Window.

CVE-2020-9772 [MEDIUM] CVE-2020-9772: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 1 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A sandboxed process may be able to circumvent sandbox restrictions.

CVE-2020-9986 [LOW] CVE-2020-9986: A file access issue existed with certain home folder files. This was addressed with improved access A file access issue existed with certain home folder files. This was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.7. A malicious application may be able to read sensitive location information.

CVE-2020-9864 [CRITICAL] CVE-2020-9864: A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15. A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges.

CVE-2020-9918 [CRITICAL] CWE-125 CVE-2020-9918: An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Cat An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.

CVE-2020-9891 [HIGH] CWE-125 CVE-2020-9891: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 a An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.

CVE-2020-9884 [HIGH] CWE-787 CVE-2020-9884: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.

CVE-2020-9878 [HIGH] CWE-120 CVE-2020-9878: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

CVE-2020-9890 [HIGH] CWE-125 CVE-2020-9890: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 a An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.

CVE-2020-9865 [HIGH] CWE-787 CVE-2020-9865: A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to break out of its sandbox.

CVE-2020-9889 [HIGH] CWE-787 CVE-2020-9889: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.

CVE-2020-9888 [HIGH] CWE-125 CVE-2020-9888: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 a An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.

CVE-2020-9799 [HIGH] CWE-125 CVE-2020-9799: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Cata An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges.

CVE-2020-9870 [HIGH] CWE-20 CVE-2020-9870: A logic issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13. A logic issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. An attacker with memory write capability may be able to bypass pointer authentication codes and run arbitrary code.