Apple macOS vulnerabilities

CVE-2020-9825 [HIGH] CVE-2020-9825: An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.5 An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A malicious application may be able to bypass Privacy preferences.

CVE-2020-9842 [HIGH] CVE-2020-9842: An entitlement parsing issue was addressed with improved parsing. This issue is fixed in iOS 13.5 an An entitlement parsing issue was addressed with improved parsing. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application could interact with system processes to access private information and perform privileged actions.

CVE-2020-9795 [HIGH] CWE-416 CVE-2020-9795: A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13. A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to execute arbitrary code with kernel privileges.

CVE-2020-9827 [HIGH] CVE-2020-9827: A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 1 A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause a denial of service.

CVE-2020-9830 [HIGH] CWE-787 CVE-2020-9830: A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 1 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.

CVE-2020-9813 [HIGH] CWE-787 CVE-2020-9813: A logic issue existed resulting in memory corruption. This was addressed with improved state managem A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.

CVE-2020-9844 [HIGH] CWE-415 CVE-2020-9844: A double free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 a A double free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.

CVE-2020-9852 [HIGH] CWE-190 CVE-2020-9852: An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.5 An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.

CVE-2020-9791 [HIGH] CWE-125 CVE-2020-9791: An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution.

CVE-2020-9790 [HIGH] CWE-787 CVE-2020-9790: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2020-9821 [HIGH] CWE-787 CVE-2020-9821: A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 1 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.

CVE-2020-9793 [HIGH] CWE-20 CVE-2020-9793: A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 1 A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause arbitrary code execution.

CVE-2020-9824 [HIGH] CVE-2020-9824: A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15. A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. A non-privileged user may be able to modify restricted network settings.

CVE-2020-9789 [HIGH] CWE-787 CVE-2020-9789: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2020-9812 [MEDIUM] CVE-2020-9812: An information disclosure issue was addressed with improved state management. This issue is fixed in An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory.

CVE-2020-9851 [MEDIUM] CVE-2020-9851: An access issue was addressed with improved access restrictions. This issue is fixed in macOS Catali An access issue was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to modify protected parts of the file system.

CVE-2020-3882 [MEDIUM] CVE-2020-3882: This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. Import This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. Importing a maliciously crafted calendar invitation may exfiltrate user information.

CVE-2020-9804 [MEDIUM] CVE-2020-9804: A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15. A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. Inserting a USB device that sends invalid messages may cause a kernel panic.

CVE-2020-9832 [MEDIUM] CWE-125 CVE-2020-9832: An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Cat An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to determine kernel memory layout.

CVE-2020-9797 [MEDIUM] CVE-2020-9797: An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed i An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine another application's memory layout.