—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update
2020-004 Mojave, Security Update 2020-004 High Sierra

macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security
Update 2020-004 High Sierra are now available and address the
following:

Audio
Available for: macOS Catalina 10.15.5
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9884: Yu Zhou(@yuzhou6666) of 小鸡帮 working with Trend Micro
Zero Day Initiative
CVE-2020-9889: JunDong Xie and XingWei Li of Ant-financial Light-Year
Security Lab

Audio
Available for: macOS Catalina 10.15.5
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9888: JunDong Xie and XingWei Li of Ant-financial Light-Year
Security Lab
CVE-2020-9890: JunDong Xie and XingWei Li of Ant-financial Light-Year
Security Lab
CVE-2020-9891: JunDong Xie and XingWei Li of Ant-financial Light-Year
Security Lab

Clang
Available for: macOS Catalina 10.15.5
Impact: Clang may generate machine code that does not correctly
enforce pointer authentication codes
Description: A logic issue was addressed with improved validation.
CVE-2020-9870: Samuel Groß of Google Project Zero

CoreAudio
Available for: macOS High Sierra 10.13.6
Impact: A buffer overflow may result in arbitrary code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2020-9866: Yu Zhou of 小鸡帮 and Jundong Xie of Ant-financial Light-
Year Security Lab

CoreFoundation
Available for: macOS Catalina 10.15.5
Impact: A local user may be able to view sensitive user information
Description: An issue existed in the handling of environment
variables. This issue was addressed with improved validation.
CVE-2020-9934: an anonymous researcher

Crash Reporter
Available for: macOS Catalina 10.15.5
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360
BugCloud

Grpahics Drivers
Available for: macOS Catalina 10.15.5
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9799: ABC Research s.r.o.

Heimdal
Available for: macOS Catalina 10.15.5
Impact: A local user may be able to leak sensitive user information
Description: This issue was addressed with improved data protection.
CVE-2020-9913: Cody Thomas of SpecterOps

ImageIO
Available for: macOS Catalina 10.15.5
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9936: Mickey Jin of Trend Micro

Kernel
Available for: macOS Catalina 10.15.5
Impact: An attacker in a privileged network position may be able to
inject into active connections within a VPN tunnel
Description: A routing issue was addressed with improved
restrictions.
CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R.
Crandall

Mail
Available for: macOS Catalina 10.15.5
Impact: A remote attacker can cause a limited out-of-bounds write,
resulting in a denial of service
Description: An input validation issue was addressed.
CVE-2019-19906

Messages
Available for: macOS Catalina 10.15.5
Impact: A user that is removed from an iMessage group could rejoin
the group
Description: An issue existed in the handling of iMessage tapbacks.
The issue was resolved with additional verification.
CVE-2020-9885: an anonymous researcher, Suryansh Mansharamani, of WWP
High School North (medium.com/@suryanshmansha)

Model I/O
Available for: macOS Catalina 10.15.5
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2020-9878: Holger Fuhrmannek of Deutsche Telekom Security

Security
Available for: macOS Catalina 10.15.5
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9864: Alexander Holodny

Vim
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: This issue was addressed with improved checks.
CVE-2019-20807: Guilherme de Almeida Suckevicz

Wi-Fi
Available for: macOS Catalina 10.15.5
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud
(bugcloud.360.cn)

Additional recognition

USB Audio
We would like to acknowledge Andy Davis of NCC Group for their
assistance.

Installation note:

macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security
Update 2020-004 High Sierra may be obtained from the Mac App Store or
Apple’s Software Downloads web site:
https://support.apple.com/downloads/
—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl8PNx0ACgkQBz4uGe3y
0M3aXhAAm0hhJpdR0h7uhbtT6LkOuBAYbn0ivAbaB2wzEgZJNXBi9pwd/eL+I1tZ
FsYG2Ux0P7VOXClepKzM/yi2Y9w9JZt/u5jSpps7n4/6k4JpcBT74IBF8A4iUvfQ
DZcd58rTYf7PuO28ZW9FcYVhgMrN1oPheg0yr+ZaM+0wJrBfPg5STX9AwtPw5P4B
aDMYGqv6EQLRiI/cj18/BnLD9kuYq2/fvO/AVjTzAGWVWmY0jpEaaHoeEgSbocNd
qVpobhb8K8aK3PjfocK62hSH9DF0yBQYVsnX+bRmTDqzkWK4FXN6fG2ObiI+9ytq
wJ6RPT9N5rkIsru8iqaYW6vo5eS61tCAxSgsOsWsm9+KAaBLOnrLzago3kQbtnTG
SQBDDSW5w1iI/+kypdCCE67I67psSxPfrDdPU2wG3arQjnE4xm7S4eOE+9cBlKY+
bsNpFcYgShyZ6GnaJ1yVbZgR2zK97xbKYp8xbEOICeCchO1vF31hlDxsMl09UV1U
eYJ3sOqBUxDpUj2vjpP9pB4ocSlHdAENL/5dyWUPlx8wjpnodRX2HsPHonjTqM4y
kgwJjHI26LZWU4icKIPvl8875ksw/sCmKpVZlbF0IRPvd58ITt5rSvUTQulKqVs6
ML/l/uIf4shjBmNz0xdQlzsdctxdnPh1ge1kNfH34X4JgPWVWaM=
=GCJp
—–END PGP SIGNATURE—–
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/security-announce/advinp%40cert.hr

This email sent to advinp@cert.hr