—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

APPLE-SA-2020-11-05-6 macOS Catalina 10.15.7 Supplemental Update,
macOS Catalina 10.15.7 Update

macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7
Update is now available and address the following issues. Information
about the security content is also available at
https://support.apple.com/HT211947.

FontParser
Available for: macOS Catalina 10.15.7
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution. Apple is aware of reports that an exploit for this
issue exists in the wild.
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-27930: Google Project Zero

Kernel
Available for: macOS Catalina 10.15.7
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges. Apple is aware of reports that an exploit for
this issue exists in the wild.
Description: A type confusion issue was addressed with improved state
handling.
CVE-2020-27932: Google Project Zero

Kernel
Available for: macOS Catalina 10.15.7
Impact: A malicious application may be able to disclose kernel
memory. Apple is aware of reports that an exploit for this issue
exists in the wild.
Description: A memory initialization issue was addressed.
CVE-2020-27950: Google Project Zero

Installation note:

macOS Catalina 10.15.7 Supplemental Update, macOS Catalina
10.15.7 Update may be obtained from the Mac App Store or Apple’s
Software Downloads web site: https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple’s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+kivcACgkQZcsbuWJ6
jjC/jg//fiDRC2BA2WceDH5m2udfg9EiYYksZ2pB6SbjwfFEHcdiXk+Z3f1zKuyi
de98zUekR91XaP6UsyhVmLRRJ0sibBNXpbI4pt9imsd25pBmmAUronmZgxBBlwek
jPrO63uTLPkcc3qInX/F6Ua22lNAJKmZar+iXKmMX0z0v6Ll/HD/5rRR3SbdQp+S
1ng026fXMCaf5rVnJElk5ErzCsnmtHm8Oh/Zi+WjvLAXUOWB6Pq+fSGP7VF8rArk
dsuubCWDUe7GbWZQUtj3FBQO2g+VoUBi4yJGWZqRCP4+nlbtqN1BpKIMlv4AxGNm
4ZN1Jj1mqlNjzbxffgigiu6EmlvA5z4gtFyCbDBNCp13CDTZmg3IxQ1P78m7zOun
KV9m6c6ibxcYh79N+kY4Y1NCYYBlplagZ3ek4jPAUenUB/li/LaNobLkg/2BhoSv
ymQRRdecU/B1oOXgEyafeYh1eiM7DlDp227s9lVfl8KOQHjzuXyheQAKRluSdLgv
3hbcXGwdGFFzDm3OBg5wD1PqGGJTEtfLXrguQ6Rp1d+GkM6kvLxZ/34ypkeGAEnY
8+DQzqO+fmLrjzVhCLr2Te5jUCKoC3qBAvCp9s9mJuqvM/jtaSYfwekUA6xdwkWI
raNHHsLaUDB+xAseV/j21/ARXzc4Gsf67ncRQHKpewXiGEzkTXE=
=vLMN
—–END PGP SIGNATURE—–
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/security-announce/advinp%40cert.hr

This email sent to advinp@cert.hr