20201215 APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave

20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1

https://support.apple.com/en-us/HT211929

https://support.apple.com/en-us/HT211931

https://support.apple.com/kb/HT211930

https://support.apple.com/kb/HT212011

The remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.6 Security Update 2020-007 Mojave, 10.15.x prior to 10.15.7 Security Update 2020-001 Catalina, or 11.x prior to 11.1. It is, therefore, affected by multiple vulnerabilities, including the following:

  - Processing a maliciously crafted audio file may lead to arbitrary code execution. (CVE-2020-9960,     CVE-2020-10017, CVE-2020-27908, CVE-2020-27910, CVE-2020-27916, CVE-2020-27948)

  - Processing a maliciously crafted image may lead to arbitrary code execution. (CVE-2020-9962,     CVE-2020-27912, CVE-2020-27919, CVE-2020-27923, CVE-2020-27924, CVE-2020-29611, CVE-2020-29616,     CVE-2020-29618)

  - Processing a maliciously crafted font file may lead to arbitrary code execution. (CVE-2020-9956,     CVE-2020-27922, CVE-2020-27931, CVE-2020-27943, CVE-2020-27944, CVE-2020-27952)

Note that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.

The remote host is running a version of macOS / Mac OS X that is 11.0.x prior to 11.0.1. It is, therefore, affected by multiple vulnerabilities, including the following:

  - An out-of-bounds write issue that can lead to unexpected application termination or arbitrary code     execution when opening a maliciously crafted PDF file. (CVE-2020-9876)

  - An out-of-bounds write caused by insufficient input validation that can lead to arbitrary code execution     when processing a maliciously crafted image. (CVE-2020-9883)

  - A remote attacker may be able to unexpectedly alter the Mail application date due to insufficient checks.
    (CVE-2020-9941)

Note that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.

The version of Apple iOS running on the mobile device is prior to 14.2. It is, therefore, affected by multiple vulnerabilities.

ID	Name	Product	Family	Severity
144453	macOS 10.14.x < 10.14.6 Security Update 2020-007 / 10.15.x < 10.15.7 Security Update 2020-001 / macOS 11.x < 11.1 (HT212011)	Nessus	MacOS X Local Security Checks	high
143115	macOS 11.0.x < 11.0.1	Nessus	MacOS X Local Security Checks	high
142881	Apple iOS < 14.2 Multiple Vulnerabilities	Nessus	Mobile Devices	high

CVE-2020-10004

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high