20201215 APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave

20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1

https://support.apple.com/en-us/HT211931

https://support.apple.com/kb/HT212011

The remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.6 Security Update 2020-007 Mojave, 10.15.x prior to 10.15.7 Security Update 2020-001 Catalina, or 11.x prior to 11.1. It is, therefore, affected by multiple vulnerabilities, including the following:

  - Processing a maliciously crafted audio file may lead to arbitrary code execution. (CVE-2020-9960,     CVE-2020-10017, CVE-2020-27908, CVE-2020-27910, CVE-2020-27916, CVE-2020-27948)

  - Processing a maliciously crafted image may lead to arbitrary code execution. (CVE-2020-9962,     CVE-2020-27912, CVE-2020-27919, CVE-2020-27923, CVE-2020-27924, CVE-2020-29611, CVE-2020-29616,     CVE-2020-29618)

  - Processing a maliciously crafted font file may lead to arbitrary code execution. (CVE-2020-9956,     CVE-2020-27922, CVE-2020-27931, CVE-2020-27943, CVE-2020-27944, CVE-2020-27952)

Note that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.

The remote host is running a version of macOS / Mac OS X that is 11.0.x prior to 11.0.1. It is, therefore, affected by multiple vulnerabilities, including the following:

  - An out-of-bounds write issue that can lead to unexpected application termination or arbitrary code     execution when opening a maliciously crafted PDF file. (CVE-2020-9876)

  - An out-of-bounds write caused by insufficient input validation that can lead to arbitrary code execution     when processing a maliciously crafted image. (CVE-2020-9883)

  - A remote attacker may be able to unexpectedly alter the Mail application date due to insufficient checks.
    (CVE-2020-9941)

Note that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.

ID	Name	Product	Family	Severity
144453	macOS 10.14.x < 10.14.6 Security Update 2020-007 / 10.15.x < 10.15.7 Security Update 2020-001 / macOS 11.x < 11.1 (HT212011)	Nessus	MacOS X Local Security Checks	high
143115	macOS 11.0.x < 11.0.1	Nessus	MacOS X Local Security Checks	high

CVE-2020-10014

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

high

high