About the security content of macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave

This document describes the security content of macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave.

About Apple security updates

For our customers' protection, Apple doesn't disclose, discuss or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security

macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave

Released Monday, 14 December 2020

AMD

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: a memory corruption issue was addressed with improved input validation.

CVE-2020-27914: Yu Wang of Didi Research America

CVE-2020-27915: Yu Wang of Didi Research America

AMD

Available for: macOS Big Sur 11.0.1

Impact: A local user may be able to cause unexpected system termination or read kernel memory

Description: an out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.

CVE-2020-27936: Yu Wang of Didi Research America

Entry added Monday, 1 February 2021

App Store

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: an application may be able to gain elevated privileges

Description: This issue was addressed by removing the vulnerable code.

CVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab

AppleGraphicsControl

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1

Impact: an application may be able to execute arbitrary code with kernel privileges

Description: A validation issue was addressed with improved logic.

CVE-2020-27941: shrek_wzw

AppleMobileFileIntegrity

Available for: macOS Big Sur 11.0.1

Impact: A malicious application may be able to bypass Privacy preferences

Description: This issue was addressed with improved checks.

CVE-2020-29621: Wojciech Reguła (@_r3ggi) of SecuRing

Audio

Available for: macOS Big Sur 11.0.1

Impact: Processing a maliciously crafted audio file may disclose restricted memory

Description: an out-of-bounds read was addressed with improved input validation.

CVE-2020-29610: Anonymous working with Trend Micro Zero Day Initiative

Entry added Tuesday, 16 March 2021

Audio

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution

Description: an out-of-bounds read was addressed with improved input validation.

CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab

Audio

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: a malicious application may be able to read restricted memory

Description: an out-of-bounds read was addressed with improved bounds checking.

CVE-2020-9943: JunDong Xie of Ant Security Light-Year Lab

Audio

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: an application may be able to read restricted memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-9944: JunDong Xie of Ant Security Light-Year Lab

Audio

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: processing a maliciously crafted audio file may lead to arbitrary code execution

Description: an out-of-bounds write was addressed with improved input validation.

CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab

Bluetooth

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: a remote attacker may be able to cause unexpected application termination or heap corruption

Description: multiple integer overflows were addressed with improved input validation.

CVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab

CoreAudio

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1

Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-27948: JunDong Xie of Ant Security Light-Year Lab

CoreAudio

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution

Description: an out-of-bounds read was addressed with improved input validation.

CVE-2020-27908: Anonymous working with Trend Micro Zero Day Initiative, JunDong Xie and Xingwei Lin of Ant Security Light-Year Lab

CVE-2020-9960: JunDong Xie and Xingwei Lin of Ant Security Light-Year Lab

Entry updated 16 March 2021

CoreAudio

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: processing a maliciously crafted audio file may lead to arbitrary code execution

Description: an out-of-bounds write was addressed with improved input validation.

CVE-2020-10017: Francis (working with Trend Micro Zero Day Initiative), JunDong Xie of Ant Security Light-Year Lab

CoreText

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: processing a maliciously crafted font file may lead to arbitrary code execution

Description: a logic issue was addressed with improved state management.

CVE-2020-27922: Mickey Jin of Trend Micro

CUPS

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: a malicious application may be able to read restricted memory

Description: an input validation issue was addressed with improved memory handling.

CVE-2020-10001: Niky

Entry added Monday, 1 February 2021

FontParser

Available for: macOS Big Sur 11.0.1

Impact: Processing a maliciously crafted font may result in the disclosure of process memory

Description: An information disclosure issue was addressed with improved state management.

CVE-2020-27946: Mateusz Jurczyk of Google Project Zero

FontParser

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: processing a maliciously crafted image may lead to arbitrary code execution

Description: A buffer overflow was addressed with improved size validation.

CVE-2020-9962: Yiğit Can YILMAZ (@yilmazcanyigit)

FontParser

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: processing a maliciously crafted font file may lead to arbitrary code execution

Description: an out-of-bounds write was addressed with improved input validation.

CVE-2020-27952: An anonymous researcher, Mickey Jin and Junzhi Lu of Trend Micro

FontParser

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: processing a maliciously crafted font file may lead to arbitrary code execution

Description: an out-of-bounds read was addressed with improved input validation.

CVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile Security Research Team (working with Trend Micro’s Zero Day Initiative)

FontParser

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Big Sur 11.0.1

Impact: processing a maliciously crafted font file may lead to arbitrary code execution

Description: A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation.

CVE-2020-27931: Apple

CVE-2020-27943: Mateusz Jurczyk of Google Project Zero

CVE-2020-27944: Mateusz Jurczyk of Google Project Zero

CVE-2020-29624: Mateusz Jurczyk of Google Project Zero

Entry updated 22 December 2020

FontParser

Available for: macOS Big Sur 11.0.1

Impact: a remote attacker may be able to leak memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-29608: Xingwei Lin of Ant Security Light-Year Lab

Entry added Monday, 1 February 2021

Foundation

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: a local user may be able to read arbitrary files

Description: A logic issue was addressed with improved state management.

CVE-2020-10002: James Hutchins

Graphics Drivers

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1

Impact: an application may be able to execute arbitrary code with kernel privileges

Description: a memory corruption issue was addressed with improved input validation.

CVE-2020-27947: ABC Research s.r.o. working with Trend Micro Zero Day Initiative, Liu Long of Ant Security Light-Year Lab

Entry updated 16 March 2021

Graphics Drivers

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: an out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-29612: ABC Research s.r.o. working with Trend Micro Zero Day Initiative

HomeKit

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: An attacker in a privileged network position may be able to unexpectedly alter application state

Description: This issue was addressed with improved setting propagation.

CVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana University Bloomington, Yan Jia of Xidian University and University of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University of Science and Technology

ImageIO

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: processing a maliciously crafted image may lead to arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2020-27939: Xingwei Lin of Ant Security Light-Year Lab

CVE-2020-29625: XingWei Lin of Ant Security Light-Year Lab

Entry added 22 December 2020, updated 1 February 2021

ImageIO

Available for: macOS Catalina 10.15.7, macOS Big Sur 11.0.1

Impact: processing a maliciously crafted image may lead to a denial of service

Description: an out-of-bounds read was addressed with improved input validation.

CVE-2020-29615: Xingwei Lin of Ant Security Light-Year Lab

Entry added Monday, 1 February 2021

ImageIO

Available for: macOS Big Sur 11.0.1

Impact: processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved input validation.

CVE-2020-29616: zhouat working with Trend Micro Zero Day Initiative

ImageIO

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1

Impact: processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-27924: Lei Sun

CVE-2020-29618: XingWei Lin of Ant Security Light-Year Lab

ImageIO

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Big Sur 11.0.1

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-29611: Alexandru-Vlad Niculae working with Google Project Zero

Entry updated 17 December 2020

ImageIO

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1

Impact: processing a maliciously crafted image may lead to heap corruption.

Description: an out-of-bounds read was addressed with improved input validation.

CVE-2020-29617: XingWei Lin of Ant Security Light-Year Lab

CVE-2020-29619: XingWei Lin of Ant Security Light-Year Lab

ImageIO

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: processing a maliciously crafted image may lead to arbitrary code execution

Description: an out-of-bounds write was addressed with improved input validation.

CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab

CVE-2020-27923: Lei Sun

Image Processing

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: processing a maliciously crafted image may lead to arbitrary code execution

Description: an out-of-bounds write was addressed with improved input validation.

CVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei Lin of Ant Security Light-Year Lab

Intel Graphics Driver

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: an out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-10015: ABC Research s.r.o. (working with Trend Micro Zero Day Initiative)

CVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington

Intel Graphics Driver

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2020-27907: ABC Research s.r.o. (working with Trend Micro Zero Day Initiative), Liu Long of Ant Security Light-Year Lab

Entry updated 16 March 2021

Kernel

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: a malicious application may be able to determine kernel memory layout

Description: a logic issue was addressed with improved state management.

CVE-2020-9974: Tommy Muir (@Muirey03)

Kernel

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: an application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2020-10016: Alex Helie

Kernel

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory

Description: Multiple memory corruption issues were addressed with improved input validation.

CVE-2020-9967: Alex Plaskett (@alexjplaskett)

Kernel

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2020-9975: Tielei Wang of Pangu Lab

Kernel

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved state handling.

CVE-2020-27921: Linus Henze (pinauten.de)

Kernel

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1

Impact: A malicious application may cause unexpected changes in memory belonging to processes traced by DTrace

Description: This issue was addressed with improved checks to prevent unauthorised actions.

CVE-2020-27949: Steffen Klee (@_kleest) of TU Darmstadt, Secure Mobile Networking Lab

Kernel

Available for: macOS Big Sur 11.0.1

Impact: a malicious application may be able to elevate privileges

Description: This issue was addressed with improved entitlements.

CVE-2020-29620: Csaba Fitzl (@theevilbit) of Offensive Security

libxml2

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: a remote attacker may be able to cause unexpected application termination or arbitrary code execution

Description: an integer overflow was addressed through improved input validation.

CVE-2020-27911: Found by OSS-Fuzz

libxml2

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: processing maliciously crafted web content may lead to code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2020-27920: Found by OSS-Fuzz

libxml2

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2020-27926: found by OSS-Fuzz

libxpc

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: a malicious application may be able to break out of its sandbox

Description: a parsing issue in the handling of directory paths was addressed with improved path validation.

CVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab

Logging

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: a local attacker may be able to elevate their privileges

Description: a path handling issue was addressed with improved validation.

CVE-2020-10010: Tommy Muir (@Muirey03)

Login Window

Available for: macOS Big Sur 11.0.1

Impact: An attacker in a privileged network position may be able to bypass authentication policy

Description: An authentication issue was addressed with improved state management.

CVE-2020-29633: Jewel Lambert of Original Spin, LLC.

Entry added Monday, 1 February 2021

Model I/O

Available for: macOS Big Sur 11.0.1

Impact: Processing a maliciously crafted file may lead to heap corruption

Description: This issue was addressed with improved checks.

CVE-2020-29614: ZhiWei Sun(@5n1p3r0010) of Topsec Alpha Lab

Entry added Monday, 1 February 2021

Model I/O

Available for: macOS Catalina 10.15.7

Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution

Description: an out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-13520: Aleksandar Nikolic of Cisco Talos

Entry added Monday, 1 February 2021

Model I/O

Available for: macOS Catalina 10.15.7, macOS Big Sur 11.0.1

Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2020-9972: Aleksandar Nikolic of Cisco Talos

Entry added Monday, 1 February 2021

Model I/O

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution

Description: an out-of-bounds read was addressed with improved input validation.

CVE-2020-13524: Aleksandar Nikolic of Cisco Talos

Model I/O

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution

Description: a logic issue was addressed with improved state management.

CVE-2020-10004: Aleksandar Nikolic of Cisco Talos

NSRemoteView

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: A logic issue was addressed with improved restrictions.

CVE-2020-27901: Thijs Alkemade of Computest Research Division

Power Management

Available for: macOS Big Sur 11.0.1

Impact: a malicious application may be able to elevate privileges

Description: a logic issue was addressed with improved state management.

CVE-2020-27938: Tim Michaud (@TimGMichaud) of Leviathan

Entry added Monday, 1 February 2021

Power Management

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: a malicious application may be able to determine kernel memory layout

Description: a logic issue was addressed with improved state management.

CVE-2020-10007: singi@theori (working with Trend Micro Zero Day Initiative)

Quick Look

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: processing a maliciously crafted document may lead to a cross-site scripting attack

Description: an access issue was addressed with improved access restrictions.

CVE-2020-10012: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)

Ruby

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: a remote attacker may be able to modify the file system

Description: a path handling issue was addressed with improved validation.

CVE-2020-27896: an anonymous researcher

System Preferences

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: a sandboxed process may be able to circumvent sandbox restrictions

Description: a logic issue was addressed with improved state management.

CVE-2020-10009: Thijs Alkemade of Computest Research Division

WebKit Storage

Available for: macOS Big Sur 11.0.1

Impact: A user may be unable to fully delete browsing history

Description: “Clear History and Website Data” did not clear the history. The issue was addressed with improved data deletion.

CVE-2020-29623: Simon Hunt of OvalTwo LTD

Entry added Monday, 1 February 2021

WebRTC

Available for: macOS Big Sur 11.0.1

Impact: processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2020-15969: an anonymous researcher

Wi-Fi

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: an attacker may be able to bypass Managed Frame Protection

Description: a denial of service issue was addressed with improved state handling.

CVE-2020-27898: Stephan Marais of University of Johannesburg

Additional recognition

CoreAudio

We would like to acknowledge JunDong Xie and Xingwei Lin of Ant Security Light-Year Lab for their assistance.

Entry added Tuesday, 16 March 2021

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: