About the security content of macOS Big Sur 11.0.1

This document describes the security content of macOS Big Sur 11.0.1.

About Apple security updates

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

macOS Big Sur 11.0.1

Released November 12, 2020

AMD

Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2020-27914: Yu Wang of Didi Research America

CVE-2020-27915: Yu Wang of Didi Research America

Entry added December 14, 2020

App Store

Impact: An application may be able to gain elevated privileges

Description: This issue was addressed by removing the vulnerable code.

CVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab

Audio

Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab

Audio

Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution

Description: An out-of-bounds write was addressed with improved input validation.

CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab

Audio

Impact: A malicious application may be able to read restricted memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab

Audio

Impact: An application may be able to read restricted memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab

Bluetooth

Impact: A remote attacker may be able to cause unexpected application termination or heap corruption

Description: Multiple integer overflows were addressed with improved input validation.

CVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab

CFNetwork Cache

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An integer overflow was addressed with improved input validation.

CVE-2020-27945: Zhuo Liang of Qihoo 360 Vulcan Team

Entry added March 16, 2021

CoreAudio

Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-27908: JunDong Xie and Xingwei Lin of Ant Security Light-Year Lab

CVE-2020-27909: Anonymous working with Trend Micro Zero Day Initiative, JunDong Xie and Xingwei Lin of Ant Security Light-Year Lab

CVE-2020-9960: JunDong Xie and Xingwei Lin of Ant Security Light-Year Lab

Entry added December 14, 2020

CoreAudio

Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution

Description: An out-of-bounds write was addressed with improved input validation.

CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Security Light-Year Lab

CoreCapture

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2020-9949: Proteas

CoreGraphics

Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution

Description: An out-of-bounds write was addressed with improved input validation.

CVE-2020-9897: S.Y. of ZecOps Mobile XDR, an anonymous researcher

Entry added October 25, 2021

CoreGraphics

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds write was addressed with improved input validation.

CVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro

Crash Reporter

Impact: A local attacker may be able to elevate their privileges

Description: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.

CVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan

CoreText

Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

Description: A logic issue was addressed with improved state management.

CVE-2020-27922: Mickey Jin of Trend Micro

Entry added December 14, 2020

CoreText

Impact: Processing a maliciously crafted text file may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2020-9999: Apple

Entry updated December 14, 2020

Directory Utility

Impact: A malicious application may be able to access private information

Description: A logic issue was addressed with improved state management.

CVE-2020-27937: Wojciech Reguła (@_r3ggi) of SecuRing

Entry added March 16, 2021

Disk Images

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-9965: Proteas

CVE-2020-9966: Proteas

Finder

Impact: Users may be unable to remove metadata indicating where files were downloaded from

Description: The issue was addressed with additional user controls.

CVE-2020-27894: Manuel Trezza of Shuggr (shuggr.com)

FontParser

Impact: Processing a maliciously crafted font may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-36615: Peter Nguyen Hoang Vu (@peternguyen14) of STAR Labs

Entry added May 11, 2023

FontParser

Impact: Processing a maliciously crafted text file may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2021-1790: Peter Nguyen Vu Hoang of STAR Labs

Entry added May 25, 2022

FontParser

Impact: Processing a maliciously crafted font may lead to arbitrary code execution

Description: This issue was addressed by removing the vulnerable code.

CVE-2021-1775: Mickey Jin and Qi Sun of Trend Micro working with Trend Micro’s Zero Day Initiative

Entry added October 25, 2021

FontParser

Impact: A malicious application may be able to read restricted memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-29629: an anonymous researcher

Entry added October 25, 2021

FontParser

Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

Description: A logic issue was addressed with improved state management.

CVE-2020-27942: an anonymous researcher

Entry added October 25, 2021

FontParser

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A buffer overflow was addressed with improved size validation.

CVE-2020-9962: Yiğit Can YILMAZ (@yilmazcanyigit)

Entry added December 14, 2020

FontParser

Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

Description: An out-of-bounds write was addressed with improved input validation.

CVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of Trend Micro

Entry added December 14, 2020

FontParser

Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile Security Research Team working with Trend Micro’s Zero Day Initiative

Entry added December 14, 2020

FontParser

Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

Description: A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation.

CVE-2020-27931: Apple

Entry added December 14, 2020

FontParser

Impact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild.

Description: A memory corruption issue was addressed with improved input validation.

CVE-2020-27930: Google Project Zero

FontParser

Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab

FontParser

Impact: Processing a maliciously crafted font may result in the disclosure of process memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-29639: Mickey Jin & Qi Sun of Trend Micro working with Trend Micro's Zero Day Initiative

Entry added July 21, 2021

Foundation

Impact: A local user may be able to read arbitrary files

Description: A logic issue was addressed with improved state management.

CVE-2020-10002: James Hutchins

HomeKit

Impact: An attacker in a privileged network position may be able to unexpectedly alter application state

Description: This issue was addressed with improved setting propagation.

CVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana University Bloomington, Yan Jia of Xidian University and University of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University of Science and Technology

Entry added December 14, 2020

ImageIO

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-9955: Mickey Jin of Trend Micro, Xingwei Lin of Ant Security Light-Year Lab

Entry added December 14, 2020

ImageIO

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-27924: Lei Sun

Entry added December 14, 2020

ImageIO

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds write was addressed with improved input validation.

CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab

CVE-2020-27923: Lei Sun

Entry updated December 14, 2020

ImageIO

Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-9876: Mickey Jin of Trend Micro

Intel Graphics Driver

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day Initiative

CVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc., and Luyi Xing of Indiana University Bloomington

Entry added December 14, 2020

Intel Graphics Driver

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day Initiative, Liu Long of Ant Security Light-Year Lab

Entry added December 14, 2020, updated March 16, 2021

Image Processing

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds write was addressed with improved input validation.

CVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei Lin of Ant Security Light-Year Lab

Entry added December 14, 2020

Kernel

Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory

Description: Multiple memory corruption issues were addressed with improved input validation.

CVE-2020-9967: Alex Plaskett (@alexjplaskett)

Entry added December 14, 2020

Kernel

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2020-9975: Tielei Wang of Pangu Lab

Entry added December 14, 2020

Kernel

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved state handling.

CVE-2020-27921: Linus Henze (pinauten.de)

Entry added December 14, 2020

Kernel

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management.

CVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqong Security Lab

Kernel

Impact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel

Description: A routing issue was addressed with improved restrictions.

CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall

Kernel

Impact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild.

Description: A memory initialization issue was addressed.

CVE-2020-27950: Google Project Zero

Kernel

Impact: A malicious application may be able to determine kernel memory layout

Description: A logic issue was addressed with improved state management.

CVE-2020-9974: Tommy Muir (@Muirey03)

Kernel

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2020-10016: Alex Helie

Kernel

Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.

Description: A type confusion issue was addressed with improved state handling.

CVE-2020-27932: Google Project Zero

libxml2

Impact: Processing maliciously crafted web content may lead to code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2020-27917: found by OSS-Fuzz

CVE-2020-27920: found by OSS-Fuzz

Entry updated December 14, 2020

libxml2

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

Description: An integer overflow was addressed through improved input validation.

CVE-2020-27911: found by OSS-Fuzz

libxpc

Impact: A malicious application may be able to elevate privileges

Description: A logic issue was addressed with improved validation.

CVE-2020-9971: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab

Entry added December 14, 2020

libxpc

Impact: A malicious application may be able to break out of its sandbox

Description: A parsing issue in the handling of directory paths was addressed with improved path validation.

CVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab

Logging

Impact: A local attacker may be able to elevate their privileges

Description: A path handling issue was addressed with improved validation.

CVE-2020-10010: Tommy Muir (@Muirey03)

Mail

Impact: A remote attacker may be able to unexpectedly alter application state

Description: This issue was addressed with improved checks.

CVE-2020-9941: Fabian Ising of FH Münster University of Applied Sciences and Damian Poddebniak of FH Münster University of Applied Sciences

Messages

Impact: A local user may be able to discover a user’s deleted messages

Description: The issue was addressed with improved deletion.

CVE-2020-9988: William Breuer of the Netherlands

CVE-2020-9989: von Brunn Media

Model I/O

Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-10011: Aleksandar Nikolic of Cisco Talos

Entry added December 14, 2020

Model I/O

Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-13524: Aleksandar Nikolic of Cisco Talos

Model I/O

Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution

Description: A logic issue was addressed with improved state management.

CVE-2020-10004: Aleksandar Nikolic of Cisco Talos

NetworkExtension

Impact: A malicious application may be able to elevate privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and Mickey Jin of Trend Micro

NSRemoteView

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: A logic issue was addressed with improved restrictions.

CVE-2020-27901: Thijs Alkemade of Computest Research Division

Entry added December 14, 2020

NSRemoteView

Impact: A malicious application may be able to preview files it does not have access to

Description: An issue existed in the handling of snapshots. The issue was resolved with improved permissions logic.

CVE-2020-27900: Thijs Alkemade of Computest Research Division

PCRE

Impact: Multiple issues in pcre

Description: Multiple issues were addressed by updating to version 8.44.

CVE-2019-20838

CVE-2020-14155

Power Management

Impact: A malicious application may be able to determine kernel memory layout

Description: A logic issue was addressed with improved state management.

CVE-2020-10007: singi@theori working with Trend Micro Zero Day Initiative

python

Impact: Cookies belonging to one origin may be sent to another origin

Description: Multiple issues were addressed with improved logic.

CVE-2020-27896: an anonymous researcher

Quick Look

Impact: A malicious app may be able to determine the existence of files on the computer

Description: The issue was addressed with improved handling of icon caches.

CVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security

Quick Look

Impact: Processing a maliciously crafted document may lead to a cross site scripting attack

Description: An access issue was addressed with improved access restrictions.

CVE-2020-10012: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)

Entry updated March 16, 2021

Ruby

Impact: A remote attacker may be able to modify the file system

Description: A path handling issue was addressed with improved validation.

CVE-2020-27896: an anonymous researcher

Ruby

Impact: When parsing certain JSON documents, the json gem can be coerced into creating arbitrary objects in the target system

Description: This issue was addressed with improved checks.

CVE-2020-10663: Jeremy Evans

Safari

Impact: Visiting a malicious website may lead to address bar spoofing

Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.

CVE-2020-9945: Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati

Safari

Impact: A malicious application may be able to determine a user's open tabs in Safari

Description: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement.

CVE-2020-9977: Josh Parnham (@joshparnham)

Safari

Impact: Visiting a malicious website may lead to address bar spoofing

Description: An inconsistent user interface issue was addressed with improved state management.

CVE-2020-9942: an anonymous researcher, Rahul d Kankrale (servicenger.com), Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter, Ruilin Yang of Tencent Security Xuanwu Lab, YoKo Kho (@YoKoAcc) of PT Telekomunikasi Indonesia (Persero) Tbk, Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab

Safari

Impact: An inconsistent user interface issue was addressed with improved state management

Description: Visiting a malicious website may lead to address bar spoofing.

CVE-2020-9987: Rafay Baloch (cybercitadel.com) of Cyber Citadel

Entry added July 21, 2021

Sandbox

Impact: A local application may be able to enumerate the user's iCloud documents

Description: The issue was addressed with improved permissions logic.

CVE-2021-1803: Csaba Fitzl (@theevilbit) of Offensive Security

Entry added March 16, 2021

Sandbox

Impact: A local user may be able to view senstive user information

Description: An access issue was addressed with additional sandbox restrictions.

CVE-2020-9969: Wojciech Reguła of SecuRing (wojciechregula.blog)

Screen Sharing

Impact: A user with screen sharing access may be able to view another user's screen

Description: An issue existed in screen sharing. This issue was addressed with improved state management.

CVE-2020-27893: pcsgomes

Entry added March 16, 2021

Siri

Impact: A person with physical access to an iOS device may be able to access contacts from the lock screen

Description: A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management.

CVE-2021-1755: Yuval Ron, Amichai Shulman, and Eli Biham of Technion - Israel Institute of Technology

Entry added March 16, 2021

smbx

Impact: An attacker in a privileged network position may be able to perform denial of service

Description: A resource exhaustion issue was addressed with improved input validation.

CVE-2020-10005: Apple

Entry added October 25, 2021

SQLite

Impact: A remote attacker may be able to cause a denial of service

Description: This issue was addressed with improved checks.

CVE-2020-9991

SQLite

Impact: A remote attacker may be able to leak memory

Description: An information disclosure issue was addressed with improved state management.

CVE-2020-9849

SQLite

Impact: Multiple issues in SQLite

Description: Multiple issues were addressed with improved checks.

CVE-2020-15358

SQLite

Impact: A maliciously crafted SQL query may lead to data corruption

Description: This issue was addressed with improved checks.

CVE-2020-13631

SQLite

Impact: A remote attacker may be able to cause a denial of service

Description: This issue was addressed with improved checks.

CVE-2020-13434

CVE-2020-13435

CVE-2020-9991

SQLite

Impact: A remote attacker may be able to cause arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2020-13630

Symptom Framework

Impact: A local attacker may be able to elevate their privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2020-27899: 08Tc3wBB working with ZecOps

Entry added December 14, 2020

System Preferences

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: A logic issue was addressed with improved state management.

CVE-2020-10009: Thijs Alkemade of Computest Research Division

TCC

Impact: A malicious application with root privileges may be able to access private information

Description: A logic issue was addressed with improved restrictions.

CVE-2020-10008: Wojciech Reguła of SecuRing (wojciechregula.blog)

Entry added December 14, 2020

WebKit

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2020-27918: Liu Long of Ant Security Light-Year Lab

Entry updated December 14, 2020

WebKit

Impact: A use after free issue was addressed with improved memory management

Description: Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2020-9947: cc working with Trend Micro Zero Day Initiative

CVE-2020-9950: cc working with Trend Micro Zero Day Initiative

Entry added July 21, 2021

Wi-Fi

Impact: An attacker may be able to bypass Managed Frame Protection

Description: A denial of service issue was addressed with improved state handling.

CVE-2020-27898: Stephan Marais of University of Johannesburg

XNU

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: Multiple issues were addressed with improved logic.

CVE-2020-27935: Lior Halphon (@LIJI32)

Entry added December 17, 2020

Xsan

Impact: A malicious application may be able to access restricted files

Description: This issue was addressed with improved entitlements.

CVE-2020-10006: Wojciech Reguła (@_r3ggi) of SecuRing

Additional recognition

802.1X

We would like to acknowledge Kenana Dalle of Hamad bin Khalifa University and Ryan Riley of Carnegie Mellon University in Qatar for their assistance.

Entry added December 14, 2020

Audio

We would like to acknowledge JunDong Xie and Xingwei Lin of Ant-Financial Light-Year Security Lab, Marc Schoenefeld Dr. rer. nat. for their assistance.

Entry updated March 16, 2021

Bluetooth

We would like to acknowledge Andy Davis of NCC Group, Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their assistance.

Entry updated December 14, 2020

Clang

We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.

Core Location

We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance.

Crash Reporter

We would like to acknowledge Artur Byszko of AFINE for their assistance.

Entry added December 14, 2020

Directory Utility

We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.

iAP

We would like to acknowledge Andy Davis of NCC Group for their assistance.

Kernel

We would like to acknowledge Brandon Azad of Google Project Zero, Stephen Röttger of Google for their assistance.

libxml2

We would like to acknowledge an anonymous researcher for their assistance.

Entry added December 14, 2020

Login Window

We would like to acknowledge Rob Morton of Leidos for their assistance.

Entry added March 16, 2021

Login Window

We would like to acknowledge Rob Morton of Leidos for their assistance.

Photos Storage

We would like to acknowledge Paulos Yibelo of LimeHats for their assistance.

Quick Look

We would like to acknowledge Csaba Fitzl (@theevilbit) and Wojciech Reguła of SecuRing (wojciechregula.blog) for their assistance.

Safari

We would like to acknowledge Gabriel Corona and Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati for their assistance.

Sandbox

We would like to acknowledge Saagar Jha for their assistance.

Entry added May 11, 2023

Security

We would like to acknowledge Christian Starkjohann of Objective Development Software GmbH for their assistance.

System Preferences

We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.

Entry added March 16, 2021

System Preferences

We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.

WebKit

Maximilian Blochberger of the Security in Distributed Systems Group of University of Hamburg

Entry added May 25, 2022

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: October 31, 2023