About the security content of macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave
This document describes the security content of macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave.
About Apple security updates
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave
AMD
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved input validation.
CVE-2020-27914: Yu Wang of Didi Research America
CVE-2020-27915: Yu Wang of Didi Research America
AMD
Available for: macOS Big Sur 11.0.1
Impact: A local user may be able to cause unexpected system termination or read kernel memory
Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.
CVE-2020-27936: Yu Wang of Didi Research America
App Store
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable code.
CVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
AppleGraphicsControl
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A validation issue was addressed with improved logic.
CVE-2020-27941: shrek_wzw
AppleMobileFileIntegrity
Available for: macOS Big Sur 11.0.1
Impact: A malicious application may be able to bypass Privacy preferences
Description: This issue was addressed with improved checks.
CVE-2020-29621: Wojciech Reguła (@_r3ggi) of SecuRing
Audio
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted audio file may disclose restricted memory
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-29610: Anonymous working with Trend Micro Zero Day Initiative
Audio
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab
Audio
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-9943: JunDong Xie of Ant Security Light-Year Lab
Audio
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-9944: JunDong Xie of Ant Security Light-Year Lab
Audio
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: An out-of-bounds write was addressed with improved input validation.
CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab
Bluetooth
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause unexpected application termination or heap corruption
Description: Multiple integer overflows were addressed with improved input validation.
CVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab
CoreAudio
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2020-27948: JunDong Xie of Ant Security Light-Year Lab
CoreAudio
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-27908: Anonymous working with Trend Micro Zero Day Initiative, JunDong Xie and Xingwei Lin of Ant Security Light-Year Lab
CVE-2020-9960: JunDong Xie and Xingwei Lin of Ant Security Light-Year Lab
CoreAudio
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: An out-of-bounds write was addressed with improved input validation.
CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Security Light-Year Lab
CoreText
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
Description: A logic issue was addressed with improved state management.
CVE-2020-27922: Mickey Jin of Trend Micro
CUPS
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to read restricted memory
Description: An input validation issue was addressed with improved memory handling.
CVE-2020-10001: Niky <kittymore83@gmail.com> of China Mobile
FontParser
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted font may result in the disclosure of process memory
Description: An information disclosure issue was addressed with improved state management.
CVE-2020-27946: Mateusz Jurczyk of Google Project Zero
FontParser
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: A buffer overflow was addressed with improved size validation.
CVE-2020-9962: Yiğit Can YILMAZ (@yilmazcanyigit)
FontParser
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
Description: An out-of-bounds write was addressed with improved input validation.
CVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of Trend Micro
FontParser
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile Security Research Team working with Trend Micro’s Zero Day Initiative
FontParser
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
Description: A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation.
CVE-2020-27931: Apple
CVE-2020-27943: Mateusz Jurczyk of Google Project Zero
CVE-2020-27944: Mateusz Jurczyk of Google Project Zero
CVE-2020-29624: Mateusz Jurczyk of Google Project Zero
FontParser
Available for: macOS Big Sur 11.0.1
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-29608: Xingwei Lin of Ant Security Light-Year Lab
Foundation
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A local user may be able to read arbitrary files
Description: A logic issue was addressed with improved state management.
CVE-2020-10002: James Hutchins
Graphics Drivers
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved input validation.
CVE-2020-27947: ABC Research s.r.o. working with Trend Micro Zero Day Initiative, Liu Long of Ant Security Light-Year Lab
Graphics Drivers
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2020-29612: ABC Research s.r.o. working with Trend Micro Zero Day Initiative
HomeKit
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An attacker in a privileged network position may be able to unexpectedly alter application state
Description: This issue was addressed with improved setting propagation.
CVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana University Bloomington, Yan Jia of Xidian University and University of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University of Science and Technology
ImageIO
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2020-27939: Xingwei Lin of Ant Security Light-Year Lab
CVE-2020-29625: XingWei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Catalina 10.15.7, macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to a denial of service
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-29615: Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved input validation.
CVE-2020-29616: zhouat working with Trend Micro Zero Day Initiative
ImageIO
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-27924: Lei Sun
CVE-2020-29618: XingWei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2020-29611: Alexandru-Vlad Niculae working with Google Project Zero
ImageIO
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to heap corruption
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-29617: XingWei Lin of Ant Security Light-Year Lab
CVE-2020-29619: XingWei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds write was addressed with improved input validation.
CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab
CVE-2020-27923: Lei Sun
Image Processing
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds write was addressed with improved input validation.
CVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei Lin of Ant Security Light-Year Lab
Intel Graphics Driver
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day Initiative
CVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington
Intel Graphics Driver
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day Initiative, Liu Long of Ant Security Light-Year Lab
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to determine kernel memory layout
Description: A logic issue was addressed with improved state management.
CVE-2020-9974: Tommy Muir (@Muirey03)
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved state management.
CVE-2020-10016: Alex Helie
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory
Description: Multiple memory corruption issues were addressed with improved input validation.
CVE-2020-9967: Alex Plaskett (@alexjplaskett)
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A use after free issue was addressed with improved memory management.
CVE-2020-9975: Tielei Wang of Pangu Lab
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A race condition was addressed with improved state handling.
CVE-2020-27921: Linus Henze (pinauten.de)
Kernel
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1
Impact: A malicious application may cause unexpected changes in memory belonging to processes traced by DTrace
Description: This issue was addressed with improved checks to prevent unauthorized actions.
CVE-2020-27949: Steffen Klee (@_kleest) of TU Darmstadt, Secure Mobile Networking Lab
Kernel
Available for: macOS Big Sur 11.0.1
Impact: A malicious application may be able to elevate privileges
Description: This issue was addressed with improved entitlements.
CVE-2020-29620: Csaba Fitzl (@theevilbit) of Offensive Security
libxml2
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: An integer overflow was addressed through improved input validation.
CVE-2020-27911: found by OSS-Fuzz
libxml2
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing maliciously crafted web content may lead to code execution
Description: A use after free issue was addressed with improved memory management.
CVE-2020-27920: found by OSS-Fuzz
libxml2
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
CVE-2020-27926: found by OSS-Fuzz
libxpc
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to break out of its sandbox
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
CVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Logging
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A local attacker may be able to elevate their privileges
Description: A path handling issue was addressed with improved validation.
CVE-2020-10010: Tommy Muir (@Muirey03)
Login Window
Available for: macOS Big Sur 11.0.1
Impact: An attacker in a privileged network position may be able to bypass authentication policy
Description: An authentication issue was addressed with improved state management.
CVE-2020-29633: Jewel Lambert of Original Spin, LLC.
Model I/O
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted file may lead to heap corruption
Description: This issue was addressed with improved checks.
CVE-2020-29614: ZhiWei Sun(@5n1p3r0010) of Topsec Alpha Lab
Model I/O
Available for: macOS Catalina 10.15.7
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2020-13520: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: macOS Catalina 10.15.7, macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Description: A buffer overflow issue was addressed with improved memory handling.
CVE-2020-9972: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-13524: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution
Description: A logic issue was addressed with improved state management.
CVE-2020-10004: Aleksandar Nikolic of Cisco Talos
NSRemoteView
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A sandboxed process may be able to circumvent sandbox restrictions
Description: A logic issue was addressed with improved restrictions.
CVE-2020-27901: Thijs Alkemade of Computest Research Division
Power Management
Available for: macOS Big Sur 11.0.1
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved state management.
CVE-2020-27938: Tim Michaud (@TimGMichaud) of Leviathan
Power Management
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to determine kernel memory layout
Description: A logic issue was addressed with improved state management.
CVE-2020-10007: singi@theori working with Trend Micro Zero Day Initiative
Quick Look
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: Processing a maliciously crafted document may lead to a cross site scripting attack
Description: An access issue was addressed with improved access restrictions.
CVE-2020-10012: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)
Ruby
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A remote attacker may be able to modify the file system
Description: A path handling issue was addressed with improved validation.
CVE-2020-27896: an anonymous researcher
System Preferences
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A sandboxed process may be able to circumvent sandbox restrictions
Description: A logic issue was addressed with improved state management.
CVE-2020-10009: Thijs Alkemade of Computest Research Division
WebKit Storage
Available for: macOS Big Sur 11.0.1
Impact: A user may be unable to fully delete browsing history
Description: "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion.
CVE-2020-29623: Simon Hunt of OvalTwo LTD
WebRTC
Available for: macOS Big Sur 11.0.1
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
CVE-2020-15969: an anonymous researcher
Wi-Fi
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: An attacker may be able to bypass Managed Frame Protection
Description: A denial of service issue was addressed with improved state handling.
CVE-2020-27898: Stephan Marais of University of Johannesburg
Additional recognition
CoreAudio
We would like to acknowledge JunDong Xie and Xingwei Lin of Ant Security Light-Year Lab for their assistance.
Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.