|
|
<!DOCTYPE html><html prefix="og: http://ogp.me/ns#" dir="ltr" lang="en"><head> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <title lang="en">About the security content of macOS Big Sur 11.0.1 - Apple Support</title> <link rel="dns-prefetch" href="https://www.apple.com/"> <link rel="preconnect" href="https://www.apple.com/" crossorigin="">
<link rel="canonical" href="https://support.apple.com/en-us/HT211931"> <link rel="alternate" hreflang="en-ie" href="https://support.apple.com/en-ie/HT211931"> <link rel="alternate" hreflang="ar-kw" href="https://support.apple.com/ar-kw/HT211931"> <link rel="alternate" hreflang="en-il" href="https://support.apple.com/en-il/HT211931"> <link rel="alternate" hreflang="en-in" href="https://support.apple.com/en-in/HT211931"> <link rel="alternate" hreflang="en-ae" href="https://support.apple.com/en-ae/HT211931"> <link rel="alternate" hreflang="en-za" href="https://support.apple.com/en-za/HT211931"> <link rel="alternate" hreflang="no-no" href="https://support.apple.com/no-no/HT211931"> <link rel="alternate" hreflang="en-al" href="https://support.apple.com/en-al/HT211931"> <link rel="alternate" hreflang="en-is" href="https://support.apple.com/en-is/HT211931"> <link rel="alternate" hreflang="el-gr" href="https://support.apple.com/el-gr/HT211931"> <link rel="alternate" hreflang="en-am" href="https://support.apple.com/en-am/HT211931"> <link rel="alternate" hreflang="nl-nl" href="https://support.apple.com/nl-nl/HT211931"> <link rel="alternate" hreflang="en-au" href="https://support.apple.com/en-au/HT211931"> <link rel="alternate" hreflang="he-il" href="https://support.apple.com/he-il/HT211931"> <link rel="alternate" hreflang="hu-hu" href="https://support.apple.com/hu-hu/HT211931"> <link rel="alternate" hreflang="en-jo" href="https://support.apple.com/en-jo/HT211931"> <link rel="alternate" hreflang="en-bh" href="https://support.apple.com/en-bh/HT211931"> <link rel="alternate" hreflang="es-cl" href="https://support.apple.com/es-cl/HT211931"> <link rel="alternate" hreflang="fr-sn" href="https://support.apple.com/fr-sn/HT211931"> <link rel="alternate" hreflang="fr-ca" href="https://support.apple.com/fr-ca/HT211931"> <link rel="alternate" hreflang="es-co" href="https://support.apple.com/es-co/HT211931"> <link rel="alternate" hreflang="pl-pl" href="https://support.apple.com/pl-pl/HT211931"> <link rel="alternate" hreflang="en-bn" href="https://support.apple.com/en-bn/HT211931"> <link rel="alternate" hreflang="pt-pt" href="https://support.apple.com/pt-pt/HT211931"> <link rel="alternate" hreflang="en-sa" href="https://support.apple.com/en-sa/HT211931"> <link rel="alternate" hreflang="fr-be" href="https://support.apple.com/fr-be/HT211931"> <link rel="alternate" hreflang="ar-eg" href="https://support.apple.com/ar-eg/HT211931"> <link rel="alternate" hreflang="en-bw" href="https://support.apple.com/en-bw/HT211931"> <link rel="alternate" hreflang="en-sg" href="https://support.apple.com/en-sg/HT211931"> <link rel="alternate" hreflang="en-ke" href="https://support.apple.com/en-ke/HT211931"> <link rel="alternate" hreflang="hr-hr" href="https://support.apple.com/hr-hr/HT211931"> <link rel="alternate" hreflang="en-om" href="https://support.apple.com/en-om/HT211931"> <link rel="alternate" hreflang="zh-mo" href="https://support.apple.com/zh-mo/HT211931"> <link rel="alternate" hreflang="de-at" href="https://support.apple.com/de-at/HT211931"> <link rel="alternate" hreflang="en-gu" href="https://support.apple.com/en-gu/HT211931"> <link rel="alternate" hreflang="en-gw" href="https://support.apple.com/en-gw/HT211931"> <link rel="alternate" hreflang="fr-gn" href="https://support.apple.com/fr-gn/HT211931"> <link rel="alternate" hreflang="fr-gq" href="https://support.apple.com/fr-gq/HT211931"> <link rel="alternate" hreflang="cs-cz" href="https://support.apple.com/cs-cz/HT211931"> <link rel="alternate" hreflang="en-ph" href="https://support.apple.com/en-ph/HT211931"> <link rel="alternate" hreflang="zh-tw" href="https://support.apple.com/zh-tw/HT211931"> <link rel="alternate" hreflang="ko-kr" href="https://support.apple.com/ko-kr/HT211931"> <link rel="alternate" hreflang="en-hk" href="https://support.apple.com/en-hk/HT211931"> <link rel="alternate" hreflang="sk-sk" href="https://support.apple.com/sk-sk/HT211931"> <link rel="alternate" hreflang="ru-ru" href="https://support.apple.com/ru-ru/HT211931"> <link rel="alternate" hreflang="en-qa" href="https://support.apple.com/en-qa/HT211931"> <link rel="alternate" hreflang="sv-se" href="https://support.apple.com/sv-se/HT211931"> <link rel="alternate" hreflang="da-dk" href="https://support.apple.com/da-dk/HT211931"> <link rel="alternate" hreflang="en-us" href="https://support.apple.com/en-us/HT211931"> <link rel="alternate" hreflang="en-mk" href="https://support.apple.com/en-mk/HT211931"> <link rel="alternate" hreflang="en-mn" href="https://support.apple.com/en-mn/HT211931"> <link rel="alternate" hreflang="en-eg" href="https://support.apple.com/en-eg/HT211931"> <link rel="alternate" hreflang="en-mo" href="https://support.apple.com/en-mo/HT211931"> <link rel="alternate" hreflang="fr-ne" href="https://support.apple.com/fr-ne/HT211931"> <link rel="alternate" hreflang="en-mt" href="https://support.apple.com/en-mt/HT211931"> <link rel="alternate" hreflang="nl-be" href="https://support.apple.com/nl-be/HT211931"> <link rel="alternate" hreflang="zh-cn" href="https://support.apple.com/zh-cn/HT211931"> <link rel="alternate" hreflang="en-mz" href="https://support.apple.com/en-mz/HT211931"> <link rel="alternate" hreflang="fr-ml" href="https://support.apple.com/fr-ml/HT211931"> <link rel="alternate" hreflang="en-my" href="https://support.apple.com/en-my/HT211931"> <link rel="alternate" hreflang="fr-mu" href="https://support.apple.com/fr-mu/HT211931"> <link rel="alternate" hreflang="en-ng" href="https://support.apple.com/en-ng/HT211931"> <link rel="alternate" hreflang="el-cy" href="https://support.apple.com/el-cy/HT211931"> <link rel="alternate" hreflang="en-vn" href="https://support.apple.com/en-vn/HT211931"> <link rel="alternate" hreflang="ja-jp" href="https://support.apple.com/ja-jp/HT211931"> <link rel="alternate" hreflang="de-ch" href="https://support.apple.com/de-ch/HT211931"> <link rel="alternate" hreflang="en-nz" href="https://support.apple.com/en-nz/HT211931"> <link rel="alternate" hreflang="ro-ro" href="https://support.apple.com/ro-ro/HT211931"> <link rel="alternate" hreflang="it-ch" href="https://support.apple.com/it-ch/HT211931"> <link rel="alternate" hreflang="tr-tr" href="https://support.apple.com/tr-tr/HT211931"> <link rel="alternate" hreflang="fr-fr" href="https://support.apple.com/fr-fr/HT211931"> <link rel="alternate" hreflang="en-gb" href="https://support.apple.com/en-gb/HT211931"> <link rel="alternate" hreflang="fi-fi" href="https://support.apple.com/fi-fi/HT211931"> <link rel="alternate" hreflang="en-ca" href="https://support.apple.com/en-ca/HT211931"> <link rel="alternate" hreflang="fr-tn" href="https://support.apple.com/fr-tn/HT211931"> <link rel="alternate" hreflang="ar-ae" href="https://support.apple.com/ar-ae/HT211931"> <link rel="alternate" hreflang="en-kw" href="https://support.apple.com/en-kw/HT211931"> <link rel="alternate" hreflang="fr-cf" href="https://support.apple.com/fr-cf/HT211931"> <link rel="alternate" hreflang="fr-ci" href="https://support.apple.com/fr-ci/HT211931"> <link rel="alternate" hreflang="fr-ch" href="https://support.apple.com/fr-ch/HT211931"> <link rel="alternate" hreflang="es-us" href="https://support.apple.com/es-us/HT211931"> <link rel="alternate" hreflang="fr-cm" href="https://support.apple.com/fr-cm/HT211931"> <link rel="alternate" hreflang="en-lb" href="https://support.apple.com/en-lb/HT211931"> <link rel="alternate" hreflang="ar-sa" href="https://support.apple.com/ar-sa/HT211931"> <link rel="alternate" hreflang="de-de" href="https://support.apple.com/de-de/HT211931"> <link rel="alternate" hreflang="en-lk" href="https://support.apple.com/en-lk/HT211931"> <link rel="alternate" hreflang="fr-ma" href="https://support.apple.com/fr-ma/HT211931"> <link rel="alternate" hreflang="zh-hk" href="https://support.apple.com/zh-hk/HT211931"> <link rel="alternate" hreflang="pt-br" href="https://support.apple.com/pt-br/HT211931"> <link rel="alternate" hreflang="de-li" href="https://support.apple.com/de-li/HT211931"> <link rel="alternate" hreflang="ar-bh" href="https://support.apple.com/ar-bh/HT211931"> <link rel="alternate" hreflang="es-es" href="https://support.apple.com/es-es/HT211931"> <link rel="alternate" hreflang="fr-mg" href="https://support.apple.com/fr-mg/HT211931"> <link rel="alternate" hreflang="ar-jo" href="https://support.apple.com/ar-jo/HT211931"> <link rel="alternate" hreflang="es-mx" href="https://support.apple.com/es-mx/HT211931"> <link rel="alternate" hreflang="it-it" href="https://support.apple.com/it-it/HT211931"> <link rel="alternate" hreflang="en-ug" href="https://support.apple.com/en-ug/HT211931"> <link rel="alternate" hreflang="id-id" href="https://support.apple.com/id-id/HT211931"> <link rel="alternate" hreflang="de-lu" href="https://support.apple.com/de-lu/HT211931"> <link rel="alternate" hreflang="en-md" href="https://support.apple.com/en-md/HT211931"> <link rel="alternate" hreflang="fr-lu" href="https://support.apple.com/fr-lu/HT211931"> <link rel="alternate" hreflang="en-me" href="https://support.apple.com/en-me/HT211931"> <link rel="alternate" hreflang="th-th" href="https://support.apple.com/th-th/HT211931">
<meta name="description" content="This document describes the security content of macOS Big Sur 11.0.1.
"> <meta property="og:url" content="https://support.apple.com/en-us/HT211931"> <meta property="og:title" content="About the security content of macOS Big Sur 11.0.1"> <meta property="og:description" content="This document describes the security content of macOS Big Sur 11.0.1.
"> <meta property="og:site_name" content="Apple Support"> <meta property="og:locale" content="en_US"> <meta property="og:type" content="article"> <meta name="ac-gn-search-field[locale]" content="en_US">
<script type="application/ld+json">{ "@context": "https://ziyuan.baidu.com/contexts/cambrian.jsonld","@id":"https://support.apple.com/en-us/HT211931","appid": "1583465330249689","title":"About the security ","pubDate":"2020-10-31T12:48:36","upDate":"2020-12-17T09:16:36"}</script>
<link rel="stylesheet" href="About%20the%20security%20content%20of%20macOS%20Big%20Sur%2011.0.1%20-%20Apple%20Support_files/app-ht.css" type="text/css"> <link rel="stylesheet" href="About%20the%20security%20content%20of%20macOS%20Big%20Sur%2011.0.1%20-%20Apple%20Support_files/ac-globalfooter.css" type="text/css"> <link rel="stylesheet" href="About%20the%20security%20content%20of%20macOS%20Big%20Sur%2011.0.1%20-%20Apple%20Support_files/ac-globalnav.css" type="text/css"> <link rel="stylesheet" href="About%20the%20security%20content%20of%20macOS%20Big%20Sur%2011.0.1%20-%20Apple%20Support_files/fonts.css" type="text/css"> <script> var _applemd = { page: { site_section: "kb", content_type: "ht", info_type: "update", topics: "security update", in_house: "domain,security & cert update", locale: "en-us", friendly_content: { title: "About the security content of macOS Big Sur 11.0.1", publish_date: "12172020", content_id: "HT211931", status: "unarchieved", version: "1.4" }, testandtarget:{ throttle:"0.0" }, }, product: { list: ["acs::kb::productcategory::product security",] } }
</script>
<script src="About%20the%20security%20content%20of%20macOS%20Big%20Sur%2011.0.1%20-%20Apple%20Support_files/nn.js" type="text/javascript" charset="utf-8"></script><script> var neighborInitData = { appDataSchemaVersion: '2.0.0', endpoint: 'https://supportmetrics.apple.com/content/services/stats' }
</script> <script> var data = { showHelpFulfeedBack: true, id: "HT211931", locale: "en_US", podCookie: "us~en", urlLocale: "en-us", isPreview : false, productCategories : "PP23", source : "", channel : "HOWTO_ARTICLES", bizChatLink : "https://bcrw.apple.com/urn:biz:b15ed773-9eed-11e7-baa2-7b88b04daa8e", bizChatIntentId : "ContactApple", bizChatGroupId : "%7B%22domain%22:%20%22AC%22,%22origin%22:%20%22OLS%22,%22page%22:%20%22acs::kb::ht::ARTICLEID::contact%20apple%20for%20support%20and%20service%20(en-us)%22%7D", bizChatBody : "%3Cstrong%3EChat using Messages%3C/strong%3E %3Cbr%3E Have a question? Ask now.", bizChatSupportedCountries : "US", bizChatthrottleValue : 0.0, bypassBizChat: false, akamaiEdgeScapeURL: "https://support.apple.com/edge-sight", isNeighborJsEnabled: true, isOkapiEnabled: false, domain: "support.apple.com", dtmPageName: "acs.pageload" } window.appState = JSON.stringify(data);
document.cookie = 'POD=us~en; path=/; domain=.apple.com; expires='+new Date(Date.now() + (28 * 24 * 60 * 60 * 1000)).toGMTString(); </script> <link rel="stylesheet" href="About%20the%20security%20content%20of%20macOS%20Big%20Sur%2011.0.1%20-%20Apple%20Support_files/accs-offer.css"></head> <body class="ac-gn-current-support js" itemscope="" itemtype="https://schema.org/TechArticle" data-new-gr-c-s-check-loaded="8.869.0" data-gr-ext-installed="">
<meta name="ac-gn-store-key" content="S2A49YFKJF2JAT22K"><meta name="ac-gn-search-action" content="https://support.apple.com/kb/index"><meta name="ac-gn-search-input" content="q"><meta name="ac-gn-search-field[src]" content="globalnav_support"><meta name="ac-gn-search-field[type]" content="organic"><meta name="ac-gn-search-field[page]" content="search"><meta name="ac-gn-search-field[locale]" content="en_US"><link onerror="headerCssFallback()" rel="stylesheet" type="text/css" href="About%20the%20security%20content%20of%20macOS%20Big%20Sur%2011.0.1%20-%20Apple%20Support_files/ac-globalnav.css"><aside id="ac-gn-segmentbar" class="ac-gn-segmentbar" dir="ltr" data-strings="{ 'exit': 'Exit', 'view': '{%STOREFRONT%} Store Home', 'segments': { 'smb': 'Business Store Home', 'eduInd': 'Education Store Home', 'other': 'Store Home' } }" lang="en-US"></aside><input type="checkbox" id="ac-gn-menustate" class="ac-gn-menustate"><nav id="ac-globalnav" class="js no-touch windows" role="navigation" aria-label="Global" data-hires="false" data-analytics-region="global nav" dir="ltr" data-www-domain="www.apple.com" data-store-locale="us" data-store-root-path="/us" data-store-api="https://www.apple.com/[storefront]/shop/bag/status" data-search-locale="en_US" data-search-suggestions-api="https://www.apple.com/search-services/suggestions/" data-search-defaultlinks-api="https://www.apple.com/search-services/suggestions/defaultlinks/" lang="en-US"><div class="ac-gn-content"><ul class="ac-gn-header"><li class="ac-gn-item ac-gn-menuicon"><label class="ac-gn-menuicon-label" for="ac-gn-menustate" aria-hidden="true"><span class="ac-gn-menuicon-bread ac-gn-menuicon-bread-top"><span class="ac-gn-menuicon-bread-crust ac-gn-menuicon-bread-crust-top"></span></span><span class="ac-gn-menuicon-bread ac-gn-menuicon-bread-bottom"><span class="ac-gn-menuicon-bread-crust ac-gn-menuicon-bread-crust-bottom"></span></span></label><a href="#ac-gn-menustate" role="button" class="ac-gn-menuanchor ac-gn-menuanchor-open" id="ac-gn-menuanchor-open"><span class="ac-gn-menuanchor-label">Global Nav Open Menu</span></a><a href="#" role="button" class="ac-gn-menuanchor ac-gn-menuanchor-close" id="ac-gn-menuanchor-close"><span class="ac-gn-menuanchor-label">Global Nav Close Menu</span></a></li><li class="ac-gn-item ac-gn-apple"><a class="ac-gn-link ac-gn-link-apple" href="https://www.apple.com/" data-analytics-title="apple home" id="ac-gn-firstfocus-small"><span class="ac-gn-link-text">Apple</span></a></li><li class="ac-gn-item ac-gn-bag ac-gn-bag-small" id="ac-gn-bag-small"><div class="ac-gn-bag-wrapper"><a class="ac-gn-link ac-gn-link-bag" href="https://www.apple.com/us/shop/goto/bag" data-analytics-title="bag" data-analytics-click="bag" aria-label="Shopping Bag" data-string-badge="Shopping Bag with item count :" role="button" aria-haspopup="true" aria-expanded="false" aria-controls="ac-gn-bagview-content"><span class="ac-gn-link-text">Shopping Bag</span></a><span class="ac-gn-bag-badge"><span class="ac-gn-bag-badge-separator"></span><span class="ac-gn-bag-badge-number"></span><span class="ac-gn-bag-badge-unit">+</span></span></div><span class="ac-gn-bagview-caret ac-gn-bagview-caret-large"></span></li></ul><div class="ac-gn-search-placeholder-container" role="search"><div class="ac-gn-search ac-gn-search-small"><a id="ac-gn-link-search-small" class="ac-gn-link" href="https://support.apple.com/kb/index?page=search&locale=en_US" data-analytics-title="search" data-analytics-click="search" data-analytics-intrapage-link="" aria-label="Search Support" role="button" aria-haspopup="true"><div class="ac-gn-search-placeholder-bar"><div class="ac-gn-search-placeholder-input"><div class="ac-gn-search-placeholder-input-text" aria-hidden="true"><div class="ac-gn-link-search ac-gn-search-placeholder-input-icon"></div><span class="ac-gn-search-placeholder">Search Support</span></div></div><div class="ac-gn-searchview-close ac-gn-searchview-close-small ac-gn-search-placeholder-searchview-close"><span class="ac-gn-searchview-close-cancel" aria-hidden="true">Cancel</span></div <div class="ac-gn-searchresults-section-wrapper"> <h3 class="ac-gn-searchresults-header ac-gn-searchresults-animated">Quick Links</h3> <ul class="ac-gn-searchresults-list" id="defaultlinks" role="listbox"> <li class="ac-gn-searchresults-item ac-gn-searchresults-animated" role="presentation"> <a href="https://support.apple.com/en-us/HT201487" role="option" class="ac-gn-searchresults-link ac-gn-searchresults-link-defaultlinks" data-query="no keyword" data-section="defaultlinks" data-items="5" data-index="0" data-label="If you forgot your Apple ID password" data-analytics-click="eVar23: {data-query} | {data-section} | {data-items} | {data-label} | {data-index}, events:event50">If you forgot your Apple ID password</a> </li> <li class="ac-gn-searchresults-item ac-gn-searchresults-animated" role="presentation"> <a href="https://support.apple.com/en-us/HT204306" role="option" class="ac-gn-searchresults-link ac-gn-searchresults-link-defaultlinks" data-query="no keyword" data-section="defaultlinks" data-items="5" data-index="1" data-label="If you forgot the passcode for your iPhone, iPad, or iPod touch" data-analytics-click="eVar23: {data-query} | {data-section} | {data-items} | {data-label} | {data-index}, events:event50">If you forgot the passcode for your iPhone, iPad, or iPod touch</a> </li> <li class="ac-gn-searchresults-item ac-gn-searchresults-animated" role="presentation"> <a href="https://support.apple.com/en-us/HT202039" role="option" class="ac-gn-searchresults-link ac-gn-searchresults-link-defaultlinks" data-query="no keyword" data-section="defaultlinks" data-items="5" data-index="2" data-label="View, change, or cancel your subscriptions" data-analytics-click="eVar23: {data-query} | {data-section} | {data-items} | {data-label} | {data-index}, events:event50">View, change, or cancel your subscriptions</a> </li> <li class="ac-gn-searchresults-item ac-gn-searchresults-animated" role="presentation"> <a href="https://support.apple.com/en-us/HT204204" role="option" class="ac-gn-searchresults-link ac-gn-searchresults-link-defaultlinks" data-query="no keyword" data-section="defaultlinks" data-items="5" data-index="3" data-label="Update iOS on your device" data-analytics-click="eVar23: {data-query} | {data-section} | {data-items} | {data-label} | {data-index}, events:event50">Update iOS on your device</a> </li> <li class="ac-gn-searchresults-item ac-gn-searchresults-animated" role="presentation"> <a href="https://support.apple.com/contact" role="option" class="ac-gn-searchresults-link ac-gn-searchresults-link-defaultlinks" data-query="no keyword" data-section="defaultlinks" data-items="5" data-index="4" data-label="Contact Apple Support" data-analytics-click="eVar23: {data-query} | {data-section} | {data-items} | {data-label} | {data-index}, events:event50">Contact Apple Support</a> </li> </ul> <span role="status" class="ac-gn-searchresults-count" aria-live="polite">5 Quick Links</span> </div> </section>
</aside></div><button id="ac-gn-searchview-close" class="ac-gn-searchview-close" aria-label="Cancel Search"><span class="ac-gn-searchview-close-wrapper"><span class="ac-gn-searchview-close-left"></span><span class="ac-gn-searchview-close-right"></span></span></button></aside><aside class="ac-gn-bagview" data-analytics-region="bag"><div class="ac-gn-bagview-scrim"><span class="ac-gn-bagview-caret ac-gn-bagview-caret-small"></span></div><div class="ac-gn-bagview-content" id="ac-gn-bagview-content"></div></aside></div></nav><div class="ac-gn-blur"></div><div id="ac-gn-curtain" class="ac-gn-curtain"></div><div id="ac-gn-placeholder" class="ac-nav-placeholder"></div>
<div id="app"> <div> <section class="section section-content"> <div> <div class="column small-12 medium-12 large-12 large-centered text-center"> <div class="main" role="main" id="howto-section"> <div id="content"> <h1 id="howto-title" itemprop="headline">About the security content of macOS Big Sur 11.0.1</h1> <div class="intro"><p>This document describes the security content of macOS Big Sur 11.0.1.</p>
</div> <div itemprop="author" itemscope="" itemtype="http://schema.org/Organization"> <meta itemprop="name" content="Apple"> </div> <div id="sections" itemprop="articleBody"> <div>
<h2>About Apple security updates</h2> <div><p>For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the <a href="https://support.apple.com/kb/HT201222">Apple security updates</a> page.</p><p>Apple security documents reference vulnerabilities by <a href="http://cve.mitre.org/about/">CVE-ID</a> when possible.</p><p>For more information about security, see the <a href="https://support.apple.com/kb/HT201220">Apple Product Security</a> page.</p>
</div> </div>
<div>
<div><p><img alt="" src="About%20the%20security%20content%20of%20macOS%20Big%20Sur%2011.0.1%20-%20Apple%20Support_files/divider.png"></p>
</div> </div>
<div>
<h2>macOS Big Sur 11.0.1</h2> <div><p><span class="note">Released November 12, 2020</span></p><p><strong>AMD</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A malicious application may be able to execute arbitrary code with system privileges</p><p style="margin-left: 40px;">Description: A memory corruption issue was addressed with improved input validation.</p><p style="margin-left: 40px;">CVE-2020-27914: Yu Wang of Didi Research America</p><p style="margin-left: 40px;">CVE-2020-27915: Yu Wang of Didi Research America</p><p style="margin-left: 40px;"><span class="note">Entry added December 14, 2020</span></p><p><strong>App Store</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: An application may be able to gain elevated privileges</p><p style="margin-left: 40px;">Description: This issue was addressed by removing the vulnerable code.</p><p style="margin-left: 40px;">CVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab</p><p><strong>Audio</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution</p><p style="margin-left: 40px;">Description: An out-of-bounds read was addressed with improved input validation.</p><p style="margin-left: 40px;">CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab</p><p><strong>Audio</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution</p><p style="margin-left: 40px;">Description: An out-of-bounds write was addressed with improved input validation.</p><p style="margin-left: 40px;">CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab</p><p><strong>Audio</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A malicious application may be able to read restricted memory</p><p style="margin-left: 40px;">Description: An out-of-bounds read was addressed with improved bounds checking.</p><p style="margin-left: 40px;">CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab</p><p><strong>Audio</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: An application may be able to read restricted memory</p><p style="margin-left: 40px;">Description: An out-of-bounds read was addressed with improved bounds checking.</p><p style="margin-left: 40px;">CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab</p><p><strong>Bluetooth</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A remote attacker may be able to cause unexpected application termination or heap corruption</p><p style="margin-left: 40px;">Description: Multiple integer overflows were addressed with improved input validation.</p><p style="margin-left: 40px;">CVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab</p><p><strong>CoreAudio</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution</p><p style="margin-left: 40px;">Description: An out-of-bounds read was addressed with improved input validation.</p><p style="margin-left: 40px;">CVE-2020-27908: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab</p><p style="margin-left: 40px;">CVE-2020-27909: Anonymous working with Trend Micro Zero Day Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year Lab</p><p style="margin-left: 40px;">CVE-2020-9960: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab</p><p style="margin-left: 40px;"><span class="note">Entry added December 14, 2020</span></p><p><strong>CoreAudio</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution</p><p style="margin-left: 40px;">Description: An out-of-bounds write was addressed with improved input validation.</p><p style="margin-left: 40px;">CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Security Light-Year Lab</p><p><strong>CoreCapture</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: An application may be able to execute arbitrary code with kernel privileges</p><p style="margin-left: 40px;">Description: A use after free issue was addressed with improved memory management.</p><p style="margin-left: 40px;">CVE-2020-9949: Proteas</p><p><strong>CoreGraphics</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: Processing a maliciously crafted image may lead to arbitrary code execution</p><p style="margin-left: 40px;">Description: An out-of-bounds write was addressed with improved input validation.</p><p style="margin-left: 40px;">CVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro</p><p><strong>Crash Reporter</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A local attacker may be able to elevate their privileges</p><p style="margin-left: 40px;">Description: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.</p><p style="margin-left: 40px;">CVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan</p><p><strong>CoreText</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: Processing a maliciously crafted font file may lead to arbitrary code execution</p><p style="margin-left: 40px;">Description: A logic issue was addressed with improved state management.</p><p style="margin-left: 40px;">CVE-2020-27922: Mickey Jin of Trend Micro</p><p style="margin-left: 40px;"><span class="note">Entry added December 14, 2020</span></p><p><strong>CoreText</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: Processing a maliciously crafted text file may lead to arbitrary code execution</p><p style="margin-left: 40px;">Description: A memory corruption issue was addressed with improved state management.</p><p style="margin-left: 40px;">CVE-2020-9999: Apple</p><p style="margin-left: 40px;"><span class="note">Entry updated December 14, 2020</span></p><p><strong>Disk Images</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: An application may be able to execute arbitrary code with kernel privileges</p><p style="margin-left: 40px;">Description: An out-of-bounds read was addressed with improved input validation.</p><p style="margin-left: 40px;">CVE-2020-9965: Proteas</p><p style="margin-left: 40px;">CVE-2020-9966: Proteas</p><p><strong>Finder</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: Users may be unable to remove metadata indicating where files were downloaded from</p><p style="margin-left: 40px;">Description: The issue was addressed with additional user controls.</p><p style="margin-left: 40px;">CVE-2020-27894: Manuel Trezza of Shuggr (shuggr.com)</p><p><strong>FontParser</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: Processing a maliciously crafted image may lead to arbitrary code execution</p><p style="margin-left: 40px;">Description: A buffer overflow was addressed with improved size validation.</p><p style="margin-left: 40px;">CVE-2020-9962: Yiğit Can YILMAZ (@yilmazcanyigit)</p><p style="margin-left: 40px;"><span class="note">Entry added December 14, 2020</span></p><p><strong>FontParser</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: Processing a maliciously crafted font file may lead to arbitrary code execution</p><p style="margin-left: 40px;">Description: An out-of-bounds write was addressed with improved input validation.</p><p style="margin-left: 40px;">CVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of Trend Micro</p><p style="margin-left: 40px;"><span class="note">Entry added December 14, 2020</span></p><p><strong>FontParser</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: Processing a maliciously crafted font file may lead to arbitrary code execution</p><p style="margin-left: 40px;">Description: An out-of-bounds read was addressed with improved input validation.</p><p style="margin-left: 40px;">CVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile Security Research Team working with Trend Micro’s Zero Day Initiative</p><p style="margin-left: 40px;"><span class="note">Entry added December 14, 2020</span></p><p><strong>FontParser</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: Processing a maliciously crafted font file may lead to arbitrary code execution</p><p style="margin-left: 40px;">Description: A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation.</p><p style="margin-left: 40px;">CVE-2020-27931: Apple</p><p style="margin-left: 40px;"><span class="note">Entry added December 14, 2020</span></p><p><strong>FontParser</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild.</p><p style="margin-left: 40px;">Description: A memory corruption issue was addressed with improved input validation.</p><p style="margin-left: 40px;">CVE-2020-27930: Google Project Zero</p><p><strong>FontParser</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: Processing a maliciously crafted font file may lead to arbitrary code execution</p><p style="margin-left: 40px;">Description: An out-of-bounds write issue was addressed with improved bounds checking.</p><p style="margin-left: 40px;">CVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab</p><p><strong>Foundation</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A local user may be able to read arbitrary files</p><p style="margin-left: 40px;">Description: A logic issue was addressed with improved state management.</p><p style="margin-left: 40px;">CVE-2020-10002: James Hutchins</p><p><strong>HomeKit</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: An attacker in a privileged network position may be able to unexpectedly alter application state</p><p style="margin-left: 40px;">Description: This issue was addressed with improved setting propagation.</p><p style="margin-left: 40px;">CVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana University Bloomington, Yan Jia of Xidian University and University of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University of Science and Technology</p><p style="margin-left: 40px;"><span class="note">Entry added December 14, 2020</span></p><p><strong>ImageIO</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: Processing a maliciously crafted image may lead to arbitrary code execution</p><p style="margin-left: 40px;">Description: An out-of-bounds write issue was addressed with improved bounds checking.</p><p style="margin-left: 40px;">CVE-2020-9955: Mickey Jin of Trend Micro, Xingwei Lin of Ant Security Light-Year Lab</p><p style="margin-left: 40px;"><span class="note">Entry added December 14, 2020</span></p><p><strong>ImageIO</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: Processing a maliciously crafted image may lead to arbitrary code execution</p><p style="margin-left: 40px;">Description: An out-of-bounds read was addressed with improved input validation.</p><p style="margin-left: 40px;">CVE-2020-27924: Lei Sun</p><p style="margin-left: 40px;"><span class="note">Entry added December 14, 2020</span></p><p><strong>ImageIO</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: Processing a maliciously crafted image may lead to arbitrary code execution</p><p style="margin-left: 40px;">Description: An out-of-bounds write was addressed with improved input validation.</p><p style="margin-left: 40px;">CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab</p><p style="margin-left: 40px;">CVE-2020-27923: Lei Sun</p><p style="margin-left: 40px;"><span class="note">Entry updated December 14, 2020</span></p><p><strong>ImageIO</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution</p><p style="margin-left: 40px;">Description: An out-of-bounds write issue was addressed with improved bounds checking.</p><p style="margin-left: 40px;">CVE-2020-9876: Mickey Jin of Trend Micro</p><p><strong>Intel Graphics Driver</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: An application may be able to execute arbitrary code with kernel privileges</p><p style="margin-left: 40px;">Description: An out-of-bounds write issue was addressed with improved bounds checking.</p><p style="margin-left: 40px;">CVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day Initiative</p><p style="margin-left: 40px;">CVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc., and Luyi Xing of Indiana University Bloomington</p><p style="margin-left: 40px;"><span class="note">Entry added December 14, 2020</span></p><p><strong>Intel Graphics Driver</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: An application may be able to execute arbitrary code with kernel privileges</p><p style="margin-left: 40px;">Description: A memory corruption issue was addressed with improved memory handling.</p><p style="margin-left: 40px;">CVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day Initiative</p><p style="margin-left: 40px;"><span class="note">Entry added December 14, 2020</span></p><p><strong>Image Processing</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: Processing a maliciously crafted image may lead to arbitrary code execution</p><p style="margin-left: 40px;">Description: An out-of-bounds write was addressed with improved input validation.</p><p style="margin-left: 40px;">CVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei Lin of Ant Security Light-Year Lab</p><p style="margin-left: 40px;"><span class="note">Entry added December 14, 2020</span></p><p><strong>Kernel</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory</p><p style="margin-left: 40px;">Description: Multiple memory corruption issues were addressed with improved input validation.</p><p style="margin-left: 40px;">CVE-2020-9967: Alex Plaskett (@alexjplaskett)</p><p style="margin-left: 40px;"><span class="note">Entry added December 14, 2020</span></p><p><strong>Kernel</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: An application may be able to execute arbitrary code with kernel privileges</p><p style="margin-left: 40px;">Description: A use after free issue was addressed with improved memory management.</p><p style="margin-left: 40px;">CVE-2020-9975: Tielei Wang of Pangu Lab</p><p style="margin-left: 40px;"><span class="note">Entry added December 14, 2020</span></p><p><strong>Kernel</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: An application may be able to execute arbitrary code with kernel privileges</p><p style="margin-left: 40px;">Description: A race condition was addressed with improved state handling.</p><p style="margin-left: 40px;">CVE-2020-27921: Linus Henze (pinauten.de)</p><p style="margin-left: 40px;"><span class="note">Entry added December 14, 2020</span></p><p><strong>Kernel</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: An application may be able to execute arbitrary code with kernel privileges</p><p style="margin-left: 40px;">Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management.</p><p style="margin-left: 40px;">CVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqong Security Lab</p><p><strong>Kernel</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel</p><p style="margin-left: 40px;">Description: A routing issue was addressed with improved restrictions.</p><p style="margin-left: 40px;">CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall</p><p><strong>Kernel</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild.</p><p style="margin-left: 40px;">Description: A memory initialization issue was addressed.</p><p style="margin-left: 40px;">CVE-2020-27950: Google Project Zero</p><p><strong>Kernel</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A malicious application may be able to determine kernel memory layout</p><p style="margin-left: 40px;">Description: A logic issue was addressed with improved state management.</p><p style="margin-left: 40px;">CVE-2020-9974: Tommy Muir (@Muirey03)</p><p><strong>Kernel</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: An application may be able to execute arbitrary code with kernel privileges</p><p style="margin-left: 40px;">Description: A memory corruption issue was addressed with improved state management.</p><p style="margin-left: 40px;">CVE-2020-10016: Alex Helie</p><p><strong>Kernel</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.</p><p style="margin-left: 40px;">Description: A type confusion issue was addressed with improved state handling.</p><p style="margin-left: 40px;">CVE-2020-27932: Google Project Zero</p><p><strong>libxml2</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: Processing maliciously crafted web content may lead to code execution</p><p style="margin-left: 40px;">Description: A use after free issue was addressed with improved memory management.</p><p style="margin-left: 40px;">CVE-2020-27917: found by OSS-Fuzz</p><p style="margin-left: 40px;">CVE-2020-27920: found by OSS-Fuzz</p><p style="margin-left: 40px;"><span class="note">Entry updated December 14, 2020</span></p><p><strong>libxml2</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution</p><p style="margin-left: 40px;">Description: An integer overflow was addressed through improved input validation.</p><p style="margin-left: 40px;">CVE-2020-27911: found by OSS-Fuzz</p><p><strong>libxpc</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A malicious application may be able to elevate privileges</p><p style="margin-left: 40px;">Description: A logic issue was addressed with improved validation.</p><p style="margin-left: 40px;">CVE-2020-9971: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab</p><p style="margin-left: 40px;"><span class="note">Entry added December 14, 2020</span></p><p><strong>libxpc</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A malicious application may be able to break out of its sandbox</p><p style="margin-left: 40px;">Description: A parsing issue in the handling of directory paths was addressed with improved path validation.</p><p style="margin-left: 40px;">CVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab</p><p><strong>Logging</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A local attacker may be able to elevate their privileges</p><p style="margin-left: 40px;">Description: A path handling issue was addressed with improved validation.</p><p style="margin-left: 40px;">CVE-2020-10010: Tommy Muir (@Muirey03)</p><p><strong>Mail</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A remote attacker may be able to unexpectedly alter application state</p><p style="margin-left: 40px;">Description: This issue was addressed with improved checks.</p><p style="margin-left: 40px;">CVE-2020-9941: Fabian Ising of FH Münster University of Applied Sciences and Damian Poddebniak of FH Münster University of Applied Sciences</p><p><strong>Messages</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A local user may be able to discover a user’s deleted messages</p><p style="margin-left: 40px;">Description: The issue was addressed with improved deletion.</p><p style="margin-left: 40px;">CVE-2020-9988: William Breuer of the Netherlands</p><p style="margin-left: 40px;">CVE-2020-9989: von Brunn Media</p><p><strong>Model I/O</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution</p><p style="margin-left: 40px;">Description: An out-of-bounds read was addressed with improved bounds checking.</p><p style="margin-left: 40px;">CVE-2020-10011: Aleksandar Nikolic of Cisco Talos</p><p style="margin-left: 40px;"><span class="note">Entry added December 14, 2020</span></p><p><strong>Model I/O</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution</p><p style="margin-left: 40px;">Description: An out-of-bounds read was addressed with improved input validation.</p><p style="margin-left: 40px;">CVE-2020-13524: Aleksandar Nikolic of Cisco Talos</p><p><strong>Model I/O</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution</p><p style="margin-left: 40px;">Description: A logic issue was addressed with improved state management.</p><p style="margin-left: 40px;">CVE-2020-10004: Aleksandar Nikolic of Cisco Talos</p><p><strong>NetworkExtension</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A malicious application may be able to elevate privileges</p><p style="margin-left: 40px;">Description: A use after free issue was addressed with improved memory management.</p><p style="margin-left: 40px;">CVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and Mickey Jin of Trend Micro</p><p><strong>NSRemoteView</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A sandboxed process may be able to circumvent sandbox restrictions</p><p style="margin-left: 40px;">Description: A logic issue was addressed with improved restrictions.</p><p style="margin-left: 40px;">CVE-2020-27901: Thijs Alkemade of Computest Research Division</p><p style="margin-left: 40px;"><span class="note">Entry added December 14, 2020</span></p><p><strong>NSRemoteView</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A malicious application may be able to preview files it does not have access to</p><p style="margin-left: 40px;">Description: An issue existed in the handling of snapshots. The issue was resolved with improved permissions logic.</p><p style="margin-left: 40px;">CVE-2020-27900: Thijs Alkemade of Computest Research Division</p><p><strong>PCRE</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: Multiple issues in pcre</p><p style="margin-left: 40px;">Description: Multiple issues were addressed by updating to version 8.44.</p><p style="margin-left: 40px;">CVE-2019-20838</p><p style="margin-left: 40px;">CVE-2020-14155</p><p><strong>Power Management</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A malicious application may be able to determine kernel memory layout</p><p style="margin-left: 40px;">Description: A logic issue was addressed with improved state management.</p><p style="margin-left: 40px;">CVE-2020-10007: singi@theori working with Trend Micro Zero Day Initiative</p><p><strong>python</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: Cookies belonging to one origin may be sent to another origin</p><p style="margin-left: 40px;">Description: Multiple issues were addressed with improved logic.</p><p style="margin-left: 40px;">CVE-2020-27896: an anonymous researcher</p><p><strong>Quick Look</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A malicious app may be able to determine the existence of files on the computer</p><p style="margin-left: 40px;">Description: The issue was addressed with improved handling of icon caches.</p><p style="margin-left: 40px;">CVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security</p><p><strong>Quick Look</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: Processing a maliciously crafted document may lead to a cross site scripting attack</p><p style="margin-left: 40px;">Description: An access issue was addressed with improved access restrictions.</p><p style="margin-left: 40px;">CVE-2020-10012: Heige of KnownSec 404 Team (https://www.knownsec.com/) and Bo Qu of Palo Alto Networks (https://www.paloaltonetworks.com/)</p><p><strong>Ruby</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A remote attacker may be able to modify the file system</p><p style="margin-left: 40px;">Description: A path handling issue was addressed with improved validation.</p><p style="margin-left: 40px;">CVE-2020-27896: an anonymous researcher</p><p><strong>Ruby</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: When parsing certain JSON documents, the json gem can be coerced into creating arbitrary objects in the target system</p><p style="margin-left: 40px;">Description: This issue was addressed with improved checks.</p><p style="margin-left: 40px;">CVE-2020-10663: Jeremy Evans</p><p><strong>Safari</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: Visiting a malicious website may lead to address bar spoofing</p><p style="margin-left: 40px;">Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.</p><p style="margin-left: 40px;">CVE-2020-9945: Narendra Bhati From Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati</p><p><strong>Safari</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A malicious application may be able to determine a user's open tabs in Safari</p><p style="margin-left: 40px;">Description: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement.</p><p style="margin-left: 40px;">CVE-2020-9977: Josh Parnham (@joshparnham)</p><p><strong>Safari</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: Visiting a malicious website may lead to address bar spoofing</p><p style="margin-left: 40px;">Description: An inconsistent user interface issue was addressed with improved state management.</p><p style="margin-left: 40px;">CVE-2020-9942: an anonymous researcher, Rahul d Kankrale (servicenger.com), Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter, Ruilin Yang of Tencent Security Xuanwu Lab, YoKo Kho (@YoKoAcc) of PT Telekomunikasi Indonesia (Persero) Tbk, Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab</p><p><strong>Sandbox</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A local user may be able to view senstive user information</p><p style="margin-left: 40px;">Description: An access issue was addressed with additional sandbox restrictions.</p><p style="margin-left: 40px;">CVE-2020-9969: Wojciech Reguła of SecuRing (wojciechregula.blog)</p><p><strong>SQLite</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A remote attacker may be able to cause a denial of service</p><p style="margin-left: 40px;">Description: This issue was addressed with improved checks.</p><p style="margin-left: 40px;">CVE-2020-9991</p><p><strong>SQLite</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A remote attacker may be able to leak memory</p><p style="margin-left: 40px;">Description: An information disclosure issue was addressed with improved state management.</p><p style="margin-left: 40px;">CVE-2020-9849</p><p><strong>SQLite</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: Multiple issues in SQLite</p><p style="margin-left: 40px;">Description: Multiple issues were addressed by updating SQLite to version 3.32.3.</p><p style="margin-left: 40px;">CVE-2020-15358</p><p><strong>SQLite</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A maliciously crafted SQL query may lead to data corruption</p><p style="margin-left: 40px;">Description: This issue was addressed with improved checks.</p><p style="margin-left: 40px;">CVE-2020-13631</p><p><strong>SQLite</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A remote attacker may be able to cause a denial of service</p><p style="margin-left: 40px;">Description: This issue was addressed with improved checks.</p><p style="margin-left: 40px;">CVE-2020-13434</p><p style="margin-left: 40px;">CVE-2020-13435</p><p style="margin-left: 40px;">CVE-2020-9991</p><p><strong>SQLite</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A remote attacker may be able to cause arbitrary code execution</p><p style="margin-left: 40px;">Description: A memory corruption issue was addressed with improved state management.</p><p style="margin-left: 40px;">CVE-2020-13630</p><p><strong>Symptom Framework</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A local attacker may be able to elevate their privileges</p><p style="margin-left: 40px;">Description: A use after free issue was addressed with improved memory management.</p><p style="margin-left: 40px;">CVE-2020-27899: 08Tc3wBB working with ZecOps</p><p style="margin-left: 40px;"><span class="note">Entry added December 14, 2020</span></p><p><strong>System Preferences</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A sandboxed process may be able to circumvent sandbox restrictions</p><p style="margin-left: 40px;">Description: A logic issue was addressed with improved state management.</p><p style="margin-left: 40px;">CVE-2020-10009: Thijs Alkemade of Computest Research Division</p><p><strong>TCC</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A malicious application with root privileges may be able to access private information</p><p style="margin-left: 40px;">Description: A logic issue was addressed with improved restrictions.</p><p style="margin-left: 40px;">CVE-2020-10008: Wojciech Reguła of SecuRing (wojciechregula.blog)</p><p style="margin-left: 40px;"><span class="note">Entry added December 14, 2020</span></p><p><strong>WebKit</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: Processing maliciously crafted web content may lead to arbitrary code execution</p><p style="margin-left: 40px;">Description: A use after free issue was addressed with improved memory management.</p><p style="margin-left: 40px;">CVE-2020-27918: Liu Long of Ant Security Light-Year Lab</p><p style="margin-left: 40px;"><span class="note">Entry updated December 14, 2020</span></p><p><strong>Wi-Fi</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: An attacker may be able to bypass Managed Frame Protection</p><p style="margin-left: 40px;">Description: A denial of service issue was addressed with improved state handling.</p><p style="margin-left: 40px;">CVE-2020-27898: Stephan Marais of University of Johannesburg</p><p><strong>XNU</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A sandboxed process may be able to circumvent sandbox restrictions</p><p style="margin-left: 40px;">Description: Multiple issues were addressed with improved logic.</p><p style="margin-left: 40px;">CVE-2020-27935: Lior Halphon (@LIJI32)</p><p style="margin-left: 40px;"><span class="note">Entry added December 17, 2020</span></p><p><strong>Xsan</strong></p><p style="margin-left: 40px;">Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)</p><p style="margin-left: 40px;">Impact: A malicious application may be able to access restricted files</p><p style="margin-left: 40px;">Description: This issue was addressed with improved entitlements.</p><p style="margin-left: 40px;">CVE-2020-10006: Wojciech Reguła (@_r3ggi) of SecuRing</p>
</div> </div>
<div>
<div><p><img alt="" src="About%20the%20security%20content%20of%20macOS%20Big%20Sur%2011.0.1%20-%20Apple%20Support_files/divider.png"></p>
</div> </div>
<div>
<h2>Additional recognition</h2> <div><p><strong>802.1X</strong></p><p style="margin-left: 40px;">We would like to acknowledge Kenana Dalle of Hamad bin Khalifa University and Ryan Riley of Carnegie Mellon University in Qatar for their assistance.</p><p style="margin-left: 40px;"><span class="note">Entry added December 14, 2020</span></p><p><strong>Audio</strong></p><p style="margin-left: 40px;">We would like to acknowledge JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab, an anonymous researcher for their assistance.</p><p><strong>Bluetooth</strong></p><p style="margin-left: 40px;">We would like to acknowledge Andy Davis of NCC Group, Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their assistance.</p><p style="margin-left: 40px;"><span class="note">Entry updated December 14, 2020</span></p><p><strong>Clang</strong></p><p style="margin-left: 40px;">We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.</p><p><strong>Core Location</strong></p><p style="margin-left: 40px;">We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance.</p><p><strong>Crash Reporter</strong></p><p style="margin-left: 40px;">We would like to acknowledge Artur Byszko of AFINE for their assistance.</p><p style="margin-left: 40px;"><span class="note">Entry added December 14, 2020</span></p><p><strong>Directory Utility</strong></p><p style="margin-left: 40px;">We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.</p><p><strong>iAP</strong></p><p style="margin-left: 40px;">We would like to acknowledge Andy Davis of NCC Group for their assistance.</p><p><strong>Kernel</strong></p><p style="margin-left: 40px;">We would like to acknowledge Brandon Azad of Google Project Zero, Stephen Röttger of Google for their assistance.</p><p><strong>libxml2</strong></p><p style="margin-left: 40px;">We would like to acknowledge an anonymous researcher for their assistance.</p><p style="margin-left: 40px;"><span class="note">Entry added December 14, 2020</span></p><p><strong>Login Window</strong></p><p style="margin-left: 40px;">We would like to acknowledge Rob Morton of Leidos for their assistance.</p><p><strong>Photos Storage</strong></p><p style="margin-left: 40px;">We would like to acknowledge Paulos Yibelo of LimeHats for their assistance.</p><p><strong>Quick Look</strong></p><p style="margin-left: 40px;">We would like to acknowledge Csaba Fitzl (@theevilbit) and Wojciech Reguła of SecuRing (wojciechregula.blog) for their assistance.</p><p><strong>Safari</strong></p><p style="margin-left: 40px;">We would like to acknowledge Gabriel Corona and Narendra Bhati From Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati for their assistance.</p><p><strong>Security</strong></p><p style="margin-left: 40px;">We would like to acknowledge Christian Starkjohann of Objective Development Software GmbH for their assistance.</p><p><strong>System Preferences</strong></p><p style="margin-left: 40px;">We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.</p>
</div> </div>
</div> <div class="sosumi"><p>Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. <a href="http://support.apple.com/kb/HT2693">Contact the vendor</a> for additional information.</p>
</div> <div class="mod-date"> <span>Published Date:</span> <time datetime="2020-12-17" itemprop="datePublished">December 17, 2020</time> </div> </div> </div> </div> </div> </section> </div> </div> <div id="helpful-rating-wrapper"> <div id="helpful" class="ratings"> <div id="question-state" class="show"> <fieldset> <legend> <div id="okapi-a"> <span>Helpful?</span> </div> </legend> <div class="helpful-btn-grp"> <button class="button" id="yes-button" data-ss-analytics-link-component_name="helpful" data-ss-analytics-link-component_type="helpful" data-ss-analytics-link-text="yes" data-ss-analytics-event="acs.link_click" title="Solved my problem"> Yes </button> <button class="button" id="no-button" data-ss-analytics-link-component_name="helpful" data-ss-analytics-link-component_type="helpful" data-ss-analytics-link-text="no" data-ss-analytics-event="acs.link_click" title="Not helpful"> No </button> </div> </fieldset> </div>
<div id="feedback-state" class="form-element form-textbox-labelbelow hide"> <form autocomplete="off"> <input type="hidden" id="form-counter-error-message" value="Maximum character limit is 250."> <label id="feedback-label" htmlfor="feedback" data-no-label="Thanks for letting us know." data-yes-label="We’re glad this article helped."></label> <div class="form-element form-textbox-labelbelow" id="feedback"> <textarea class="form-textbox form-textbox-textarea form-counter-textarea form-textbox-entered" data-no-placeholder="How can we make this article more helpful? (Optional)" data-yes-placeholder="Anything else you’d like us to know? (Optional)" data-max-length="250" aria-labelledby="optional_label" aria-describedby="char_limit_counter"></textarea> <div class="form-textarea-paddingcover"> <div class="form-textarea-paddingcover-color"></div> </div> <span class="form-label" id="optional_label" aria-hidden="true"></span> <div class="form-textbox-counter" id="char_limit_counter"> <span class="visuallyhidden" id="char-limit-message">Character limit:</span> <span class="form-counter">250</span> </div> <label htmlfor="feedback-note">Please don’t include any personal information in your comment.</label> <div class="form-message-wrapper"> <span class="form-message">Maximum character limit is 250.</span> </div> <button type="submit" class="button" id="submit-feedback"> Submit </button> </div> </form> </div>
<div id="rating-done" class="hide"> Thanks for your feedback. </div>
<div id="results-helpful" class="show"> </div></div>
</div> <div id="ask-widget-wrapper" class="css-not-downloaded discussions"> <div id="ask-widget"> <div class="contentWrapper"> <div class="sectionHeaderLayout"> <div class="icon"></div> <div class="titleTextLayout"> <h2 class="title">Start a discussion <span id="discussion-subtitle">in Apple Support Communities</span></h2> </div> </div>
<div class="sectionFormInputLayout"> <form action="https://discussions.apple.com/create/question" id="question-form" method="get" data-ss-analytics-link-component_name="Start a discussion" data-ss-analytics-link-component_type="discussion" data-ss-analytics-link-text="Submit my question" data-ss-analytics-link-url="https://discussions.apple.com/create/question" data-ss-analytics-event="acs.link_click" data-ignore-tracking="true"> <span class="fieldwrap"> <label htmlfor="interactiveQuestionSearchField" class="a11y"> Ask other users about this article </label> <input type="hidden" id="discussionFormArticleId" name="articleId" value="HT211931"> <input type="hidden" id="ols_discussion_error_no_question" value="Please enter your question!"> <div class="form-element"> <input id="questionInputField" type="text" class="questionInputField form-textbox form-textbox-text" name="title" maxlength="255" aria-labelledby="placeholder-text" aria-invalid="false"> <span class="form-label" id="placeholder-text" aria-hidden="true">Ask other users about this article</span> </div> </span>
<div class="jive-widget-question-div clearfix" id="question-submit"> <input type="submit" class="questionSubmitFormButton button button-secondary button-compact" value="Submit my question"> </div>
<a data-ss-analytics-link-component_name="Start a discussion" data-ss-analytics-link-component_type="discussion" data-ss-analytics-link-text="See all questions on this article" data-ss-analytics-link-url="https://discussions.apple.com/article/HT211931" data-ss-analytics-event="acs.link_click" class="see-all-questions" href="https://discussions.apple.com/article/HT211931"> See all questions on this article <span class="icon icon-chevronright" aria-hidden="true"> </span></a>
</form> </div> </div></div> </div>
<div id="cas"> <div id="promo" class="one"></div> </div> <div id="flexbanner-wrapper"> <div id="flexbanner"></div> </div> <div class="footer-wrapper"> <footer id="ac-globalfooter" dir="ltr" class="js no-touch svg no-ie7 no-ie8 footer-global" data-analytics-region="global footer" role="contentinfo" aria-labelledby="ac-gf-label" lang="en-us"> <div class="ac-gf-content"> <h2 class="ac-gf-label" id="ac-gf-label">Apple Footer</h2> <nav class="ac-gf-breadcrumbs" aria-label="Breadcrumbs" role="navigation"> <a href="https://www.apple.com/" class="home ac-gf-breadcrumbs-home"> <span class="ac-gf-breadcrumbs-home-icon" aria-hidden="true"></span> <span class="ac-gf-breadcrumbs-home-label">Apple</span> <span class="ac-gf-breadcrumbs-home-chevron"></span> <span class="ac-gf-breadcrumbs-home-mask"></span> </a> <div class="ac-gf-breadcrumbs-path"> <ol class="ac-gf-breadcrumbs-list" vocab="http://schema.org/" typeof="BreadcrumbList"> <li class="ac-gf-breadcrumbs-item" property="itemListElement" typeof="ListItem"> <span property="name"> <a href="https://support.apple.com/">Support</a> </span> <meta property="position" content="1"> </li>
<li class="ac-gf-breadcrumbs-item" property="itemListElement" typeof="ListItem"> <span property="name">About the security content of macOS Big Sur 11.0.1</span> <meta property="position" content="2"> </li>
</ol> </div> </nav> <section class="ac-gf-footer" vocab="https://schema.org/" typeof="Organization"> <div class="ac-gf-footer-shop" x-ms-format-detection="none"></div> <div class="ac-gf-footer-locale"> <a class="ac-gf-footer-locale-link" href="https://support.apple.com/en-us/HT211931/localeselector" title="Choose your country or region" aria-label="United States. Choose your country or region">United States</a> </div> <div class="ac-gf-footer-legal"> <div class="ac-gf-footer-legal-copyright">Copyright © 2021 Apple Inc. All rights reserved.</div> <div class="ac-gf-footer-legal-links"> <a class="ac-gf-footer-legal-link analytics-exitlink" href="https://www.apple.com/legal/privacy/en-ww/">Privacy Policy</a> <a class="ac-gf-footer-legal-link analytics-exitlink" href="https://www.apple.com/legal/internet-services/terms/site.html">Terms of Use</a> <a class="ac-gf-footer-legal-link analytics-exitlink" href="https://www.apple.com/shop/goto/help/sales_refunds">Sales and Refunds</a> <a class="ac-gf-footer-legal-link" href="https://www.apple.com/sitemap/">Site Map</a></div> </div> <meta content="Apple" property="name"> <meta content="1-800-692-7753" property="telephone"> </section> </div> </footer> </div>
<script src="About%20the%20security%20content%20of%20macOS%20Big%20Sur%2011.0.1%20-%20Apple%20Support_files/FujiStitchPath.js" type="text/javascript" charset="utf-8"></script> <script src="About%20the%20security%20content%20of%20macOS%20Big%20Sur%2011.0.1%20-%20Apple%20Support_files/app-ht-route.js" type="text/javascript" charset="utf-8"></script> <script src="About%20the%20security%20content%20of%20macOS%20Big%20Sur%2011.0.1%20-%20Apple%20Support_files/accsoffer.js" type="text/javascript" charset="utf-8"></script> <script src="About%20the%20security%20content%20of%20macOS%20Big%20Sur%2011.0.1%20-%20Apple%20Support_files/ac-globalnav.js" type="text/javascript" charset="utf-8"></script><div id="ac-gn-viewport-emitter"> </div> <script src="About%20the%20security%20content%20of%20macOS%20Big%20Sur%2011.0.1%20-%20Apple%20Support_files/launch.js" type="text/javascript" charset="utf-8"></script><script>_satellite["_runScript1"](function(event, target, Promise) {try{ window._analytics = window._analytics || {}; var mag_glass = document.getElementById("ac-gn-link-search"), search_input = document.getElementById("ac-gn-searchform-input");
function get_index(linkText){ var arr = document.getElementById("ac-gn-searchresults").getElementsByTagName("li"), count = 1; while (count > 0) { if (arr[count - 1].textContent.trim().toLowerCase() === linkText) { break; } else { count++; } } return count; }
function scrape_link_data(link, linktype){ var text = link.textContent.trim().toLowerCase(), dest = link.getAttribute("href").toLowerCase(); window._applemd.search = { location: "globalnav_support", link_type: linktype, dest_url: dest, link_text: text, link_index: get_index(text), dest_platform: _satellite.getVar("FN:Get_Link_Dest_Platform")(dest) } }
//set beacon for mag glass click if (!!mag_glass && !mag_glass.getAttribute("data-analytics-listener-added")) { mag_glass.setAttribute("data-analytics-listener-added", "true") mag_glass.addEventListener("mousedown", function () { window._applemd.search = { name: "click-mag-glass", link_type: "acs", link_text: "internal search" } _satellite.track("search"); setTimeout(function(){ window._applemd.search = {}; }, 200) }); }
function link_selected_event(event){ var target = event.target, link_found = false; try { //bolded text in dropdown links is captured here. if (target.tagName !== "A" && target.parentElement.tagName === "A") { target = target.parentElement; } //quick link if (target.classList.contains("ac-gn-searchresults-link") && !(target.classList.contains("ac-gn-searchresults-link-suggestions"))) { scrape_link_data(target, "quicklink"); link_found = true; } //suggested search link else if (target.classList.contains("ac-gn-searchresults-link-suggestions")) { scrape_link_data(target, "suggested search"); link_found = true; } } catch(e) { } return link_found; }
//listen for clicks on quick links if(!window._analytics.document_listener_added){ window._analytics.document_listener_added = true; document.addEventListener("mousedown", function (event) { if(link_selected_event(event)){ _satellite.track("search"); } }) } //race condition prevents this edge case, page navigates and deselects 'current' before tracking event can fire //track user navigates to link with arrow keys and hits enter if(!window._analytics.document_key_listener_added){ window._analytics.document_key_listener_added = true; document.addEventListener("keyup", function (event) { window._applemd.search = {}; var current = document.getElementsByClassName("ac-gn-searchresults-link current")[0] || document.querySelector('a[data-focus-method="key"]'); link_selected_event({target:current}) }) document.addEventListener("keydown", function (event) { if (event.keyCode === 13 && !!_applemd.search && !!_applemd.search.link_type) { _satellite.track("search"); } }) }
//track user type search term and hits enter key if (!!search_input && !search_input.getAttribute("data-analytics-key-listener-added")) { search_input.addEventListener("keydown", function (event) { search_input.setAttribute("data-analytics-key-listener-added", "true"); if (event.keyCode === 13) { input = search_input.value.trim().toLowerCase(); if (input) { window._applemd.search = { location: "globalnav_support", link_type: "user", link_text: input, dest_url: "https://support.apple.com/kb/index", dest_platform: _satellite.getVar("FN:Get_Link_Dest_Platform")("https://support.apple.com/kb/index") } _satellite.track("search"); } } }); }}catch(e){}});</script> <div id="apd-aria-live-region" aria-live="polite" role="status" class="a11y"></div>
</body></html>
|
