You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1150 lines
84 KiB
1150 lines
84 KiB
<!DOCTYPE html>
|
|
<html prefix="og: http://ogp.me/ns#" dir="ltr" lang="en"><head>
|
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
|
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
|
|
<title lang="en">About the security content of macOS
|
|
Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update
|
|
2020-004 High Sierra - Apple Support</title>
|
|
<link rel="dns-prefetch" href="https://www.apple.com/">
|
|
<link rel="preconnect" href="https://www.apple.com/" crossorigin="">
|
|
|
|
|
|
<link rel="canonical" href="https://support.apple.com/en-us/HT211289">
|
|
|
|
|
|
<link rel="alternate" hreflang="en-ie" href="https://support.apple.com/en-ie/HT211289">
|
|
|
|
<link rel="alternate" hreflang="ar-kw" href="https://support.apple.com/ar-kw/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-il" href="https://support.apple.com/en-il/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-in" href="https://support.apple.com/en-in/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-ae" href="https://support.apple.com/en-ae/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-za" href="https://support.apple.com/en-za/HT211289">
|
|
|
|
<link rel="alternate" hreflang="no-no" href="https://support.apple.com/no-no/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-al" href="https://support.apple.com/en-al/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-is" href="https://support.apple.com/en-is/HT211289">
|
|
|
|
<link rel="alternate" hreflang="el-gr" href="https://support.apple.com/el-gr/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-am" href="https://support.apple.com/en-am/HT211289">
|
|
|
|
<link rel="alternate" hreflang="nl-nl" href="https://support.apple.com/nl-nl/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-au" href="https://support.apple.com/en-au/HT211289">
|
|
|
|
<link rel="alternate" hreflang="he-il" href="https://support.apple.com/he-il/HT211289">
|
|
|
|
<link rel="alternate" hreflang="hu-hu" href="https://support.apple.com/hu-hu/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-jo" href="https://support.apple.com/en-jo/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-bh" href="https://support.apple.com/en-bh/HT211289">
|
|
|
|
<link rel="alternate" hreflang="es-cl" href="https://support.apple.com/es-cl/HT211289">
|
|
|
|
<link rel="alternate" hreflang="fr-sn" href="https://support.apple.com/fr-sn/HT211289">
|
|
|
|
<link rel="alternate" hreflang="fr-ca" href="https://support.apple.com/fr-ca/HT211289">
|
|
|
|
<link rel="alternate" hreflang="es-co" href="https://support.apple.com/es-co/HT211289">
|
|
|
|
<link rel="alternate" hreflang="pl-pl" href="https://support.apple.com/pl-pl/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-bn" href="https://support.apple.com/en-bn/HT211289">
|
|
|
|
<link rel="alternate" hreflang="pt-pt" href="https://support.apple.com/pt-pt/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-sa" href="https://support.apple.com/en-sa/HT211289">
|
|
|
|
<link rel="alternate" hreflang="fr-be" href="https://support.apple.com/fr-be/HT211289">
|
|
|
|
<link rel="alternate" hreflang="ar-eg" href="https://support.apple.com/ar-eg/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-bw" href="https://support.apple.com/en-bw/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-sg" href="https://support.apple.com/en-sg/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-ke" href="https://support.apple.com/en-ke/HT211289">
|
|
|
|
<link rel="alternate" hreflang="hr-hr" href="https://support.apple.com/hr-hr/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-om" href="https://support.apple.com/en-om/HT211289">
|
|
|
|
<link rel="alternate" hreflang="zh-mo" href="https://support.apple.com/zh-mo/HT211289">
|
|
|
|
<link rel="alternate" hreflang="de-at" href="https://support.apple.com/de-at/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-gu" href="https://support.apple.com/en-gu/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-gw" href="https://support.apple.com/en-gw/HT211289">
|
|
|
|
<link rel="alternate" hreflang="fr-gn" href="https://support.apple.com/fr-gn/HT211289">
|
|
|
|
<link rel="alternate" hreflang="fr-gq" href="https://support.apple.com/fr-gq/HT211289">
|
|
|
|
<link rel="alternate" hreflang="cs-cz" href="https://support.apple.com/cs-cz/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-ph" href="https://support.apple.com/en-ph/HT211289">
|
|
|
|
<link rel="alternate" hreflang="zh-tw" href="https://support.apple.com/zh-tw/HT211289">
|
|
|
|
<link rel="alternate" hreflang="ko-kr" href="https://support.apple.com/ko-kr/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-hk" href="https://support.apple.com/en-hk/HT211289">
|
|
|
|
<link rel="alternate" hreflang="sk-sk" href="https://support.apple.com/sk-sk/HT211289">
|
|
|
|
<link rel="alternate" hreflang="ru-ru" href="https://support.apple.com/ru-ru/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-qa" href="https://support.apple.com/en-qa/HT211289">
|
|
|
|
<link rel="alternate" hreflang="sv-se" href="https://support.apple.com/sv-se/HT211289">
|
|
|
|
<link rel="alternate" hreflang="da-dk" href="https://support.apple.com/da-dk/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-us" href="https://support.apple.com/en-us/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-mk" href="https://support.apple.com/en-mk/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-mn" href="https://support.apple.com/en-mn/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-eg" href="https://support.apple.com/en-eg/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-mo" href="https://support.apple.com/en-mo/HT211289">
|
|
|
|
<link rel="alternate" hreflang="fr-ne" href="https://support.apple.com/fr-ne/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-mt" href="https://support.apple.com/en-mt/HT211289">
|
|
|
|
<link rel="alternate" hreflang="nl-be" href="https://support.apple.com/nl-be/HT211289">
|
|
|
|
<link rel="alternate" hreflang="zh-cn" href="https://support.apple.com/zh-cn/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-mz" href="https://support.apple.com/en-mz/HT211289">
|
|
|
|
<link rel="alternate" hreflang="fr-ml" href="https://support.apple.com/fr-ml/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-my" href="https://support.apple.com/en-my/HT211289">
|
|
|
|
<link rel="alternate" hreflang="fr-mu" href="https://support.apple.com/fr-mu/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-ng" href="https://support.apple.com/en-ng/HT211289">
|
|
|
|
<link rel="alternate" hreflang="el-cy" href="https://support.apple.com/el-cy/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-vn" href="https://support.apple.com/en-vn/HT211289">
|
|
|
|
<link rel="alternate" hreflang="ja-jp" href="https://support.apple.com/ja-jp/HT211289">
|
|
|
|
<link rel="alternate" hreflang="de-ch" href="https://support.apple.com/de-ch/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-nz" href="https://support.apple.com/en-nz/HT211289">
|
|
|
|
<link rel="alternate" hreflang="ro-ro" href="https://support.apple.com/ro-ro/HT211289">
|
|
|
|
<link rel="alternate" hreflang="it-ch" href="https://support.apple.com/it-ch/HT211289">
|
|
|
|
<link rel="alternate" hreflang="tr-tr" href="https://support.apple.com/tr-tr/HT211289">
|
|
|
|
<link rel="alternate" hreflang="fr-fr" href="https://support.apple.com/fr-fr/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-gb" href="https://support.apple.com/en-gb/HT211289">
|
|
|
|
<link rel="alternate" hreflang="fi-fi" href="https://support.apple.com/fi-fi/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-ca" href="https://support.apple.com/en-ca/HT211289">
|
|
|
|
<link rel="alternate" hreflang="fr-tn" href="https://support.apple.com/fr-tn/HT211289">
|
|
|
|
<link rel="alternate" hreflang="ar-ae" href="https://support.apple.com/ar-ae/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-kw" href="https://support.apple.com/en-kw/HT211289">
|
|
|
|
<link rel="alternate" hreflang="fr-cf" href="https://support.apple.com/fr-cf/HT211289">
|
|
|
|
<link rel="alternate" hreflang="fr-ci" href="https://support.apple.com/fr-ci/HT211289">
|
|
|
|
<link rel="alternate" hreflang="fr-ch" href="https://support.apple.com/fr-ch/HT211289">
|
|
|
|
<link rel="alternate" hreflang="es-us" href="https://support.apple.com/es-us/HT211289">
|
|
|
|
<link rel="alternate" hreflang="fr-cm" href="https://support.apple.com/fr-cm/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-lb" href="https://support.apple.com/en-lb/HT211289">
|
|
|
|
<link rel="alternate" hreflang="ar-sa" href="https://support.apple.com/ar-sa/HT211289">
|
|
|
|
<link rel="alternate" hreflang="de-de" href="https://support.apple.com/de-de/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-lk" href="https://support.apple.com/en-lk/HT211289">
|
|
|
|
<link rel="alternate" hreflang="fr-ma" href="https://support.apple.com/fr-ma/HT211289">
|
|
|
|
<link rel="alternate" hreflang="zh-hk" href="https://support.apple.com/zh-hk/HT211289">
|
|
|
|
<link rel="alternate" hreflang="pt-br" href="https://support.apple.com/pt-br/HT211289">
|
|
|
|
<link rel="alternate" hreflang="de-li" href="https://support.apple.com/de-li/HT211289">
|
|
|
|
<link rel="alternate" hreflang="ar-bh" href="https://support.apple.com/ar-bh/HT211289">
|
|
|
|
<link rel="alternate" hreflang="es-es" href="https://support.apple.com/es-es/HT211289">
|
|
|
|
<link rel="alternate" hreflang="fr-mg" href="https://support.apple.com/fr-mg/HT211289">
|
|
|
|
<link rel="alternate" hreflang="ar-jo" href="https://support.apple.com/ar-jo/HT211289">
|
|
|
|
<link rel="alternate" hreflang="es-mx" href="https://support.apple.com/es-mx/HT211289">
|
|
|
|
<link rel="alternate" hreflang="it-it" href="https://support.apple.com/it-it/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-ug" href="https://support.apple.com/en-ug/HT211289">
|
|
|
|
<link rel="alternate" hreflang="id-id" href="https://support.apple.com/id-id/HT211289">
|
|
|
|
<link rel="alternate" hreflang="de-lu" href="https://support.apple.com/de-lu/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-md" href="https://support.apple.com/en-md/HT211289">
|
|
|
|
<link rel="alternate" hreflang="fr-lu" href="https://support.apple.com/fr-lu/HT211289">
|
|
|
|
<link rel="alternate" hreflang="en-me" href="https://support.apple.com/en-me/HT211289">
|
|
|
|
<link rel="alternate" hreflang="th-th" href="https://support.apple.com/th-th/HT211289">
|
|
|
|
|
|
|
|
|
|
<meta name="description" content="This document describes the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra.
|
|
|
|
">
|
|
<meta property="og:url" content="https://support.apple.com/en-us/HT211289">
|
|
<meta property="og:title" content="About the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra">
|
|
<meta property="og:description" content="This document describes the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra.
|
|
|
|
">
|
|
<meta property="og:site_name" content="Apple Support">
|
|
<meta property="og:locale" content="en_US">
|
|
<meta property="og:type" content="article">
|
|
<meta name="ac-gn-search-field[locale]" content="en_US">
|
|
|
|
|
|
|
|
<script type="application/ld+json">{ "@context": "https://ziyuan.baidu.com/contexts/cambrian.jsonld","@id":"https://support.apple.com/en-us/HT211289","appid": "1583465330249689","title":"About the security ","pubDate":"2020-07-10T05:49:30","upDate":"2020-12-15T06:08:19"}</script>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<link rel="stylesheet" href="About%20the%20security%20content%20of%20macOS%20Catalina%2010.15.6,%20Security%20Update%202020-004%20Mojave,%20Security%20Update%202020-004%20High%20Sierra%20-%20Apple%20Support_files/app-ht.css" type="text/css">
|
|
|
|
<link rel="stylesheet" href="About%20the%20security%20content%20of%20macOS%20Catalina%2010.15.6,%20Security%20Update%202020-004%20Mojave,%20Security%20Update%202020-004%20High%20Sierra%20-%20Apple%20Support_files/ac-globalfooter.css" type="text/css">
|
|
|
|
<link rel="stylesheet" href="About%20the%20security%20content%20of%20macOS%20Catalina%2010.15.6,%20Security%20Update%202020-004%20Mojave,%20Security%20Update%202020-004%20High%20Sierra%20-%20Apple%20Support_files/ac-globalnav.css" type="text/css">
|
|
|
|
<link rel="stylesheet" href="About%20the%20security%20content%20of%20macOS%20Catalina%2010.15.6,%20Security%20Update%202020-004%20Mojave,%20Security%20Update%202020-004%20High%20Sierra%20-%20Apple%20Support_files/fonts.css" type="text/css">
|
|
|
|
<script>
|
|
|
|
var _applemd = {
|
|
page: {
|
|
site_section: "kb",
|
|
content_type: "ht",
|
|
info_type: "update",
|
|
topics: "security update",
|
|
in_house: "domain,security & cert update",
|
|
locale: "en-us",
|
|
|
|
friendly_content: {
|
|
title: "About the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra",
|
|
publish_date: "12152020",
|
|
|
|
content_id: "HT211289",
|
|
status: "unarchieved",
|
|
version: "1.28"
|
|
|
|
},
|
|
|
|
|
|
testandtarget:{
|
|
throttle:"0.0"
|
|
},
|
|
|
|
},
|
|
|
|
product: {
|
|
list: ["acs::kb::productcategory::product security",]
|
|
}
|
|
|
|
}
|
|
|
|
</script>
|
|
|
|
|
|
<script src="About%20the%20security%20content%20of%20macOS%20Catalina%2010.15.6,%20Security%20Update%202020-004%20Mojave,%20Security%20Update%202020-004%20High%20Sierra%20-%20Apple%20Support_files/nn.js" type="text/javascript" charset="utf-8"></script>
|
|
<script>
|
|
|
|
var neighborInitData = {
|
|
appDataSchemaVersion: '2.0.0',
|
|
endpoint: 'https://supportmetrics.apple.com/content/services/stats'
|
|
}
|
|
|
|
</script>
|
|
|
|
<script>
|
|
var data = {
|
|
showHelpFulfeedBack: true,
|
|
id: "HT211289",
|
|
locale: "en_US",
|
|
podCookie: "us~en",
|
|
urlLocale: "en-us",
|
|
isPreview : false,
|
|
productCategories : "PP23",
|
|
source : "",
|
|
channel : "HOWTO_ARTICLES",
|
|
bizChatLink : "https://bcrw.apple.com/urn:biz:b15ed773-9eed-11e7-baa2-7b88b04daa8e",
|
|
bizChatIntentId : "ContactApple",
|
|
bizChatGroupId : "%7B%22domain%22:%20%22AC%22,%22origin%22:%20%22OLS%22,%22page%22:%20%22acs::kb::ht::ARTICLEID::contact%20apple%20for%20support%20and%20service%20(en-us)%22%7D",
|
|
bizChatBody : "%3Cstrong%3EChat using Messages%3C/strong%3E %3Cbr%3E Have a question? Ask now.",
|
|
bizChatSupportedCountries : "US",
|
|
bizChatthrottleValue : 0.0,
|
|
bypassBizChat: false,
|
|
akamaiEdgeScapeURL: "https://support.apple.com/edge-sight",
|
|
isNeighborJsEnabled: true,
|
|
isOkapiEnabled: false,
|
|
domain: "support.apple.com",
|
|
dtmPageName: "acs.pageload"
|
|
}
|
|
window.appState = JSON.stringify(data);
|
|
|
|
document.cookie = 'POD=us~en; path=/; domain=.apple.com; expires='+new Date(Date.now() + (28 * 24 * 60 * 60 * 1000)).toGMTString();
|
|
</script>
|
|
<link rel="stylesheet" href="About%20the%20security%20content%20of%20macOS%20Catalina%2010.15.6,%20Security%20Update%202020-004%20Mojave,%20Security%20Update%202020-004%20High%20Sierra%20-%20Apple%20Support_files/accs-offer.css"></head>
|
|
<body class="ac-gn-current-support js" itemscope="" itemtype="https://schema.org/TechArticle" data-new-gr-c-s-check-loaded="8.869.0" data-gr-ext-installed="">
|
|
|
|
|
|
|
|
<meta name="ac-gn-store-key" content="S2A49YFKJF2JAT22K"><meta name="ac-gn-search-action" content="https://support.apple.com/kb/index"><meta name="ac-gn-search-input" content="q"><meta name="ac-gn-search-field[src]" content="globalnav_support"><meta name="ac-gn-search-field[type]" content="organic"><meta name="ac-gn-search-field[page]" content="search"><meta name="ac-gn-search-field[locale]" content="en_US"><link onerror="headerCssFallback()" rel="stylesheet" type="text/css" href="About%20the%20security%20content%20of%20macOS%20Catalina%2010.15.6,%20Security%20Update%202020-004%20Mojave,%20Security%20Update%202020-004%20High%20Sierra%20-%20Apple%20Support_files/ac-globalnav.css"><aside id="ac-gn-segmentbar" class="ac-gn-segmentbar" dir="ltr" data-strings="{ 'exit': 'Exit', 'view': '{%STOREFRONT%} Store Home', 'segments': { 'smb': 'Business Store Home', 'eduInd': 'Education Store Home', 'other': 'Store Home' } }" lang="en-US"></aside><input type="checkbox" id="ac-gn-menustate" class="ac-gn-menustate"><nav id="ac-globalnav" class="js no-touch windows" role="navigation" aria-label="Global" data-hires="false" data-analytics-region="global nav" dir="ltr" data-www-domain="www.apple.com" data-store-locale="us" data-store-root-path="/us" data-store-api="https://www.apple.com/[storefront]/shop/bag/status" data-search-locale="en_US" data-search-suggestions-api="https://www.apple.com/search-services/suggestions/" data-search-defaultlinks-api="https://www.apple.com/search-services/suggestions/defaultlinks/" lang="en-US"><div class="ac-gn-content"><ul class="ac-gn-header"><li class="ac-gn-item ac-gn-menuicon"><label class="ac-gn-menuicon-label" for="ac-gn-menustate" aria-hidden="true"><span class="ac-gn-menuicon-bread ac-gn-menuicon-bread-top"><span class="ac-gn-menuicon-bread-crust ac-gn-menuicon-bread-crust-top"></span></span><span class="ac-gn-menuicon-bread ac-gn-menuicon-bread-bottom"><span class="ac-gn-menuicon-bread-crust ac-gn-menuicon-bread-crust-bottom"></span></span></label><a href="#ac-gn-menustate" role="button" class="ac-gn-menuanchor ac-gn-menuanchor-open" id="ac-gn-menuanchor-open"><span class="ac-gn-menuanchor-label">Global Nav Open Menu</span></a><a href="#" role="button" class="ac-gn-menuanchor ac-gn-menuanchor-close" id="ac-gn-menuanchor-close"><span class="ac-gn-menuanchor-label">Global Nav Close Menu</span></a></li><li class="ac-gn-item ac-gn-apple"><a class="ac-gn-link ac-gn-link-apple" href="https://www.apple.com/" data-analytics-title="apple home" id="ac-gn-firstfocus-small"><span class="ac-gn-link-text">Apple</span></a></li><li class="ac-gn-item ac-gn-bag ac-gn-bag-small" id="ac-gn-bag-small"><div class="ac-gn-bag-wrapper"><a class="ac-gn-link ac-gn-link-bag" href="https://www.apple.com/us/shop/goto/bag" data-analytics-title="bag" data-analytics-click="bag" aria-label="Shopping Bag" data-string-badge="Shopping Bag with item count :" role="button" aria-haspopup="true" aria-expanded="false" aria-controls="ac-gn-bagview-content"><span class="ac-gn-link-text">Shopping Bag</span></a><span class="ac-gn-bag-badge"><span class="ac-gn-bag-badge-separator"></span><span class="ac-gn-bag-badge-number"></span><span class="ac-gn-bag-badge-unit">+</span></span></div><span class="ac-gn-bagview-caret ac-gn-bagview-caret-large"></span></li></ul><div class="ac-gn-search-placeholder-container" role="search"><div class="ac-gn-search ac-gn-search-small"><a id="ac-gn-link-search-small" class="ac-gn-link" href="https://support.apple.com/kb/index?page=search&locale=en_US" data-analytics-title="search" data-analytics-click="search" data-analytics-intrapage-link="" aria-label="Search Support" role="button" aria-haspopup="true"><div class="ac-gn-search-placeholder-bar"><div class="ac-gn-search-placeholder-input"><div class="ac-gn-search-placeholder-input-text" aria-hidden="true"><div class="ac-gn-link-search ac-gn-search-placeholder-input-icon"></div><span class="ac-gn-search-placeholder">Search Support</span></div></div><div class="ac-gn-searchview-close ac-gn-searchview-close-small ac-gn-search-placeholder-searchview-close"><span class="ac-gn-searchview-close-cancel" aria-hidden="true">Cancel</span></div></div></a></div></div><ul class="ac-gn-list"><li class="ac-gn-item ac-gn-apple"><a class="ac-gn-link ac-gn-link-apple" href="https://www.apple.com/" data-analytics-title="apple home" id="ac-gn-firstfocus"><span class="ac-gn-link-text">Apple</span></a></li><li class="ac-gn-item ac-gn-item-menu ac-gn-mac"><a class="ac-gn-link ac-gn-link-mac" href="https://www.apple.com/mac/" data-analytics-title="mac"><span class="ac-gn-link-text">Mac</span></a></li><li class="ac-gn-item ac-gn-item-menu ac-gn-ipad"><a class="ac-gn-link ac-gn-link-ipad" href="https://www.apple.com/ipad/" data-analytics-title="ipad"><span class="ac-gn-link-text">iPad</span></a></li><li class="ac-gn-item ac-gn-item-menu ac-gn-iphone"><a class="ac-gn-link ac-gn-link-iphone" href="https://www.apple.com/iphone/" data-analytics-title="iphone"><span class="ac-gn-link-text">iPhone</span></a></li><li class="ac-gn-item ac-gn-item-menu ac-gn-watch"><a class="ac-gn-link ac-gn-link-watch" href="https://www.apple.com/watch/" data-analytics-title="watch"><span class="ac-gn-link-text">Watch</span></a></li><li class="ac-gn-item ac-gn-item-menu ac-gn-tv"><a class="ac-gn-link ac-gn-link-tv" href="https://www.apple.com/tv/" data-analytics-title="tv"><span class="ac-gn-link-text">TV</span></a></li><li class="ac-gn-item ac-gn-item-menu ac-gn-music"><a class="ac-gn-link ac-gn-link-music" href="https://www.apple.com/music/" data-analytics-title="music"><span class="ac-gn-link-text">Music</span></a></li><li class="ac-gn-item ac-gn-item-menu ac-gn-support"><a class="ac-gn-link ac-gn-link-support" href="https://support.apple.com/" data-analytics-title="support"><span class="ac-gn-link-text">Support</span></a></li><li class="ac-gn-item ac-gn-item-menu ac-gn-search" role="search"><a id="ac-gn-link-search" class="ac-gn-link ac-gn-link-search" href="https://support.apple.com/kb/index?page=search&locale=en_US" data-analytics-title="search" data-analytics-click="search" data-analytics-intrapage-link="" aria-label="Search Support" role="button" aria-haspopup="true" data-analytics-listener-added="true"></a></li><li class="ac-gn-item ac-gn-bag" id="ac-gn-bag"><div class="ac-gn-bag-wrapper"><a class="ac-gn-link ac-gn-link-bag" href="https://www.apple.com/us/shop/goto/bag" data-analytics-title="bag" data-analytics-click="bag" aria-label="Shopping Bag" data-string-badge="Shopping Bag with item count : {%BAGITEMCOUNT%}" role="button" aria-haspopup="true" aria-expanded="false" aria-controls="ac-gn-bagview-content"><span class="ac-gn-link-text">Shopping Bag</span></a><span class="ac-gn-bag-badge" aria-hidden="true"><span class="ac-gn-bag-badge-separator"></span><span class="ac-gn-bag-badge-number"></span><span class="ac-gn-bag-badge-unit">+</span></span></div><span class="ac-gn-bagview-caret ac-gn-bagview-caret-large"></span></li></ul><aside id="ac-gn-searchview" class="ac-gn-searchview" role="search" data-analytics-region="search"><div class="ac-gn-searchview-content"><div class="ac-gn-searchview-bar"><div class="ac-gn-searchview-bar-wrapper"><form id="ac-gn-searchform" class="ac-gn-searchform" action="https://support.apple.com/kb/index" method="get"><div class="ac-gn-searchform-wrapper"><input id="ac-gn-searchform-input" class="ac-gn-searchform-input" type="text" aria-label="Search Support" placeholder="Search Support" autocorrect="off" autocapitalize="none" autocomplete="off" spellcheck="false" role="combobox" aria-autocomplete="list" aria-expanded="true" aria-owns="quicklinks suggestions" name="q"><input id="ac-gn-searchform-src" type="hidden" name="src" value="globalnav_support"><button id="ac-gn-searchform-submit" class="ac-gn-searchform-submit" type="submit" disabled="disabled" aria-label="Submit Search"></button><button id="ac-gn-searchform-reset" class="ac-gn-searchform-reset" type="reset" disabled="disabled" aria-label="Clear Search"><span class="ac-gn-searchform-reset-background"></span></button><input type="hidden" name="locale" value="en_US"><input type="hidden" name="type" value="organic"><input type="hidden" name="page" value="search"></div></form><button id="ac-gn-searchview-close-small" class="ac-gn-searchview-close ac-gn-searchview-close-small" aria-label="Cancel Search"><span class="ac-gn-searchview-close-cancel" aria-hidden="true">Cancel</span></button></div></div><aside id="ac-gn-searchresults" class="ac-gn-searchresults" data-string-quicklinks="Quick Links" data-string-suggestions="Suggested Searches" data-string-noresults=""> <section class="ac-gn-searchresults-section ac-gn-searchresults-section-defaultlinks" data-analytics-region="defaultlinks search">
|
|
<div class="ac-gn-searchresults-section-wrapper">
|
|
<h3 class="ac-gn-searchresults-header ac-gn-searchresults-animated">Quick Links</h3>
|
|
<ul class="ac-gn-searchresults-list" id="defaultlinks" role="listbox">
|
|
<li class="ac-gn-searchresults-item ac-gn-searchresults-animated" role="presentation">
|
|
<a href="https://support.apple.com/en-us/HT201487" role="option" class="ac-gn-searchresults-link ac-gn-searchresults-link-defaultlinks" data-query="no keyword" data-section="defaultlinks" data-items="5" data-index="0" data-label="If you forgot your Apple ID password" data-analytics-click="eVar23: {data-query} | {data-section} | {data-items} | {data-label} | {data-index}, events:event50">If you forgot your Apple ID password</a>
|
|
</li>
|
|
<li class="ac-gn-searchresults-item ac-gn-searchresults-animated" role="presentation">
|
|
<a href="https://support.apple.com/en-us/HT204306" role="option" class="ac-gn-searchresults-link ac-gn-searchresults-link-defaultlinks" data-query="no keyword" data-section="defaultlinks" data-items="5" data-index="1" data-label="If you forgot the passcode for your iPhone, iPad, or iPod touch" data-analytics-click="eVar23: {data-query} | {data-section} | {data-items} | {data-label} | {data-index}, events:event50">If you forgot the passcode for your iPhone, iPad, or iPod touch</a>
|
|
</li>
|
|
<li class="ac-gn-searchresults-item ac-gn-searchresults-animated" role="presentation">
|
|
<a href="https://support.apple.com/en-us/HT202039" role="option" class="ac-gn-searchresults-link ac-gn-searchresults-link-defaultlinks" data-query="no keyword" data-section="defaultlinks" data-items="5" data-index="2" data-label="View, change, or cancel your subscriptions" data-analytics-click="eVar23: {data-query} | {data-section} | {data-items} | {data-label} | {data-index}, events:event50">View, change, or cancel your subscriptions</a>
|
|
</li>
|
|
<li class="ac-gn-searchresults-item ac-gn-searchresults-animated" role="presentation">
|
|
<a href="https://support.apple.com/en-us/HT204204" role="option" class="ac-gn-searchresults-link ac-gn-searchresults-link-defaultlinks" data-query="no keyword" data-section="defaultlinks" data-items="5" data-index="3" data-label="Update iOS on your device" data-analytics-click="eVar23: {data-query} | {data-section} | {data-items} | {data-label} | {data-index}, events:event50">Update iOS on your device</a>
|
|
</li>
|
|
<li class="ac-gn-searchresults-item ac-gn-searchresults-animated" role="presentation">
|
|
<a href="https://support.apple.com/contact" role="option" class="ac-gn-searchresults-link ac-gn-searchresults-link-defaultlinks" data-query="no keyword" data-section="defaultlinks" data-items="5" data-index="4" data-label="Contact Apple Support" data-analytics-click="eVar23: {data-query} | {data-section} | {data-items} | {data-label} | {data-index}, events:event50">Contact Apple Support</a>
|
|
</li>
|
|
</ul>
|
|
<span role="status" class="ac-gn-searchresults-count" aria-live="polite">5 Quick Links</span>
|
|
</div>
|
|
</section>
|
|
|
|
</aside></div><button id="ac-gn-searchview-close" class="ac-gn-searchview-close" aria-label="Cancel Search"><span class="ac-gn-searchview-close-wrapper"><span class="ac-gn-searchview-close-left"></span><span class="ac-gn-searchview-close-right"></span></span></button></aside><aside class="ac-gn-bagview" data-analytics-region="bag"><div class="ac-gn-bagview-scrim"><span class="ac-gn-bagview-caret ac-gn-bagview-caret-small"></span></div><div class="ac-gn-bagview-content" id="ac-gn-bagview-content"></div></aside></div></nav><div class="ac-gn-blur"></div><div id="ac-gn-curtain" class="ac-gn-curtain"></div><div id="ac-gn-placeholder" class="ac-nav-placeholder"></div>
|
|
|
|
<div id="app">
|
|
<div>
|
|
<section class="section section-content">
|
|
<div>
|
|
<div class="column small-12 medium-12 large-12 large-centered text-center">
|
|
<div class="main" role="main" id="howto-section">
|
|
<div id="content">
|
|
|
|
<h1 id="howto-title" itemprop="headline">About the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra</h1>
|
|
<div class="intro"><p>This
|
|
document describes the security content of macOS Catalina 10.15.6,
|
|
Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra.</p>
|
|
|
|
</div>
|
|
|
|
<div itemprop="author" itemscope="" itemtype="http://schema.org/Organization">
|
|
<meta itemprop="name" content="Apple">
|
|
</div>
|
|
<div id="sections" itemprop="articleBody">
|
|
|
|
|
|
<div>
|
|
|
|
|
|
|
|
<h2>About Apple security updates</h2>
|
|
<div><p>For our customers' protection, Apple doesn't
|
|
disclose, discuss, or confirm security issues until an investigation has
|
|
occurred and patches or releases are available. Recent releases are
|
|
listed on the <a href="https://support.apple.com/kb/HT201222">Apple security updates</a> page.</p>
|
|
<p>Apple security documents reference vulnerabilities by <a href="http://cve.mitre.org/about/">CVE-ID</a> when possible.</p>
|
|
<p>For more information about security, see the <a href="https://support.apple.com/kb/HT201220">Apple Product Security</a> page.</p>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
<div>
|
|
|
|
|
|
|
|
|
|
<div><p><img alt="" src="About%20the%20security%20content%20of%20macOS%20Catalina%2010.15.6,%20Security%20Update%202020-004%20Mojave,%20Security%20Update%202020-004%20High%20Sierra%20-%20Apple%20Support_files/divider.png"></p>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
<div>
|
|
|
|
|
|
|
|
<h2>macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra</h2>
|
|
<div><p><span class="note">Released July 15, 2020</span></p>
|
|
<p><strong>AMD</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: An application may be able to execute arbitrary code with kernel privileges</p>
|
|
<p style="margin-left: 40px;">Description: A memory corruption issue was addressed with improved input validation.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9927: Lilang Wu working with TrendMicro’s Zero Day Initiative</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry updated August 5, 2020</span>
|
|
</p><p><strong>Audio</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution</p>
|
|
<p style="margin-left: 40px;">Description: An out-of-bounds write issue was addressed with improved bounds checking.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9884: Yu Zhou(@yuzhou6666) of 小鸡帮 working with Trend Micro Zero Day Initiative</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9889: Anonymous working with
|
|
Trend Micro’s Zero Day Initiative, JunDong Xie and XingWei Lin of
|
|
Ant-financial Light-Year Security Lab</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry updated August 5, 2020</span>
|
|
</p><p><strong>Audio</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution</p>
|
|
<p style="margin-left: 40px;">Description: An out-of-bounds read was addressed with improved bounds checking.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9888: JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9890: JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9891: JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry updated August 5, 2020</span>
|
|
</p><p><strong>Bluetooth</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: An application may be able to execute arbitrary code with kernel privileges</p>
|
|
<p style="margin-left: 40px;">Description: Multiple memory corruption issues were addressed with improved memory handling.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9928: Yu Wang of Didi Research America</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added August 5, 2020</span>
|
|
</p><p><strong>Bluetooth</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: A local user may be able to cause unexpected system termination or read kernel memory</p>
|
|
<p style="margin-left: 40px;">Description: A memory corruption issue was addressed with improved memory handling.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9929: Yu Wang of Didi Research America</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added August 5, 2020</span>
|
|
</p><p><strong>Clang</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: Clang may generate machine code that does not correctly enforce pointer authentication codes</p>
|
|
<p style="margin-left: 40px;">Description: A logic issue was addressed with improved validation.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9870: Samuel Groß of Google Project Zero</p>
|
|
<p><strong>CoreAudio</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS High Sierra 10.13.6</p>
|
|
<p style="margin-left: 40px;">Impact: A buffer overflow may result in arbitrary code execution</p>
|
|
<p style="margin-left: 40px;">Description: A buffer overflow was addressed with improved bounds checking.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9866: Yu Zhou of 小鸡帮 and Jundong Xie of Ant-financial Light-Year Security Lab</p>
|
|
<p><strong>Core Bluetooth</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: A remote attacker may cause an unexpected application termination</p>
|
|
<p style="margin-left: 40px;">Description: A memory corruption issue was addressed with improved memory handling.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9869: Patrick Wardle of Jamf</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added August 5, 2020</span>
|
|
</p><p><strong>CoreCapture</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6</p>
|
|
<p style="margin-left: 40px;">Impact: An application may be able to execute arbitrary code with kernel privileges</p>
|
|
<p style="margin-left: 40px;">Description: A use after free issue was addressed with improved memory management.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9949: Proteas</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added November 12, 2020</span>
|
|
</p><p><strong>CoreFoundation</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: A local user may be able to view sensitive user information</p>
|
|
<p style="margin-left: 40px;">Description: An issue existed in the handling of environment variables. This issue was addressed with improved validation.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9934: Matt Shockley (linkedin.com/in/shocktop)</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry updated August 5, 2020</span>
|
|
</p><p><strong>CoreGraphics</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: Processing a maliciously crafted image may lead to arbitrary code execution</p>
|
|
<p style="margin-left: 40px;">Description: A buffer overflow issue was addressed with improved memory handling.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added July 24, 2020, updated November 12, 2020</span>
|
|
</p><p><strong>Crash Reporter</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: A malicious application may be able to break out of its sandbox</p>
|
|
<p style="margin-left: 40px;">Description: A memory corruption issue was addressed by removing the vulnerable code.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud</p>
|
|
<p><strong>Crash Reporter</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: A local attacker may be able to elevate their privileges</p>
|
|
<p style="margin-left: 40px;">Description: An issue existed within the
|
|
path validation logic for symlinks. This issue was addressed with
|
|
improved path sanitization.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9900: Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at Qi'anxin Group</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added August 5, 2020</span>
|
|
</p><p><strong>FontParser</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: Processing a maliciously crafted font file may lead to arbitrary code execution</p>
|
|
<p style="margin-left: 40px;">Description: An out-of-bounds write issue was addressed with improved bounds checking.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9980: Xingwei Lin of Ant Security Light-Year Lab</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added September 21, 2020, updated October 19, 2020</span>
|
|
</p><p><strong>Graphics Drivers</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: A malicious application may be able to execute arbitrary code with kernel privileges</p>
|
|
<p style="margin-left: 40px;">Description: An out-of-bounds read was addressed with improved bounds checking.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9799: ABC Research s.r.o.</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry updated July 24, 2020</span>
|
|
</p><p><strong>Heimdal</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: A local user may be able to leak sensitive user information</p>
|
|
<p style="margin-left: 40px;">Description: This issue was addressed with improved data protection.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9913: Cody Thomas of SpecterOps</p>
|
|
<p><strong>ImageIO</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: Multiple buffer overflow issues existed in openEXR</p>
|
|
<p style="margin-left: 40px;">Description: Multiple issues in openEXR were addressed with improved checks.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-11758: Xingwei Lin of Ant-financial Light-Year Security Lab</p>
|
|
<p style="margin-left: 40px;">CVE-2020-11759: Xingwei Lin of Ant-financial Light-Year Security Lab</p>
|
|
<p style="margin-left: 40px;">CVE-2020-11760: Xingwei Lin of Ant-financial Light-Year Security Lab</p>
|
|
<p style="margin-left: 40px;">CVE-2020-11761: Xingwei Lin of Ant-financial Light-Year Security Lab</p>
|
|
<p style="margin-left: 40px;">CVE-2020-11762: Xingwei Lin of Ant-financial Light-Year Security Lab</p>
|
|
<p style="margin-left: 40px;">CVE-2020-11763: Xingwei Lin of Ant-financial Light-Year Security Lab</p>
|
|
<p style="margin-left: 40px;">CVE-2020-11764: Xingwei Lin of Ant-financial Light-Year Security Lab</p>
|
|
<p style="margin-left: 40px;">CVE-2020-11765: Xingwei Lin of Ant-financial Light-Year Security Lab</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added September 8, 2020</span>
|
|
</p><p><strong>ImageIO</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: Processing a maliciously crafted image may lead to arbitrary code execution</p>
|
|
<p style="margin-left: 40px;">Description: An out-of-bounds write issue was addressed with improved bounds checking.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9871: Xingwei Lin of Ant-financial Light-Year Security Lab</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9872: Xingwei Lin of Ant-financial Light-Year Security Lab</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9874: Xingwei Lin of Ant-financial Light-Year Security Lab</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9936: Mickey Jin of Trend Micro</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry updated August 5, 2020</span>
|
|
</p><p><strong>ImageIO</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: Processing a maliciously crafted image may lead to arbitrary code execution</p>
|
|
<p style="margin-left: 40px;">Description: A buffer overflow issue was addressed with improved memory handling.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9919: Mickey Jin of Trend Micro</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added July 24, 2020</span>
|
|
</p><p><strong>ImageIO</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution</p>
|
|
<p style="margin-left: 40px;">Description: An out-of-bounds write issue was addressed with improved bounds checking.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9876: Mickey Jin of Trend Micro</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added July 24, 2020</span>
|
|
</p><p><strong>ImageIO</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: Processing a maliciously crafted image may lead to arbitrary code execution</p>
|
|
<p style="margin-left: 40px;">Description: An out-of-bounds read was addressed with improved input validation.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9873: Xingwei Lin of Ant-financial Light-Year Security Lab</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9938: Xingwei Lin of Ant-financial Light-Year Security Lab</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added July 24, 2020</span>
|
|
</p><p><strong>ImageIO</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: Processing a maliciously crafted image may lead to arbitrary code execution</p>
|
|
<p style="margin-left: 40px;">Description: An out-of-bounds read was addressed with improved bounds checking.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9877: Xingwei Lin of Ant-financial Light-Year Security Lab</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added August 5, 2020</span>
|
|
</p><p><strong>ImageIO</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: Processing a maliciously crafted image may lead to arbitrary code execution</p>
|
|
<p style="margin-left: 40px;">Description: An integer overflow was addressed through improved input validation.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9875: Mickey Jin of Trend Micro</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added August 5, 2020</span>
|
|
</p><p><strong>ImageIO</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: Processing a maliciously crafted image may lead to arbitrary code execution</p>
|
|
<p style="margin-left: 40px;">Description: An out-of-bounds read was addressed with improved input validation.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9873: Xingwei Lin of Ant-financial Light-Year Security Lab</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9938: Xingwei Lin of Ant-financial Light-Year Security Lab</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9984: an anonymous researcher</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added September 21, 2020</span>
|
|
</p><p><strong>Image Processing</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution</p>
|
|
<p style="margin-left: 40px;">Description: A memory corruption issue was addressed with improved input validation.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9887: Mickey Jin of Trend Micro</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added September 8, 2020</span>
|
|
</p><p><strong>Intel Graphics Driver</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: A local user may be able to cause unexpected system termination or read kernel memory</p>
|
|
<p style="margin-left: 40px;">Description: An out-of-bounds read was addressed with improved input validation.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9908: Junzhi Lu(@pwn0rz) working with Trend Micro’s Zero Day Initiative</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added July 24, 2020, updated August 31, 2020</span>
|
|
</p><p><strong>Intel Graphics Driver</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: A malicious application may be able to execute arbitrary code with kernel privileges</p>
|
|
<p style="margin-left: 40px;">Description: A race condition was addressed with additional validation.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9990: ABC Research s.r.l. working
|
|
with Trend Micro Zero Day Initiative, ABC Research s.r.o. working with
|
|
Trend Micro Zero Day Initiative</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added September 21, 2020</span>
|
|
</p><p><strong>Intel Graphics Driver</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: A malicious application may be able to execute arbitrary code with system privileges</p>
|
|
<p style="margin-left: 40px;">Description: A memory corruption issue was addressed with improved memory handling.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9921: ABC Research s.r.o. working with Trend Micro Zero Day Initiative</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added August 5, 2020</span>
|
|
</p><p><strong>Kernel</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel</p>
|
|
<p style="margin-left: 40px;">Description: A routing issue was addressed with improved restrictions.</p>
|
|
<p style="margin-left: 40px;">CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall</p>
|
|
<p><strong>Kernel</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: An application may be able to execute arbitrary code with kernel privileges</p>
|
|
<p style="margin-left: 40px;">Description: A memory corruption issue was addressed with improved state management.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9904: Tielei Wang of Pangu Lab</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added July 24, 2020</span>
|
|
</p><p><strong>Kernel</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: A remote attacker may be able to cause a denial of service</p>
|
|
<p style="margin-left: 40px;">Description: A logic issue was addressed with improved state management.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9924: Matt DeVore of Google</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added July 24, 2020</span>
|
|
</p><p><strong>Kernel</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: A malicious application may be able to execute arbitrary code with system privileges</p>
|
|
<p style="margin-left: 40px;">Description: Multiple memory corruption issues were addressed with improved state management.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9892: Andy Nguyen of Google</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added July 24, 2020</span>
|
|
</p><p><strong>Kernel</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: An application may be able to execute arbitrary code with kernel privileges</p>
|
|
<p style="margin-left: 40px;">Description: A memory initialization issue was addressed with improved memory handling.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9863: Xinru Chi of Pangu Lab</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry updated August 5, 2020</span>
|
|
</p><p><strong>Kernel</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: A malicious application may be able to determine kernel memory layout</p>
|
|
<p style="margin-left: 40px;">Description: An out-of-bounds read was addressed with improved bounds checking.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9902: Xinru Chi and Tielei Wang of Pangu Lab</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added August 5, 2020</span>
|
|
</p><p><strong>Kernel</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: A remote attacker may be able to cause a denial of service</p>
|
|
<p style="margin-left: 40px;">Description: A buffer overflow was addressed with improved bounds checking.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9905: Raz Mashat (@RazMashat) of ZecOps</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added August 5, 2020</span>
|
|
</p><p><strong>Kernel</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: A malicious application may disclose restricted memory</p>
|
|
<p style="margin-left: 40px;">Description: An information disclosure issue was addressed with improved state management.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9997: Catalin Valeriu Lita of SecurityScorecard</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added September 21, 2020</span>
|
|
</p><p><strong>libxpc</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6</p>
|
|
<p style="margin-left: 40px;">Impact: A malicious application may be able to overwrite arbitrary files</p>
|
|
<p style="margin-left: 40px;">Description: A path handling issue was addressed with improved validation.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9994: Apple</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added September 21, 2020</span>
|
|
</p><p><strong>Login Window</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: A user may be unexpectedly logged in to another user’s account</p>
|
|
<p style="margin-left: 40px;">Description: A logic issue was addressed with improved state management.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9935: an anonymous researcher</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added September 21, 2020</span>
|
|
</p><p><strong>Mail</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: A remote attacker may be able to cause a denial of service</p>
|
|
<p style="margin-left: 40px;">Description: An out-of-bounds write issue was addressed with improved bounds checking.</p>
|
|
<p style="margin-left: 40px;">CVE-2019-19906</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added July 24, 2020, updated September 8, 2020</span>
|
|
</p><p><strong>Mail</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: A malicious mail server may overwrite arbitrary mail files</p>
|
|
<p style="margin-left: 40px;">Description: A path handling issue was addressed with improved validation.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9920: YongYue Wang AKA BigChan of Hillstone Networks AF Team</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added July 24, 2020</span>
|
|
</p><p><strong>Mail</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: Processing a maliciously crafted email may lead to writing arbitrary files</p>
|
|
<p style="margin-left: 40px;">Description: A logic issue was addressed with improved state management.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9922: Mikko Kenttälä (@Turmio_) of SensorFu</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added November 12, 2020</span>
|
|
</p><p><strong>Messages</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: A user that is removed from an iMessage group could rejoin the group</p>
|
|
<p style="margin-left: 40px;">Description: An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9885: an anonymous researcher, Suryansh Mansharamani, of WWP High School North (medium.com/@suryanshmansha)</p>
|
|
<p><strong>Model I/O</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution</p>
|
|
<p style="margin-left: 40px;">Description: A buffer overflow issue was addressed with improved memory handling.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9878: Holger Fuhrmannek of Deutsche Telekom Security</p>
|
|
<p><strong>Model I/O</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution</p>
|
|
<p style="margin-left: 40px;">Description: A buffer overflow was addressed with improved bounds checking.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9880: Holger Fuhrmannek of Deutsche Telekom Security</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added July 24, 2020, updated September 21, 2020</span>
|
|
</p><p><strong>Model I/O</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution</p>
|
|
<p style="margin-left: 40px;">Description: A buffer overflow issue was addressed with improved memory handling.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9878: Aleksandar Nikolic of Cisco Talos, Holger Fuhrmannek of Deutsche Telekom Security</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9881: Holger Fuhrmannek of Deutsche Telekom Security</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9882: Holger Fuhrmannek of Deutsche Telekom Security</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9940: Holger Fuhrmannek of Deutsche Telekom Security</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9985: Holger Fuhrmannek of Deutsche Telekom Security</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added July 24, 2020, updated September 21, 2020</span>
|
|
</p><p><strong>OpenLDAP</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: A remote attacker may be able to cause a denial of service</p>
|
|
<p style="margin-left: 40px;">Description: This issue was addressed with improved checks.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-12243</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added September 21, 2020</span>
|
|
</p><p><strong>rsync</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6</p>
|
|
<p style="margin-left: 40px;">Impact: A remote attacker may be able to overwrite existing files</p>
|
|
<p style="margin-left: 40px;">Description: A validation issue existed in
|
|
the handling of symlinks. This issue was addressed with improved
|
|
validation of symlinks.</p>
|
|
<p style="margin-left: 40px;">CVE-2014-9512: gaojianfeng</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added July 24, 2020</span>
|
|
</p><p><strong>Sandbox</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: A local user may be able to cause unexpected system termination or read kernel memory</p>
|
|
<p style="margin-left: 40px;">Description: An out-of-bounds read was addressed with improved input validation.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9930: Zhiyi Zhang from Codesafe Team of Legendsec at Qi'anxin Group</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added December 15, 2020</span>
|
|
</p><p><strong>Sandbox</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: A local user may be able to load unsigned kernel extensions</p>
|
|
<p style="margin-left: 40px;">Description: This issue was addressed with improved checks.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9939: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added August 5, 2020</span>
|
|
</p><p><strong>Security</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: An application may be able to execute arbitrary code with kernel privileges</p>
|
|
<p style="margin-left: 40px;">Description: A logic issue was addressed with improved restrictions.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9864: Alexander Holodny</p>
|
|
<p><strong>Security</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: An attacker may have been able to
|
|
impersonate a trusted website using shared key material for an
|
|
administrator added certificate</p>
|
|
<p style="margin-left: 40px;">Description: A certificate validation
|
|
issue existed when processing administrator added certificates. This
|
|
issue was addressed with improved certificate validation.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9868: Brian Wolff of Asana</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added July 24, 2020</span>
|
|
</p><p><strong>Security</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6</p>
|
|
<p style="margin-left: 40px;">Impact: An application may be able to gain elevated privileges</p>
|
|
<p style="margin-left: 40px;">Description: A logic issue was addressed with improved validation.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9854: Ilias Morad (A2nkF)</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added July 24, 2020</span>
|
|
</p><p><strong>sysdiagnose</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: A local attacker may be able to elevate their privileges</p>
|
|
<p style="margin-left: 40px;">Description: An issue existed within the
|
|
path validation logic for symlinks. This issue was addressed with
|
|
improved path sanitization.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9901: Tim Michaud (@TimGMichaud)
|
|
of Leviathan, Zhongcheng Li (CK01) from Zero-dayits Team of Legendsec at
|
|
Qi'anxin Group</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added August 5, 2020, updated August 31, 2020</span>
|
|
</p><p><strong>Vim</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6</p>
|
|
<p style="margin-left: 40px;">Impact: A remote attacker may be able to cause arbitrary code execution</p>
|
|
<p style="margin-left: 40px;">Description: This issue was addressed with improved checks.</p>
|
|
<p style="margin-left: 40px;">CVE-2019-20807: Guilherme de Almeida Suckevicz</p>
|
|
<p><strong>WebDAV</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: A sandboxed process may be able to circumvent sandbox restrictions</p>
|
|
<p style="margin-left: 40px;">Description: This issue was addressed with improved entitlements.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9898: Sreejith Krishnan R (@skr0x1C0)</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added September 8, 2020</span>
|
|
</p><p><strong>Wi-Fi</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory</p>
|
|
<p style="margin-left: 40px;">Description: An out-of-bounds read was addressed with improved input validation.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn)</p>
|
|
<p><strong>Wi-Fi</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: An application may be able to execute arbitrary code with kernel privileges</p>
|
|
<p style="margin-left: 40px;">Description: A memory corruption issue was addressed with improved input validation.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9899: Yu Wang of Didi Research America</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added July 24, 2020</span>
|
|
</p><p><strong>Wi-Fi</strong></p>
|
|
<p style="margin-left: 40px;">Available for: macOS Catalina 10.15.5</p>
|
|
<p style="margin-left: 40px;">Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory</p>
|
|
<p style="margin-left: 40px;">Description: A memory corruption issue was addressed with improved input validation.</p>
|
|
<p style="margin-left: 40px;">CVE-2020-9906: Ian Beer of Google Project Zero</p>
|
|
<p><span class="note">Entry added July 24, 2020</span></p>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
<div>
|
|
|
|
|
|
|
|
|
|
<div><p><img alt="" src="About%20the%20security%20content%20of%20macOS%20Catalina%2010.15.6,%20Security%20Update%202020-004%20Mojave,%20Security%20Update%202020-004%20High%20Sierra%20-%20Apple%20Support_files/divider.png"></p>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
<div>
|
|
|
|
|
|
|
|
<h2>Additional recognition</h2>
|
|
<div><p><strong>CoreFoundation</strong></p>
|
|
<p style="margin-left: 40px;">We would like to acknowledge Bobby Pelletier for their assistance.</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added September 8, 2020</span>
|
|
</p><p><strong>ImageIO</strong></p>
|
|
<p style="margin-left: 40px;">We would like to acknowledge Xingwei Lin of Ant-financial Light-Year Security Lab for their assistance.</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added September 21, 2020</span>
|
|
</p><p><strong>Siri</strong></p>
|
|
<p style="margin-left: 40px;">We would like to acknowledge Yuval Ron,
|
|
Amichai Shulman, and Eli Biham of the Technion - Israel Institute of
|
|
Technology for their assistance.</p>
|
|
<p style="margin-left: 40px;"><span class="note">Entry added August 5, 2020</span>
|
|
</p><p><strong>USB Audio</strong></p>
|
|
<p style="margin-left: 40px;">We would like to acknowledge Andy Davis of NCC Group for their assistance.</p>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div class="sosumi"><p>Information
|
|
about products not manufactured by Apple, or independent websites not
|
|
controlled or tested by Apple, is provided without recommendation or
|
|
endorsement. Apple assumes no responsibility with regard to the
|
|
selection, performance, or use of third-party websites or products.
|
|
Apple makes no representations regarding third-party website accuracy or
|
|
reliability. <a href="http://support.apple.com/kb/HT2693">Contact the vendor</a> for additional information.</p>
|
|
|
|
</div>
|
|
|
|
|
|
|
|
<div class="mod-date">
|
|
<span>Published Date:</span> <time datetime="2020-12-15" itemprop="datePublished">December 15, 2020</time>
|
|
</div>
|
|
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</section>
|
|
</div>
|
|
</div>
|
|
|
|
<div id="helpful-rating-wrapper">
|
|
|
|
<div id="helpful" class="ratings">
|
|
<div id="question-state" class="show">
|
|
<fieldset>
|
|
<legend>
|
|
<div id="okapi-a">
|
|
<span>Helpful?</span>
|
|
</div>
|
|
|
|
</legend>
|
|
<div class="helpful-btn-grp">
|
|
<button class="button" id="yes-button" data-ss-analytics-link-component_name="helpful" data-ss-analytics-link-component_type="helpful" data-ss-analytics-link-text="yes" data-ss-analytics-event="acs.link_click" title="Solved my problem">
|
|
Yes
|
|
</button>
|
|
<button class="button" id="no-button" data-ss-analytics-link-component_name="helpful" data-ss-analytics-link-component_type="helpful" data-ss-analytics-link-text="no" data-ss-analytics-event="acs.link_click" title="Not helpful">
|
|
No
|
|
</button>
|
|
</div>
|
|
</fieldset>
|
|
</div>
|
|
|
|
<div id="feedback-state" class="form-element form-textbox-labelbelow hide">
|
|
<form autocomplete="off">
|
|
<input type="hidden" id="form-counter-error-message" value="Maximum character limit is 250.">
|
|
<label id="feedback-label" htmlfor="feedback" data-no-label="Thanks for letting us know." data-yes-label="We’re glad this article helped."></label>
|
|
<div class="form-element form-textbox-labelbelow" id="feedback">
|
|
<textarea class="form-textbox form-textbox-textarea form-counter-textarea form-textbox-entered" data-no-placeholder="How can we make this article more helpful? (Optional)" data-yes-placeholder="Anything else you’d like us to know? (Optional)" data-max-length="250" aria-labelledby="optional_label" aria-describedby="char_limit_counter"></textarea>
|
|
<div class="form-textarea-paddingcover">
|
|
<div class="form-textarea-paddingcover-color"></div>
|
|
</div>
|
|
<span class="form-label" id="optional_label" aria-hidden="true"></span>
|
|
<div class="form-textbox-counter" id="char_limit_counter">
|
|
<span class="visuallyhidden" id="char-limit-message">Character limit:</span>
|
|
<span class="form-counter">250</span>
|
|
</div>
|
|
<label htmlfor="feedback-note">Please don’t include any personal information in your comment.</label>
|
|
<div class="form-message-wrapper">
|
|
<span class="form-message">Maximum character limit is 250.</span>
|
|
</div>
|
|
<button type="submit" class="button" id="submit-feedback">
|
|
Submit
|
|
</button>
|
|
</div>
|
|
</form>
|
|
</div>
|
|
|
|
<div id="rating-done" class="hide">
|
|
Thanks for your feedback.
|
|
</div>
|
|
|
|
<div id="results-helpful" class="show">
|
|
|
|
</div>
|
|
</div>
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<div id="ask-widget-wrapper" class="css-not-downloaded discussions">
|
|
<div id="ask-widget">
|
|
<div class="contentWrapper">
|
|
<div class="sectionHeaderLayout">
|
|
<div class="icon"></div>
|
|
<div class="titleTextLayout">
|
|
<h2 class="title">Start a discussion <span id="discussion-subtitle">in Apple Support Communities</span></h2>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="sectionFormInputLayout">
|
|
<form action="https://discussions.apple.com/create/question" id="question-form" method="get" data-ss-analytics-link-component_name="Start a discussion" data-ss-analytics-link-component_type="discussion" data-ss-analytics-link-text="Submit my question" data-ss-analytics-link-url="https://discussions.apple.com/create/question" data-ss-analytics-event="acs.link_click" data-ignore-tracking="true">
|
|
<span class="fieldwrap">
|
|
<label htmlfor="interactiveQuestionSearchField" class="a11y">
|
|
Ask other users about this article
|
|
</label>
|
|
<input type="hidden" id="discussionFormArticleId" name="articleId" value="HT211289">
|
|
<input type="hidden" id="ols_discussion_error_no_question" value="Please enter your question!">
|
|
<div class="form-element">
|
|
<input id="questionInputField" type="text" class="questionInputField form-textbox form-textbox-text" name="title" maxlength="255" aria-labelledby="placeholder-text" aria-invalid="false">
|
|
<span class="form-label" id="placeholder-text" aria-hidden="true">Ask other users about this article</span>
|
|
</div>
|
|
</span>
|
|
|
|
<div class="jive-widget-question-div clearfix" id="question-submit">
|
|
<input type="submit" class="questionSubmitFormButton button button-secondary button-compact" value="Submit my question">
|
|
|
|
</div>
|
|
|
|
<a data-ss-analytics-link-component_name="Start a discussion" data-ss-analytics-link-component_type="discussion" data-ss-analytics-link-text="See all questions on this article" data-ss-analytics-link-url="https://discussions.apple.com/article/HT211289" data-ss-analytics-event="acs.link_click" class="see-all-questions" href="https://discussions.apple.com/article/HT211289">
|
|
See all questions on this article
|
|
<span class="icon icon-chevronright" aria-hidden="true">
|
|
</span></a>
|
|
|
|
</form>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
|
|
<div id="cas">
|
|
<div id="promo" class="one"></div>
|
|
</div>
|
|
|
|
<div id="flexbanner-wrapper">
|
|
<div id="flexbanner"></div>
|
|
</div>
|
|
|
|
|
|
|
|
<div class="footer-wrapper">
|
|
<footer id="ac-globalfooter" dir="ltr" class="js no-touch svg no-ie7 no-ie8 footer-global" data-analytics-region="global footer" role="contentinfo" aria-labelledby="ac-gf-label" lang="en-us">
|
|
<div class="ac-gf-content">
|
|
<h2 class="ac-gf-label" id="ac-gf-label">Apple Footer</h2>
|
|
<nav class="ac-gf-breadcrumbs" aria-label="Breadcrumbs" role="navigation">
|
|
<a href="https://www.apple.com/" class="home ac-gf-breadcrumbs-home">
|
|
<span class="ac-gf-breadcrumbs-home-icon" aria-hidden="true"></span>
|
|
<span class="ac-gf-breadcrumbs-home-label">Apple</span>
|
|
<span class="ac-gf-breadcrumbs-home-chevron"></span>
|
|
<span class="ac-gf-breadcrumbs-home-mask"></span>
|
|
</a>
|
|
<div class="ac-gf-breadcrumbs-path">
|
|
<ol class="ac-gf-breadcrumbs-list" vocab="http://schema.org/" typeof="BreadcrumbList">
|
|
<li class="ac-gf-breadcrumbs-item" property="itemListElement" typeof="ListItem">
|
|
<span property="name">
|
|
<a href="https://support.apple.com/">Support</a>
|
|
</span>
|
|
<meta property="position" content="1">
|
|
</li>
|
|
|
|
|
|
|
|
|
|
<li class="ac-gf-breadcrumbs-item" property="itemListElement" typeof="ListItem">
|
|
<span property="name">About the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra</span>
|
|
<meta property="position" content="2">
|
|
</li>
|
|
|
|
|
|
</ol>
|
|
</div>
|
|
</nav>
|
|
<section class="ac-gf-footer" vocab="https://schema.org/" typeof="Organization"> <div class="ac-gf-footer-shop" x-ms-format-detection="none"></div> <div class="ac-gf-footer-locale"> <a class="ac-gf-footer-locale-link" href="https://support.apple.com/en-us/HT211289/localeselector" title="Choose your country or region" aria-label="United States. Choose your country or region">United States</a> </div> <div class="ac-gf-footer-legal"> <div class="ac-gf-footer-legal-copyright">Copyright © 2021 Apple Inc. All rights reserved.</div> <div class="ac-gf-footer-legal-links"> <a class="ac-gf-footer-legal-link analytics-exitlink" href="https://www.apple.com/legal/privacy/en-ww/">Privacy Policy</a> <a class="ac-gf-footer-legal-link analytics-exitlink" href="https://www.apple.com/legal/internet-services/terms/site.html">Terms of Use</a> <a class="ac-gf-footer-legal-link analytics-exitlink" href="https://www.apple.com/shop/goto/help/sales_refunds">Sales and Refunds</a> <a class="ac-gf-footer-legal-link" href="https://www.apple.com/sitemap/">Site Map</a></div> </div> <meta content="Apple" property="name"> <meta content="1-800-692-7753" property="telephone"> </section>
|
|
</div>
|
|
</footer>
|
|
</div>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<script src="About%20the%20security%20content%20of%20macOS%20Catalina%2010.15.6,%20Security%20Update%202020-004%20Mojave,%20Security%20Update%202020-004%20High%20Sierra%20-%20Apple%20Support_files/FujiStitchPath.js" type="text/javascript" charset="utf-8"></script>
|
|
|
|
<script src="About%20the%20security%20content%20of%20macOS%20Catalina%2010.15.6,%20Security%20Update%202020-004%20Mojave,%20Security%20Update%202020-004%20High%20Sierra%20-%20Apple%20Support_files/app-ht-route.js" type="text/javascript" charset="utf-8"></script>
|
|
|
|
<script src="About%20the%20security%20content%20of%20macOS%20Catalina%2010.15.6,%20Security%20Update%202020-004%20Mojave,%20Security%20Update%202020-004%20High%20Sierra%20-%20Apple%20Support_files/accsoffer.js" type="text/javascript" charset="utf-8"></script>
|
|
|
|
<script src="About%20the%20security%20content%20of%20macOS%20Catalina%2010.15.6,%20Security%20Update%202020-004%20Mojave,%20Security%20Update%202020-004%20High%20Sierra%20-%20Apple%20Support_files/ac-globalnav.js" type="text/javascript" charset="utf-8"></script><div id="ac-gn-viewport-emitter"> </div>
|
|
|
|
<script src="About%20the%20security%20content%20of%20macOS%20Catalina%2010.15.6,%20Security%20Update%202020-004%20Mojave,%20Security%20Update%202020-004%20High%20Sierra%20-%20Apple%20Support_files/launch.js" type="text/javascript" charset="utf-8"></script><script>_satellite["_runScript1"](function(event, target, Promise) {
|
|
try{
|
|
window._analytics = window._analytics || {};
|
|
var mag_glass = document.getElementById("ac-gn-link-search"),
|
|
search_input = document.getElementById("ac-gn-searchform-input");
|
|
|
|
|
|
function get_index(linkText){
|
|
var arr = document.getElementById("ac-gn-searchresults").getElementsByTagName("li"),
|
|
count = 1;
|
|
|
|
while (count > 0) {
|
|
if (arr[count - 1].textContent.trim().toLowerCase() === linkText) {
|
|
break;
|
|
} else {
|
|
count++;
|
|
}
|
|
}
|
|
return count;
|
|
}
|
|
|
|
function scrape_link_data(link, linktype){
|
|
var text = link.textContent.trim().toLowerCase(),
|
|
dest = link.getAttribute("href").toLowerCase();
|
|
window._applemd.search = {
|
|
location: "globalnav_support",
|
|
link_type: linktype,
|
|
dest_url: dest,
|
|
link_text: text,
|
|
link_index: get_index(text),
|
|
dest_platform: _satellite.getVar("FN:Get_Link_Dest_Platform")(dest)
|
|
}
|
|
}
|
|
|
|
//set beacon for mag glass click
|
|
if (!!mag_glass && !mag_glass.getAttribute("data-analytics-listener-added")) {
|
|
mag_glass.setAttribute("data-analytics-listener-added", "true")
|
|
mag_glass.addEventListener("mousedown", function () {
|
|
window._applemd.search = {
|
|
name: "click-mag-glass",
|
|
link_type: "acs",
|
|
link_text: "internal search"
|
|
}
|
|
_satellite.track("search");
|
|
setTimeout(function(){
|
|
window._applemd.search = {};
|
|
}, 200)
|
|
});
|
|
}
|
|
|
|
function link_selected_event(event){
|
|
var target = event.target,
|
|
link_found = false;
|
|
try {
|
|
//bolded text in dropdown links is captured here.
|
|
if (target.tagName !== "A" && target.parentElement.tagName === "A") {
|
|
target = target.parentElement;
|
|
}
|
|
//quick link
|
|
if (target.classList.contains("ac-gn-searchresults-link") && !(target.classList.contains("ac-gn-searchresults-link-suggestions"))) {
|
|
scrape_link_data(target, "quicklink");
|
|
link_found = true;
|
|
}
|
|
//suggested search link
|
|
else if (target.classList.contains("ac-gn-searchresults-link-suggestions")) {
|
|
scrape_link_data(target, "suggested search");
|
|
link_found = true;
|
|
}
|
|
} catch(e) { }
|
|
return link_found;
|
|
}
|
|
|
|
//listen for clicks on quick links
|
|
if(!window._analytics.document_listener_added){
|
|
window._analytics.document_listener_added = true;
|
|
document.addEventListener("mousedown", function (event) {
|
|
if(link_selected_event(event)){
|
|
_satellite.track("search");
|
|
}
|
|
})
|
|
}
|
|
|
|
//race condition prevents this edge case, page navigates and deselects 'current' before tracking event can fire
|
|
//track user navigates to link with arrow keys and hits enter
|
|
if(!window._analytics.document_key_listener_added){
|
|
window._analytics.document_key_listener_added = true;
|
|
document.addEventListener("keyup", function (event) {
|
|
window._applemd.search = {};
|
|
var current = document.getElementsByClassName("ac-gn-searchresults-link current")[0] || document.querySelector('a[data-focus-method="key"]');
|
|
link_selected_event({target:current})
|
|
})
|
|
document.addEventListener("keydown", function (event) {
|
|
if (event.keyCode === 13 && !!_applemd.search && !!_applemd.search.link_type) {
|
|
_satellite.track("search");
|
|
}
|
|
})
|
|
}
|
|
|
|
//track user type search term and hits enter key
|
|
if (!!search_input && !search_input.getAttribute("data-analytics-key-listener-added")) {
|
|
search_input.addEventListener("keydown", function (event) {
|
|
search_input.setAttribute("data-analytics-key-listener-added", "true");
|
|
if (event.keyCode === 13) {
|
|
input = search_input.value.trim().toLowerCase();
|
|
if (input) {
|
|
window._applemd.search = {
|
|
location: "globalnav_support",
|
|
link_type: "user",
|
|
link_text: input,
|
|
dest_url: "https://support.apple.com/kb/index",
|
|
dest_platform: _satellite.getVar("FN:Get_Link_Dest_Platform")("https://support.apple.com/kb/index")
|
|
}
|
|
_satellite.track("search");
|
|
}
|
|
}
|
|
});
|
|
}
|
|
}catch(e){}
|
|
});</script>
|
|
|
|
<div id="apd-aria-live-region" aria-live="polite" role="status" class="a11y"></div>
|
|
|
|
|
|
|
|
</body></html>
|