Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.0351
macOS Catalina 10.15.3, Security Update 2020-001 Mojave,
Security Update 2020-001 High Sierra
30 January 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: macOS
Publisher: Apple
Operating System: Mac OS
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Root Compromise -- Existing Account
Overwrite Arbitrary Files -- Existing Account
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2020-3878 CVE-2020-3877 CVE-2020-3875
CVE-2020-3872 CVE-2020-3871 CVE-2020-3870
CVE-2020-3866 CVE-2020-3857 CVE-2020-3856
CVE-2020-3855 CVE-2020-3854 CVE-2020-3853
CVE-2020-3850 CVE-2020-3849 CVE-2020-3848
CVE-2020-3847 CVE-2020-3846 CVE-2020-3845
CVE-2020-3843 CVE-2020-3842 CVE-2020-3840
CVE-2020-3839 CVE-2020-3838 CVE-2020-3837
CVE-2020-3836 CVE-2020-3835 CVE-2020-3830
CVE-2020-3829 CVE-2020-3827 CVE-2020-3826
CVE-2019-18634 CVE-2019-11043
Reference: ESB-2020.0346
ESB-2019.4186
ESB-2019.4161
ESB-2019.3963
Original Bulletin:
https://support.apple.com/en-us/HT210919
- --------------------------BEGIN INCLUDED TEXT--------------------
APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update
2020-001 Mojave, Security Update 2020-001 High Sierra
macOS Catalina 10.15.3, Security Update 2020-001 Mojave, and
Security Update 2020-001 High Sierra are now available and
address the following:
AnnotationKit
Available for: macOS Catalina 10.15.2
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3877: an anonymous researcher working with Trend Micro's
Zero Day Initiative
apache_mod_php
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.2
Impact: Multiple issues in PHP
Description: Multiple issues were addressed by updating to PHP
version 7.3.11.
CVE-2019-11043
Audio
Available for: macOS Catalina 10.15.2
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3857: Zhuo Liang of Qihoo 360 Vulcan Team
autofs
Available for: macOS Catalina 10.15.2
Impact: Searching for and opening a file from an attacker controlled
NFS mount may bypass Gatekeeper
Description: This was addressed with additional checks by Gatekeeper
on files mounted through a network share.
CVE-2020-3866: Jose Castro Almeida (@HackerOn2Wheels) and Rene Kroka
(@rene_kroka)
CoreBluetooth
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-3848: Jianjun Dai of Qihoo 360 Alpha Lab
CVE-2020-3849: Jianjun Dai of Qihoo 360 Alpha Lab
CVE-2020-3850: Jianjun Dai of Qihoo 360 Alpha Lab
CoreBluetooth
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3847: Jianjun Dai of Qihoo 360 Alpha Lab
Crash Reporter
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.2
Impact: A malicious application may be able to access restricted
files
Description: A validation issue existed in the handling of symlinks.
This issue was addressed with improved validation of symlinks.
CVE-2020-3835: Csaba Fitzl (@theevilbit)
Image Processing
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.2
Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-3827: Samuel Gross of Google Project Zero
ImageIO
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.2
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3826: Samuel Gross of Google Project Zero
CVE-2020-3870
CVE-2020-3878: Samuel Gross of Google Project Zero
Intel Graphics Driver
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3845: Zhuo Liang of Qihoo 360 Vulcan Team
IOAcceleratorFamily
Available for: macOS Catalina 10.15.2
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3837: Brandon Azad of Google Project Zero
IPSec
Available for: macOS Catalina 10.15.2
Impact: Loading a maliciously crafted racoon configuration file may
lead to arbitrary code execution
Description: An off by one issue existed in the handling of racoon
configuration files. This issue was addressed through improved bounds
checking.
CVE-2020-3840: @littlelailo
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.2
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2020-3875: Brandon Azad of Google Project Zero
Kernel
Available for: macOS Catalina 10.15.2
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-3872: Haakon Garseg Mork of Cognite and Cim Stordal of
Cognite
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.2
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-3853: Brandon Azad of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.2
Impact: A malicious application may be able to determine kernel
memory layout
Description: An access issue was addressed with improved memory
management.
CVE-2020-3836: Brandon Azad of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.2
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3842: Ned Williamson working with Google Project Zero
CVE-2020-3871: Corellium
libxml2
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: Processing maliciously crafted XML may lead to an unexpected
application termination or arbitrary code execution
Description: A buffer overflow was addressed with improved size
validation.
CVE-2020-3846: Ranier Vilela
libxpc
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.2
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-3856: Ian Beer of Google Project Zero
libxpc
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.2
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-3829: Ian Beer of Google Project Zero
PackageKit
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.2
Impact: A malicious application may be able to overwrite arbitrary
files
Description: A validation issue existed in the handling of symlinks.
This issue was addressed with improved validation of symlinks.
CVE-2020-3830: Csaba Fitzl (@theevilbit)
Security
Available for: macOS Catalina 10.15.2
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2020-3854: Jakob Rieck (@0xdead10cc) and Maximilian Blochberger
of the Security in Distributed Systems Group of University of Hamburg
sudo
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.2
Impact: Certain configurations may allow a local attacker to execute
arbitrary code
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2019-18634: Apple
System
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: A malicious application may be able to overwrite arbitrary
files
Description: An access issue was addressed with improved access
restrictions.
CVE-2020-3855: Csaba Fitzl (@theevilbit)
Wi-Fi
Available for: macOS Catalina 10.15.2
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2020-3839: s0ngsari of Theori and Lee of Seoul National
University working with Trend Micro's Zero Day Initiative
Wi-Fi
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.2
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-3843: Ian Beer of Google Project Zero
wifivelocityd
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15.2
Impact: An application may be able to execute arbitrary code with
system privileges
Description: The issue was addressed with improved permissions logic.
CVE-2020-3838: Dayton Pidhirney (@_watbulb)
Additional recognition
Photos Storage
We would like to acknowledge Salman Husain of UC Berkeley for their
assistance.
Installation note:
macOS Catalina 10.15.3, Security Update 2020-001 Mojave, and
Security Update 2020-001 High Sierra may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXjKW5maOgq3Tt24GAQibshAAuDKvgLTle6SUAlUjxErIA8ivPVSAPAJl
moZ+6G0Ms66HjKHYZGGLVxguq3lKziuSKpLZDcQcanf6UXd00noQPcW80RlBpnoX
wFG5yPBGlDGHdhpqNv0pY+e2QRk06MI6An0cBzFN44B/r1JwbJGSb4gixg4L5aHO
qMi456MIdEZM910cwXs2Su3LL+qfy1q/y/Gd2Mvmy9F5CEpXczQp96aR5BDg740+
EK4JuExn31gjgqhxk7/GSPNhl2bx7bKo9CJ8kiHw0EP438D61AEhVVVQfQ0Jbgu/
Jo/4bu1JaShkwEOM9RubJTS1LPOborgPTH25VpBNaww9/o3kl/rSh9kN/sUrweVl
f3+n87pfSy2WalqhC0Dxk6T0fNCNof24fEm19txFrcp1rToFokDTrcvAj9uISXpN
5xXNzAQVJcQbGZvjFU4cY4tda2zZHDPkGn3lHX46rvql6wHmOgpZ93B5kB2iT9N5
DS+eLX1d3LVsc1TBzMtvpbW3Ev2e9Q1UMgyta3tLPfVXYjG7WypMNx+lzr36mOrO
OiOno6nOIlZD4q3f9QJCm7TvHyVL5G7/jWlKp6Sema747l0f1UByVJZWtGn15dqb
VLC59vGFqPchKiMv7Du1gJlFHkM/XLgm7IPZxuXCP/meS3NpaL3fruG8B9oGaDmE
Yk5HnW1L3NI=
=GdoU
-----END PGP SIGNATURE-----