SB2020012837 - Multiple vulnerabilities in Apple macOS
Published: January 28, 2020 Updated: May 19, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 20 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2020-3847)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary error within CoreBluetooth subsystem. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system.
Successful exploitation of this vulnerability requires physical proximity.
2) Buffer overflow (CVE-ID: CVE-2020-3850)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within CoreBluetooth subsystem. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires physical proximity.
3) Buffer overflow (CVE-ID: CVE-2020-3849)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within CoreBluetooth subsystem. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires physical proximity.
4) Buffer overflow (CVE-ID: CVE-2020-3848)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within CoreBluetooth subsystem. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires physical proximity.
5) Files or Directories Accessible to External Parties (CVE-ID: CVE-2020-3866)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error in autofs implementation when performing searches and opening files from an attacker controlled NFS mount. A remote attacker can trick the victim to open a file and bypass Gatekeeper restrictions.
6) Buffer overflow (CVE-ID: CVE-2020-3857)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Audio subsystem. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary cod on the system with elevated privileges.
7) Use-after-free (CVE-ID: CVE-2020-3851)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in IOThunderboltFamily subsystem. A local user can run a specially crafted program to trigger a use-after-free error and execute arbitrary code with elevated privileges.
8) Off-by-one (CVE-ID: CVE-2020-3840)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an off-by-one error when processing racoon configuration files in IPSec implementation. A local user can trigger an off-by-one error with a specially crafted racoon file and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Buffer overflow (CVE-ID: CVE-2020-3837)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within IOAcceleratorFamily. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with kernel privileges.
10) Buffer overflow (CVE-ID: CVE-2020-3845)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Intel Graphics Driver. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.
11) Out-of-bounds read (CVE-ID: CVE-2020-3880)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing JPEG files in ImageIO. A remote attacker can create a specially crafted JPEG file, trick the victim into opening it, trigger an out-of-bounds read error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
12) Out-of-bounds read (CVE-ID: CVE-2020-3870)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing JPEG files in ImageIO. A remote attacker can create a specially crafted JPEG file, trick the victim into opening it, trigger an out-of-bounds read error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Out-of-bounds read (CVE-ID: CVE-2020-3826)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing JPEG files in ImageIO. A remote attacker can create a specially crafted JPEG file, trick the victim into opening it, trigger an out-of-bounds read error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
14) Buffer overflow (CVE-ID: CVE-2020-3827)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing JPEG files. A remote attacker can create a specially crafted JPEG file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
15) Incorrect default permissions (CVE-ID: CVE-2020-9774)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to Siri Suggestions can access encrypted data. A local user can gain access to sensitive information.
16) Buffer overflow (CVE-ID: CVE-2020-3863)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in crontab implementation. A local user can create a specially crafted cron job and execute arbitrary code with elevated privileges.
17) UNIX symbolic link following (CVE-ID: CVE-2020-3835)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue in Crash Reporter. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
Successful exploitation of this vulnerability may result in privilege escalation.
18) Type Confusion (CVE-ID: CVE-2020-3853)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a type confusion error in OS kernel. A local user can run a specially crafted program to trigger type confusion and execute arbitrary code with elevated privileges.
19) Improper Initialization (CVE-ID: CVE-2020-3872)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper initialization in OS kernel. A local user can run a specially crafted application to read restricted memory.
20) Input validation error (CVE-ID: CVE-2020-3875)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in OS kernel. A local user can read restricted memory on the system.
Remediation
Install update from vendor's website.