CERT-In Advisory
CIAD-2020-0077
Multiple Vulnerabilities in Apple macOS Big Sur
Original Issue Date: November 16, 2020
Severity Rating: High
Software Affected
- Apple macOS Big Sur versions prior to 11.0.1 (for Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models))
Overview
Multiple vulnerabilities have been reported in Apple macOS which could allow a remote attacker to gain elevated privileges, read restricted memory, access sensitive information, execute arbitrary code, hijack VPN connections, corrupt kernel memory, bypass sandbox restrictions, spoof URL or cause denial of service conditions on the targeted system.
Description
These vulnerabilities exist due to improper input validation, out-of-bounds read write errors, improper state management issues, memory corruption errors, improper access restrictions and insufficient verification and checks, and logical issues in App Store, Audio, Bluetooth, CoreAudio, CoreCapture, CoreGraphics, Crash Reporter, CoreText, Disk Images, Finder, FontParser, Foundation, ImageIO, Kernel, libxml2, libxpc, Logging, Mail, Messages, Model I/O, NetworkExtension, NSRemoteView, PCRE, Power Management, python, Quick Look, Ruby, Safari, Sandbox, SQLite, System Preferences, WebKit, Wi-Fi, Xsan components of macOS Big Sur.
Successful exploitation of the vulnerability could allow a remote attacker to gain elevated privileges, read restricted memory, access sensitive information, execute arbitrary code, hijack VPN connections, corrupt kernel memory, bypass sandbox restrictions, spoof URL or cause denial of service conditions on the targeted system.
Solution
Apply appropriate patches as mentioned in the
Apple Security Updates
Vendor Information
Apple
https://support.apple.com/en-us/HT211931
References
Apple
https://support.apple.com/en-us/HT211931
CVE Name
CVE-2020-27903
CVE-2020-27910
CVE-2020-27916
CVE-2020-9943
CVE-2020-9944
CVE-2020-27906
CVE-2020-10017
CVE-2020-9949
CVE-2020-9883
CVE-2020-10003
CVE-2020-9999
CVE-2020-9965
CVE-2020-9966
CVE-2020-27894
CVE-2020-27930
CVE-2020-27927
CVE-2020-10002
CVE-2020-27912
CVE-2020-9876
CVE-2020-27904
CVE-2019-14899
CVE-2020-27950
CVE-2020-9974
CVE-2020-10016
CVE-2020-27932
CVE-2020-27917
CVE-2020-27911
CVE-2020-10014
CVE-2020-10010
CVE-2020-9941
CVE-2020-9988
CVE-2020-9989
CVE-2020-13524
CVE-2020-10004
CVE-2020-9996
CVE-2020-27900
CVE-2019-20838
CVE-2020-14155
CVE-2020-10007
CVE-2020-27896
CVE-2020-9963
CVE-2020-10012
CVE-2020-10663
CVE-2020-9945
CVE-2020-9977
CVE-2020-9942
CVE-2020-9969
CVE-2020-9991
CVE-2020-9849
CVE-2020-15358
CVE-2020-13631
CVE-2020-13434
CVE-2020-13435
CVE-2020-13630
CVE-2020-10009
CVE-2020-27918
CVE-2020-27898
CVE-2020-10006
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|