==================================================================== CERT-Renater Note d'Information No. 2020/VULN537 _____________________________________________________________________ DATE : 25/09/2020 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): macOS versions up to and including 10.15.6. ===================================================================== https://lists.apple.com/archives/security-announce/2020/Sep/msg00005.html _____________________________________________________________________ APPLE-SA-2020-09-24-1 macOS Catalina 10.15.6 Supplemental Update, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave macOS Catalina 10.15.6 Supplemental Update, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave are now available and address the following: ImageIO Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9961: Xingwei Lin of Ant Group Light-Year Security Lab Mail Available for: macOS High Sierra 10.13.6 Impact: A remote attacker may be able to unexpectedly alter application state Description: This issue was addressed with improved checks. CVE-2020-9941: Fabian Ising of FH Münster University of Applied Sciences and Damian Poddebniak of FH Münster University of Applied Sciences Model I/O Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15 Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9973: Aleksandar Nikolic of Cisco Talos Sandbox Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15 Impact: A malicious application may be able to access restricted files Description: A logic issue was addressed with improved restrictions. CVE-2020-9968: Adam Chester(@xpn) of TrustedSec Additional recognition Bluetooth We would like to acknowledge Andy Davis of NCC Group for their assistance. Installation note: macOS Catalina 10.15.6 Supplemental Update, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ ========================================================= + CERT-RENATER       |    tel : 01-53-94-20-44          + + 23/25 Rue Daviel   |    fax : 01-53-94-20-41          + + 75013 Paris        |    email:cert@support.renater.fr + =========================================================