====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN611
_____________________________________________________________________

DATE                : 06/11/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): macOS Catalina versions up to and including
                                           10.15.7.

=====================================================================
https://lists.apple.com/archives/security-announce/2020/Nov/msg00005.html
_____________________________________________________________________

APPLE-SA-2020-11-05-6 macOS Catalina 10.15.7 Supplemental Update,
macOS Catalina 10.15.7 Update

macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7
Update is now available and address the following issues. Information
about the security content is also available at
https://support.apple.com/HT211947.

FontParser
Available for: macOS Catalina 10.15.7
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution. Apple is aware of reports that an exploit for this
issue exists in the wild.
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-27930: Google Project Zero

Kernel
Available for: macOS Catalina 10.15.7
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges. Apple is aware of reports that an exploit for
this issue exists in the wild.
Description: A type confusion issue was addressed with improved state
handling.
CVE-2020-27932: Google Project Zero

Kernel
Available for: macOS Catalina 10.15.7
Impact: A malicious application may be able to disclose kernel
memory. Apple is aware of reports that an exploit for this issue
exists in the wild.
Description: A memory initialization issue was addressed.
CVE-2020-27950: Google Project Zero

Installation note:

macOS Catalina 10.15.7 Supplemental Update, macOS Catalina
10.15.7 Update may be obtained from the Mac App Store or Apple’s
Software Downloads web site: https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================