====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN687
_____________________________________________________________________

DATE                : 15/12/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): macOS Server versions prior to 5.11.

=====================================================================

APPLE-SA-2020-12-14-9 macOS Server 5.11

macOS Server 5.11 addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT211932.

Profile Manager
Available for: macOS Big Sur
Impact: Processing a maliciously crafted URL may lead to an open
redirect or cross site scripting
Description: An issue existed in the parsing of URLs. This issue was
addressed with improved input validation.
CVE-2020-9995: Rajpal Arora (@whacktohack), Rohan Sharma (r0hanSH)

Additional recognition

macOS Server
We would like to acknowledge Patrick Schlangen for their assistance.

Installation note:

macOS Server 5.11 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
_____________________________________________________________________


APPLE-SA-2020-12-14-9 macOS Server 5.11

macOS Server 5.11 addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT211932.

Profile Manager
Available for: macOS Big Sur
Impact: Processing a maliciously crafted URL may lead to an open
redirect or cross site scripting
Description: An issue existed in the parsing of URLs. This issue was
addressed with improved input validation.
CVE-2020-9995: Rajpal Arora (@whacktohack), Rohan Sharma (r0hanSH)

Additional recognition

macOS Server
We would like to acknowledge Patrick Schlangen for their assistance.

Installation note:

macOS Server 5.11 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================