In all versions of the package github.com/unknwon/cae/tz, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide.

*   **Attack Complexity**
    
    Low
    
*   **Integrity**
    
    High
    

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

*   **snyk-id**
    
    SNYK-GOLANG-GITHUBCOMUNKNWONCAETZ-570384
    
*   **published**
    
    5 Jun 2020
    
*   **disclosed**
    
    26 May 2020
    
*   **credit**
    
    Georgios Gkitsas of Snyk Security Team
    

**How to fix?**

**Overview**

**Details**

**References**

CVE-2020-7668: Arbitrary File Write via Archive Extraction (Zip Slip) in github.com/unknwon/cae/tz | Snyk

The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS has Missing SSL Certificate Validation.

**Overview**"VIPRE Password Vault is the fast and easy way to securely manage all of your passwords without the hassle of writing them down or storing them on a spreadsheet. Whether you are logging into your favorite social media site, ordering the latest gadget from your favorite e-tailer, paying your bills online, or booking your vacation log in safely and securely using VIPRE’s new password manager."

(https://support.threattracksecurity.com/support/solutions/articles/1000104275-what-is-vipre-password-vault)

**Issue**The VIPRE Password Vault iOS application (version 1.100.1090 and below, later versions have not been tested), does not validate the SSL certificate it receives when connecting to the application login server.**Impact**An attacker who can perform a man in the middle attack may present a bogus SSL certificate which the application will accept silently. Sensitive information such as passwords could be captured by an attacker without the user's knowledge.**Timeline**July 18, 2015 - Attempted to notify ThreatTrack Security via security@vipreantivirus.com  
July 29, 2015 - Notified ThreatTrack Security via a contact form  
July 31, 2015 - ThreatTrack Security advised that the information has been routed to the proper team for remediation  
December 3, 2015 - Provided the details to CERT/CC  
April 3, 2016 - Provided the details to the Apple Product Security team  
June 22, 2020 - Published an advisory to document the issue  
**CVE-ID:**CVE-2020-14981**Questions?**Contact Information

**Info-Sec.CA**

CVE-2020-14981: VIPRE Password Vault iOS Application - MITM SSL Certificate Vulnerability (CVE-2020-14981)

Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key.

** PSIRT Advisories**

**Use of a hard-coded cryptographic key to cipher sensitive data in CLI configuration**

**Summary**

Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiOS, FortiManager and FortiAnalyzer may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key.

**Affected Products**

CVE-2019-6693: FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below  
(impacts all credential data of type "ENC" in FortiOS CLI configuration except the administrator's password)  
CVE-2020-9289: FortiManager 6.2.4 and below  
(impacts all credential data of type "ENC" in FortiManager CLI configuration)  
CVE-2020-9289: FortiAnalyzer 6.2.3 and below  
(impacts all credential data of type "ENC" in FortiAnalyzer CLI configuration)  
If the CLI configuration is exposed (typical example: Willingly posted on a forum for troubleshooting purpose), it is possible to decrypt the encrypted ENC type data to plaintext using this hard-coded cryptographic key. Same goes for the system backup file, if it is not password protected.

**Solutions**

FortiOS: In versions 5.6.11 and above, 6.0.7 and above, and 6.2.1 and above, administrators can choose to be prompted for a password, which is then used by FortiOS to encrypt sensitive data in the configuration file.

The following steps enable this option:

\# config system global

\# set private-data-encryption enable /\* disabled by default \*/

\# end

FortiManager: Upgrade to FortiManager 6.2.5 or above and enable the following newly introduced CLI setting, to prompt for a user-defined cryptographic key; the user-defined key will then be used to cipher ENC type data in the configuration:

\# configure system global

\# set private-data-encryption enable /\* disabled by default \*/

\# end

FortiAnalyzer: Upgrade to FortiAnalyzer 6.2.4 or above and enable the following newly introduced CLI setting, to prompt for a user-defined cryptographic key; the user-defined key will then be used to cipher ENC type data in the configuration:

\# configure system global

\# set private-data-encryption enable /\* disabled by default \*/

\# end

Workaround: \* Always use a password to protect the system configuration file when performing backups \*

The impacted ENC type data in CLI configuration, if exposed, should currently be considered "easy to decrypt" by potential attackers. Thus, avoid exposure of configuration in unsafe and/or public channels (forums, etc...) Note: Enabling private-data-encryption on FortiGates that are centrally managed by a FortiManager or are in High Availability mode may lead to some bugs including an install errors on the FortiManager side and split-brain. This issue is fixed in FortiManager versions 6.2.7 and above and in FortiGate versions 6.2.6, 6.4.4, 6.6.0 and above. Moreover, we can verify that the user provided key is the same on FortiManager and FortiGate sides by executing the below commands: FortiGate-201E

\# exec private-encryption-key sample FortiGate-201E

\# exec private-encryption-key verify

Verification passed.

Revision History:

11-19-2019 Initial Version

06-11-2020 Add FortiManager CVE-2020-9289 06-30-2020 Add FortiAnalyzer CVE-2020-9289

11-13-2020 Update Solution section

**Acknowledgement**

Fortinet is pleased to thank Bart Dopheide (bart.dopheide@axians.com) for reporting CVE-2019-6693 as well as independent research team Denis Kolegov, Maxim Gorbunov, Nikita Oleksov and Anton Nikolaev for reporting CVE-2019-6693 and CVE-2020-9289 under responsible disclosure.

CVE-2020-9289: Fortiguard

A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges.

Released May 20, 2020

**Accounts**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A remote attacker may be able to cause a denial of service

Description: A denial of service issue was addressed with improved input validation.

CVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt

**AirDrop**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A remote attacker may be able to cause a denial of service

Description: A denial of service issue was addressed with improved input validation.

CVE-2020-9826: Dor Hadad of Palo Alto Networks

**AppleMobileFileIntegrity**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A malicious application could interact with system processes to access private information and perform privileged actions

Description: An entitlement parsing issue was addressed with improved parsing.

CVE-2020-9842: Linus Henze (pinauten.de)

**Audio**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative

**Audio**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative

**Bluetooth**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic

Description: An issue existed with the use of a PRNG with low entropy. This issue was addressed with improved state management.

CVE-2020-6616: Jörn Tillmanns (@matedealer) and Jiska Classen (@naehrdine) of Secure Mobile Networking Lab

**Bluetooth**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A remote attacker may be able to cause arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-9838: Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab

**CoreText**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing a maliciously crafted text message may lead to application denial of service

Description: A validation issue was addressed with improved input sanitization.

CVE-2020-9829: Aaron Perris (@aaronp613), an anonymous researcher, an anonymous researcher, Carlos S Tech, Sam Menzies of Sam’s Lounge, Sufiyan Gouri of Lovely Professional University, India, Suleman Hasan Rathor of Arabic-Classroom.com

**FaceTime**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing

Description: An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic.

CVE-2020-9835: Olivier Levesque (@olilevesque)

**File System**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A remote attacker may be able to modify the file system

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9820: Thijs Alkemade of Computest

**FontParser**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-9816:  Peter Nguyen Vu Hoang of STAR Labs working with Trend Micro Zero Day Initiative

**ImageIO**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-3878: Samuel Groß of Google Project Zero

**ImageIO**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-9789: Wenchao Li of VARAS@IIE

CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab

**IPSec**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A remote attacker may be able to leak memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-9837: Thijs Alkemade of Computest

**Kernel**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab

**Kernel**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A malicious application may be able to determine another application's memory layout

Description: An information disclosure issue was addressed by removing the vulnerable code.

CVE-2020-9797: an anonymous researcher

**Kernel**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: An integer overflow was addressed through improved input validation.

CVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab

**Kernel**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team

**Kernel**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: An application may be able to cause unexpected system termination or write kernel memory

Description: A memory corruption issue was addressed with improved state management.

CVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab

**Kernel**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A local user may be able to read kernel memory

Description: An information disclosure issue was addressed with improved state management.

CVE-2020-9811: Tielei Wang of Pangu Lab

CVE-2020-9812: derrek (@derrekr6)

**Kernel**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management.

CVE-2020-9813: Xinru Chi of Pangu Lab

CVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab

**Kernel**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A malicious application may be able to determine kernel memory layout

Description: An information disclosure issue was addressed with improved state management.

CVE-2020-9809: Benjamin Randazzo (@\_\_\_\_benjamin)

**libxpc**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A malicious application may be able to overwrite arbitrary files

Description: A path handling issue was addressed with improved validation.

CVE-2020-9994: Apple

Entry added September 21, 2020

**Mail**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing a maliciously crafted mail message may lead to heap corruption

Description: A memory consumption issue was addressed with improved memory handling.

CVE-2020-9819: ZecOps.com

**Mail**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-9818: ZecOps.com

**Messages**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Users removed from an iMessage conversation may still be able to alter state

Description: This issue was addressed with improved checks.

CVE-2020-9823: Suryansh Mansharamani, student of Community Middle School, Plainsboro, New Jersey

**Notifications**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A person with physical access to an iOS device may be able to view notification contents from the lockscreen

Description: An authorization issue was addressed with improved state management.

CVE-2020-9848: Nima

**rsync**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A remote attacker may be able to overwrite existing files

Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.

CVE-2014-9512: gaojianfeng

Entry added July 28, 2020

**Sandbox**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A malicious application may be able to bypass Privacy preferences

Description: An access issue was addressed with additional sandbox restrictions.

CVE-2020-9825: Sreejith Krishnan R (@skr0x1C0)

**Security**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: An application may be able to gain elevated privileges

Description: A logic issue was addressed with improved validation.

CVE-2020-9854: Ilias Morad (A2nkF)

Entry added July 28, 2020

**SQLite**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A malicious application may cause a denial of service or potentially disclose memory contents

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-9794

**System Preferences**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: An application may be able to gain elevated privileges

Description: A race condition was addressed with improved state handling.

CVE-2020-9839: @jinmo123, @setuid0x0\_, and @insu\_yun\_en of @SSLab\_Gatech working with Trend Micro’s Zero Day Initiative

**USB Audio**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A USB device may be able to cause a denial of service

Description: A validation issue was addressed with improved input sanitization.

CVE-2020-9792: Andy Davis of NCC Group

**WebKit**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9805: an anonymous researcher

**WebKit**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9802: Samuel Groß of Google Project Zero

**WebKit**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A remote attacker may be able to cause arbitrary code execution

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9850: @jinmo123, @setuid0x0\_, and @insu\_yun\_en of @SSLab\_Gatech working with Trend Micro’s Zero Day Initiative

**WebKit**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing maliciously crafted web content may lead to a cross site scripting attack

Description: An input validation issue was addressed with improved input validation.

CVE-2020-9843: Ryan Pickren (ryanpickren.com)

**WebKit**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2020-9803: Wen Xu of SSLab at Georgia Tech

**WebKit**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2020-9806: Wen Xu of SSLab at Georgia Tech

CVE-2020-9807: Wen Xu of SSLab at Georgia Tech

**WebKit**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A type confusion issue was addressed with improved memory handling.

CVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative

**WebRTC**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing maliciously crafted web content may result in the disclosure of process memory

Description: An access issue was addressed with improved memory management.

CVE-2019-20503: natashenka of Google Project Zero

**Wi-Fi**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory

Description: A double free issue was addressed with improved memory management.

CVE-2020-9844: Ian Beer of Google Project Zero

**Wi-Fi**

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2020-9830: Tielei Wang of Pangu Lab

Entry added August 10, 2020

CVE-2020-9839: About the security content of iOS 13.5 and iPadOS 13.5

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

Released May 26, 2020

**Safari**

Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina

Impact: A malicious process may cause Safari to launch an application

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9801: @jinmo123, @setuid0x0\_, and @insu\_yun\_en of @SSLab\_Gatech working with Trend Micro’s Zero Day Initiative

**WebKit**

Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9802: Samuel Groß of Google Project Zero

**WebKit**

Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9805: an anonymous researcher

**WebKit**

Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A type confusion issue was addressed with improved memory handling.

CVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative

**WebKit**

Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2020-9806: Wen Xu of SSLab at Georgia Tech

CVE-2020-9807: Wen Xu of SSLab at Georgia Tech

**WebKit**

Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina

Impact: A remote attacker may be able to cause arbitrary code execution

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9850: @jinmo123, @setuid0x0\_, and @insu\_yun\_en of @SSLab\_Gatech working with Trend Micro’s Zero Day Initiative

**WebKit**

Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina

Impact: Processing maliciously crafted web content may lead to a cross site scripting attack

Description: An input validation issue was addressed with improved input validation.

CVE-2020-9843: Ryan Pickren (ryanpickren.com)

**WebKit**

Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2020-9803: Wen Xu of SSLab at Georgia Tech

**WebRTC**

Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina

Impact: Processing maliciously crafted web content may result in the disclosure of process memory

Description: An access issue was addressed with improved memory management.

CVE-2019-20503: natashenka of Google Project Zero

CVE-2020-9806: About the security content of Safari 13.1.1

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.

Released May 26, 2020

**Accounts**

Available for: macOS Catalina 10.15.4

Impact: A remote attacker may be able to cause a denial of service

Description: A denial of service issue was addressed with improved input validation.

CVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt

**Accounts**

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9772: Allison Husain of UC Berkeley

**AirDrop**

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4

Impact: A remote attacker may be able to cause a denial of service

Description: A denial of service issue was addressed with improved input validation.

CVE-2020-9826: Dor Hadad of Palo Alto Networks

**AppleMobileFileIntegrity**

Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4

Impact: A malicious application could interact with system processes to access private information and perform privileged actions

Description: An entitlement parsing issue was addressed with improved parsing.

CVE-2020-9842: Linus Henze (pinauten.de)

**AppleUSBNetworking**

Available for: macOS Catalina 10.15.4

Impact: Inserting a USB device that sends invalid messages may cause a kernel panic

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9804: Andy Davis of NCC Group

**Audio**

Available for: macOS Catalina 10.15.4

Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative

**Audio**

Available for: macOS Catalina 10.15.4

Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative

**Bluetooth**

Available for: macOS Catalina 10.15.4

Impact: A malicious application may be able to determine kernel memory layout

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-9831: Yu Wang of Didi Research America

**Bluetooth**

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6

Impact: A local user may be able to cause unexpected system termination or read kernel memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-9779: Yu Wang of Didi Research America

Entry added September 21, 2020

**Calendar**

Available for: macOS Catalina 10.15.4

Impact: Importing a maliciously crafted calendar invitation may exfiltrate user information

Description: This issue was addressed with improved checks.

CVE-2020-3882: Andy Grant of NCC Group

**CoreBluetooth**

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6

Impact: A remote attacker may be able to leak sensitive user information

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-9828: Jianjun Dai of Qihoo 360 Alpha Lab

**CVMS**

Available for: macOS Catalina 10.15.4

Impact: An application may be able to gain elevated privileges

Description: This issue was addressed with improved checks.

CVE-2020-9856: @jinmo123, @setuid0x0\_, and @insu\_yun\_en of @SSLab\_Gatech working with Trend Micro’s Zero Day Initiative

**DiskArbitration**

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.4

Impact: A malicious application may be able to break out of its sandbox

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-9847: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud (bugcloud.360.cn)

**Find My**

Available for: macOS Catalina 10.15.4

Impact: A local attacker may be able to elevate their privileges

Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.

CVE-2020-9855: Zhongcheng Li(CK01) of Topsec Alpha Team

**FontParser**

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4

Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-9816:  Peter Nguyen Vu Hoang of STAR Labs working with Trend Micro Zero Day Initiative

**ImageIO**

Available for: macOS Catalina 10.15.4

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-3878: Samuel Groß of Google Project Zero

**ImageIO**

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-9789: Wenchao Li of VARAS@IIE

CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab

**Intel Graphics Driver**

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-9822: ABC Research s.r.o

**Intel Graphics Driver**

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.4

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved state handling.

CVE-2020-9796: ABC Research s.r.o.

Entry added July 28, 2020

**IPSec**

Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4

Impact: A remote attacker may be able to leak memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-9837: Thijs Alkemade of Computest

**Kernel**

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab

**Kernel**

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4

Impact: A malicious application may be able to determine another application's memory layout

Description: An information disclosure issue was addressed by removing the vulnerable code.

CVE-2020-9797: an anonymous researcher

**Kernel**

Available for: macOS Catalina 10.15.4

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: An integer overflow was addressed with improved input validation.

CVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab

**Kernel**

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team

**Kernel**

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4

Impact: An application may be able to cause unexpected system termination or write kernel memory

Description: A memory corruption issue was addressed with improved state management.

CVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab

**Kernel**

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.4

Impact: A local user may be able to read kernel memory

Description: An information disclosure issue was addressed with improved state management.

CVE-2020-9811: Tielei Wang of Pangu Lab

CVE-2020-9812: derrek (@derrekr6)

**Kernel**

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management.

CVE-2020-9813: Xinru Chi of Pangu Lab

CVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab

**Kernel**

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4

Impact: A malicious application may be able to determine kernel memory layout

Description: An information disclosure issue was addressed with improved state management.

CVE-2020-9809: Benjamin Randazzo (@\_\_\_\_benjamin)

**ksh**

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4

Impact: A local user may be able to execute arbitrary shell commands

Description: An issue existed in the handling of environment variables. This issue was addressed with improved validation.

CVE-2019-14868

**libxpc**

Available for: macOS Catalina 10.15.4

Impact: A malicious application may be able to overwrite arbitrary files

Description: A path handling issue was addressed with improved validation.

CVE-2020-9994: Apple

Entry added September 21, 2020

**NSURL**

Available for: macOS Mojave 10.14.6

Impact: A malicious website may be able to exfiltrate autofilled data in Safari

Description: An issue existed in the parsing of URLs. This issue was addressed with improved input validation.

CVE-2020-9857: Dlive of Tencent Security Xuanwu Lab

**PackageKit**

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4

Impact: A malicious application may be able to gain root privileges

Description: A permissions issue existed. This issue was addressed with improved permission validation.

CVE-2020-9817: Andy Grant of NCC Group

**PackageKit**

Available for: macOS Catalina 10.15.4

Impact: A malicious application may be able to modify protected parts of the file system

Description: An access issue was addressed with improved access restrictions.

CVE-2020-9851: an anonymous researcher, Linus Henze (pinauten.de)

Entry updated July 15, 2020

**Python**

Available for: macOS Catalina 10.15.4

Impact: A remote attacker may be able to cause arbitrary code execution

Description: A memory corruption issue was addressed with improved input validation.

CVE-2020-9793

**rsync**

Available for: macOS Catalina 10.15.4

Impact: A remote attacker may be able to overwrite existing files

Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.

CVE-2014-9512: gaojianfeng

Entry added July 28, 2020

**Sandbox**

Available for: macOS Catalina 10.15.4

Impact: A malicious application may be able to bypass Privacy preferences

Description: An access issue was addressed with additional sandbox restrictions.

CVE-2020-9825: Sreejith Krishnan R (@skr0x1C0)

**Sandbox**

Available for: macOS Mojave 10.14.6

Impact: A user may gain access to protected parts of the file system

Description: This issue was addressed with a new entitlement.

CVE-2020-9771: Csaba Fitzl (@theevilbit) of Offensive Security

**Security**

Available for: macOS Catalina 10.15.4

Impact: A file may be incorrectly rendered to execute JavaScript

Description: A validation issue was addressed with improved input sanitization.

CVE-2020-9788: Wojciech Reguła of SecuRing (wojciechregula.blog)

Entry updated July 15, 2020

**Security**

Available for: macOS Catalina 10.15.4

Impact: An application may be able to gain elevated privileges

Description: A logic issue was addressed with improved validation.

CVE-2020-9854: Ilias Morad (A2nkF)

Entry added July 28, 2020

**SIP**

Available for: macOS Catalina 10.15.4

Impact: A non-privileged user may be able to modify restricted network settings

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9824: @jamestraynor, Csaba Fitzl (@theevilbit) of Offensive Security

Entry updated June 10, 2020

**Software Update**

Available for: macOS Catalina 10.15.4

Impact: A person with physical access to a Mac may be able to bypass Login Window

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9810: Francis @francisschmaltz

Entry added July 15, 2020

**SQLite**

Available for: macOS Catalina 10.15.4

Impact: A malicious application may cause a denial of service or potentially disclose memory contents

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-9794

**System Preferences**

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4

Impact: An application may be able to gain elevated privileges

Description: A race condition was addressed with improved state handling.

CVE-2020-9839: @jinmo123, @setuid0x0\_, and @insu\_yun\_en of @SSLab\_Gatech working with Trend Micro’s Zero Day Initiative

**USB Audio**

Available for: macOS Catalina 10.15.4

Impact: A USB device may be able to cause a denial of service

Description: A validation issue was addressed with improved input sanitization.

CVE-2020-9792: Andy Davis of NCC Group

**Wi-Fi**

Available for: macOS Catalina 10.15.4

Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory

Description: A double free issue was addressed with improved memory management.

CVE-2020-9844: Ian Beer of Google Project Zero

**Wi-Fi**

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2020-9830: Tielei Wang of Pangu Lab

**Wi-Fi**

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2020-9834: Yu Wang of Didi Research America

**Wi-Fi**

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4

Impact: A local user may be able to read kernel memory

Description: A memory initialization issue was addressed with improved memory handling.

CVE-2020-9833: Yu Wang of Didi Research America

**Wi-Fi**

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4

Impact: A malicious application may be able to determine kernel memory layout

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-9832: Yu Wang of Didi Research America

**WindowServer**

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An integer overflow was addressed with improved input validation.

CVE-2020-9841: ABC Research s.r.o. working with Trend Micro Zero Day Initiative

**zsh**

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4

Impact: A local attacker may be able to elevate their privileges

Description: An authorization issue was addressed with improved state management.

CVE-2019-20044: Sam Foxman

CVE-2020-9830: About the security content of macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution.

CVE-2020-9815

A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.

This is the twelfth release of VLC 3.0 branch, named "Vetinari",
in reference to the Lord Patrician from Discworld.

This updates contains various fixes and improvements:
- Fixes a regression with some encrypted HLS streams
- Fixes HLS live stream playback regression
- Fixes imprecise seeking in m4a files
- Fixes resampling on Android
- Fixes a potential crash on startup on macOS
- Fixes a crash when listing blurays mount points on macOS
- Avoids unnecessary permision warnings on macOS
- Fixes AAC playback regressions

Additionanally, it fixes the security issue reported as
CVE-2020-13428, and bumps libarchive to 3.4.2 as a result of
CVE-2020-9308 & CVE-2019-19221

Check our NEWS file for more details!

Assets 2

*   2020-06-04T14:42:26Z
    
*   2020-06-04T14:42:26Z

CVE-2020-13428: Release VLC media player 3.0.11 'Vetinari' · videolan/vlc-3.0

Incorrect implementation in user interface in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

CVE-2020-6498

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privileges. The vulnerability is due to insufficient validation of user-supplied content. This vulnerability could allow an attacker to load malicious software onto an affected device.

*   When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution.
    
    In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
    
    **Cisco IOS and IOS XE Software**
    
    To help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides the Cisco Software Checker to identify any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory (“First Fixed”). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities described in all the advisories identified (“Combined First Fixed”).
    
    Customers can use the Cisco Software Checker to search advisories in the following ways:
    
    *   Choose the software and one or more releases
    *   Upload a .txt file that includes a list of specific releases
    *   Enter the output of the **show version** command
    
    After initiating a search, customers can customize the search to include all Cisco Security Advisories, a specific advisory, or all advisories in the most recent bundled publication.
    
    Customers can also use the following form to determine whether a release is affected by any Cisco Security Advisory by entering a Cisco IOS or IOS XE Software release-for example, **15.1(4)M2** or **3.13.8S**:
    
    By default, the Cisco Software Checker includes results only for vulnerabilities that have a Critical or High Security Impact Rating (SIR). To include results for Medium SIR vulnerabilities, customers can use the Cisco Software Checker on Cisco.com and check the **Medium** check box in the drop-down list under **Impact Rating** when customizing a search.
    
    For a mapping of Cisco IOS XE Software releases to Cisco IOS Software releases, refer to the Cisco IOS XE 2 Release Notes, Cisco IOS XE 3S Release Notes, or Cisco IOS XE 3SG Release Notes, depending on the Cisco IOS XE Software release.

Tag

#ios