Apple released security updates for multiple products today. A total of 46 vulnerabilities were addressed. Exploitation of some of these security flaws could allow an attacker to take control of an affected system.

The update for macOS includes fixes for 33 vulnerabilities which could allow an attacker to execute arbitrary code with kernel privileges, cause unexpected termination of application, leak memory, gain access to restricted files, determine kernel memory layout, gain elevated privileges, overwrite arbitrary files, corrupt kernel memory, etc. The update also includes fix for a PHP remote code execution bug which was exploited in-the-wild in October 2019.

Two vulnerabilities have been fixed in Apple Safari. An address bar spoofing attack could be launched by tricking a user into visiting a malicious website using the vulnerable browser. Also, a local user can be tricked into sending a password unencrypted over the network.

A faulty permissions logic issue in Apple iTunes could be used by an attacker to gain access to protected parts of the file system. This vulnerability which affects Windows 7 and later, was addressed with improved permissions logic.


Apple Security Updates Summary for January 2020:

macOS

  • Affected OS : macOS Catalina, Mojave and High Sierra
  • Affected features : AnnotationKit, Audio, CoreBluetooth, Crash Reporter, IOAcceleratorFamily, IPSec, Image Processing, ImageIO, Intel Graphics Driver, Kernel, PackageKit, Security, System, Wi-Fi, apache_mod_php, autofs, libxml2, libxpc, sudo, wifivelocityd
  • Impact : Information Disclosure, Arbitrary Code Execution, Denial of Service, Privilege Escalation
  • CVEs : CVE-2019-11043, CVE-2019-18634, CVE-2020-3826, CVE-2020-3827, CVE-2020-3829, CVE-2020-3830, CVE-2020-3835, CVE-2020-3836, CVE-2020-3837, CVE-2020-3838, CVE-2020-3839, CVE-2020-3840, CVE-2020-3842, CVE-2020-3843, CVE-2020-3845, CVE-2020-3846, CVE-2020-3847, CVE-2020-3848, CVE-2020-3849, CVE-2020-3850, CVE-2020-3853, CVE-2020-3854, CVE-2020-3855, CVE-2020-3856, CVE-2020-3857, CVE-2020-3866, CVE-2020-3870, CVE-2020-3871, CVE-2020-3872, CVE-2020-3875, CVE-2020-3877, CVE-2020-3878

Safari

  • Affected OS : macOS Mojave, macOS High Sierra, and macOS Catalina
  • Affected features : Safari, Safari Login AutoFill
  • Impact : Information Disclosure, Spoofing
  • CVEs : CVE-2020-3833, CVE-2020-3841

iTunes

  • Affected OS : Windows 7 and later
  • Affected features : Mobile Device Service
  • Impact : Unauthorized access to protected parts of the file system
  • CVEs : CVE-2020-3861

tvOS

  • Affected OS : Apple TV 4K and Apple TV HD
  • Affected features : Audio, IOAcceleratorFamily, IPSec, ImageIO, Kernel, WebKit, libxpc, wifivelocityd
  • Impact : Information Disclosure, Arbitrary Code Execution, Privilege Escalation
  • CVEs : CVE-2020-3829, CVE-2020-3836, CVE-2020-3837, CVE-2020-3838, CVE-2020-3840, CVE-2020-3842, CVE-2020-3853, CVE-2020-3856, CVE-2020-3857, CVE-2020-3868, CVE-2020-3870, CVE-2020-3872, CVE-2020-3875, CVE-2020-3878

watchOS

  • Affected OS : watchOS
  • Affected features : AnnotationKit, Audio, IOAcceleratorFamily, ImageIO, Kernel, libxpc, wifivelocityd
  • Impact : Arbitrary Code Execution, Privilege Escalation, Denial of Service, Information Disclosure
  • CVEs : CVE-2020-3829, CVE-2020-3834, CVE-2020-3836, CVE-2020-3837, CVE-2020-3838, CVE-2020-3842, CVE-2020-3853, CVE-2020-3856, CVE-2020-3857, CVE-2020-3860, CVE-2020-3870, CVE-2020-3872, CVE-2020-3875, CVE-2020-3877, CVE-2020-3878

iOS and iPadOS

  • Affected OS : iOS and iPadOS
  • Affected features : Audio, FaceTime, IOAcceleratorFamily, IPSec, ImageIO, Kernel, Mail, Messages, Phone, Safari Login AutoFill, Screenshots, libxpc, wifivelocityd
  • Impact : Arbitrary Code Execution, Privilege Escalation, Information Disclosure
  • CVEs : CVE-2020-3828, CVE-2020-3829, CVE-2020-3831, CVE-2020-3836, CVE-2020-3837, CVE-2020-3838, CVE-2020-3840, CVE-2020-3841, CVE-2020-3842, CVE-2020-3844, CVE-2020-3853, CVE-2020-3856, CVE-2020-3857, CVE-2020-3858, CVE-2020-3859, CVE-2020-3860, CVE-2020-3869, CVE-2020-3870, CVE-2020-3872, CVE-2020-3873, CVE-2020-3874, CVE-2020-3875, CVE-2020-3878

SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download SanerNow and keep your systems updated and secure.

Summary
Apple Security Updates January 2020
Article Name
Apple Security Updates January 2020
Author
Publisher Name
SecPod Technologies
Publisher Logo

Leave a Reply

Your email address will not be published. Required fields are marked *