Apple released security updates for multiple products. The exploitation of some of these security flaws will allow an attacker to crash the application or potentially control affected systems.
The updates for macOS include fixes for 59 vulnerabilities, which could allow an attacker to execute arbitrary code with kernel or system privileges, gain elevated privileges, bypass privacy preferences, read restricted memory, cause unexpected application termination or heap corruption, disclose process memory, read arbitrary files, etc.
An improper input validation issue existed in the parsing of URLs of the macOS Server. The flaw could be used by an attacker to conduct open redirect or cross-site scripting attacks. This vulnerability, which affects macOS Big Sur, was addressed with improved input validation.
A Use-After-Free vulnerability has been fixed in Apple Safari. Processing of maliciously crafted web content may allow attackers to launch arbitrary code execution. The issue was fixed by improving memory management.
Apple Security Updates Summary for December 2020
- Affected OS: macOS Big Sur, Catalina, and Mojave
- Affected features: AMD, App Store, AppleGraphicsControl, AppleMobileFileIntegrity, Audio, Bluetooth, CoreAudio, FontParser, Graphics Drivers, HomeKit, Image Processing, ImageIO, Intel Graphics Driver, libxml2, Kernel, libxpc, Logging, Model I/O, NSRemoteView, Power Management, Quick Look, Ruby, System Preferences, WebRTC, Wi-Fi
- Impact: Information Disclosure, Privilege Escalation, Arbitrary code execution, Security Bypass, Memory Corruption, Cross site scripting, File System Modification
- CVEs: CVE-2020-27914, CVE-2020-27915, CVE-2020-27903, CVE-2020-27941, CVE-2020-29621, CVE-2020-27910, CVE-2020-9943, CVE-2020-9944, CVE-2020-27916, CVE-2020-27906, CVE-2020-27948, CVE-2020-9960, CVE-2020-27908, CVE-2020-10017, CVE-2020-27922, CVE-2020-27946, CVE-2020-9962, CVE-2020-27952, CVE-2020-9956, CVE-2020-27931, CVE-2020-27943, CVE-2020-27944, CVE-2020-10002, CVE-2020-27947, CVE-2020-29612, CVE-2020-9978, CVE-2020-27919, CVE-2020-29616, CVE-2020-27924, CVE-2020-29618, CVE-2020-29611, CVE-2020-29617, CVE-2020-29619, CVE-2020-27912, CVE-2020-27923, CVE-2020-10015, CVE-2020-27897, CVE-2020-27907, CVE-2020-9974, CVE-2020-10016, CVE-2020-9967, CVE-2020-9975, CVE-2020-27921, CVE-2020-27949, CVE-2020-29620, CVE-2020-27911, CVE-2020-27920, CVE-2020-27926, CVE-2020-10014, CVE-2020-10010, CVE-2020-13524, CVE-2020-10004, CVE-2020-27901, CVE-2020-10007, CVE-2020-10012, CVE-2020-27896, CVE-2020-10009, CVE-2020-15969, CVE-2020-27898
- Affected OS : iOS and iPadOS
- Affected Features: App Store, CoreAudio, FontParser, ImageIO, Security, Security
- Impact : Arbitrary Code Execution, Authentication Bypass, Information Disclosure, Memory Corruption
- CVEs : CVE-2020-29613, CVE-2020-27948, CVE-2020-27946, CVE-2020-27943, CVE-2020-27944, CVE-2020-29617, CVE-2020-29619, CVE-2020-29618, CVE-2020-29611, CVE-2020-27951, CVE-2020-15969
- Affected OS: macOS Big Sur
- Affected features: Profile Manager
- Impact: Open redirection, Cross-site scripting
- CVEs: CVE-2020-9995
- Affected OS: macOS Catalina and Mojave
- Affected features: WebRTC
- Impact: Arbitrary code execution
- CVEs: CVE-2020-15969
- Product: Apple TV 4K and Apple TV HD
- Affected features: CoreAudio, FontParser, ImageIO, WebRTC
- Impact: Arbitrary Code Execution, Information Disclosure, Memory Corruption
- CVEs: CVE-2020-27948, CVE-2020-27946, CVE-2020-27943, CVE-2020-27944, CVE-2020-29617, CVE-2020-29619, CVE-2020-29618, CVE-2020-29611, CVE-2020-15969
- Product: Apple Watch
- Affected features: Security, CoreAudio, FontParser, ImageIO, WebRTC
- Impact: Code Execution, Information Disclosure, Memory Corruption
- CVEs: CVE-2020-27951, CVE-2020-27948, CVE-2020-27946, CVE-2020-27943, CVE-2020-27944, CVE-2020-29617, CVE-2020-29619, CVE-2020-29618, CVE-2020-29611, CVE-2020-27951, CVE-2020-15969
SecPod SanerNow detects these vulnerabilities and automatically fixes them by applying security updates. Download SanerNow and keep your systems updated and secure.