Apple Security Updates January 2020

Apple released security updates for multiple products today. A total of 46 vulnerabilities were addressed. Exploitation of some of these security flaws could allow an attacker to take control of an affected system.

The update for macOS includes fixes for 33 vulnerabilities which could allow an attacker to execute arbitrary code with kernel privileges, cause unexpected termination of application, leak memory, gain access to restricted files, determine kernel memory layout, gain elevated privileges, overwrite arbitrary files, corrupt kernel memory, etc. The update also includes fix for a PHP remote code execution bug which was exploited in-the-wild in October 2019.

Two vulnerabilities have been fixed in Apple Safari. An address bar spoofing attack could be launched by tricking a user into visiting a malicious website using the vulnerable browser. Also, a local user can be tricked into sending a password unencrypted over the network.

A faulty permissions logic issue in Apple iTunes could be used by an attacker to gain access to protected parts of the file system. This vulnerability which affects Windows 7 and later, was addressed with improved permissions logic.

Apple Security Updates Summary for January 2020:


  • Affected OS : macOS Catalina, Mojave and High Sierra
  • Affected features : AnnotationKit, Audio, CoreBluetooth, Crash Reporter, IOAcceleratorFamily, IPSec, Image Processing, ImageIO, Intel Graphics Driver, Kernel, PackageKit, Security, System, Wi-Fi, apache_mod_php, autofs, libxml2, libxpc, sudo, wifivelocityd
  • Impact : Information Disclosure, Arbitrary Code Execution, Denial of Service, Privilege Escalation
  • CVEs : CVE-2019-11043, CVE-2019-18634, CVE-2020-3826, CVE-2020-3827, CVE-2020-3829, CVE-2020-3830, CVE-2020-3835, CVE-2020-3836, CVE-2020-3837, CVE-2020-3838, CVE-2020-3839, CVE-2020-3840, CVE-2020-3842, CVE-2020-3843, CVE-2020-3845, CVE-2020-3846, CVE-2020-3847, CVE-2020-3848, CVE-2020-3849, CVE-2020-3850, CVE-2020-3853, CVE-2020-3854, CVE-2020-3855, CVE-2020-3856, CVE-2020-3857, CVE-2020-3866, CVE-2020-3870, CVE-2020-3871, CVE-2020-3872, CVE-2020-3875, CVE-2020-3877, CVE-2020-3878


  • Affected OS : macOS Mojave, macOS High Sierra, and macOS Catalina
  • Affected features : Safari, Safari Login AutoFill
  • Impact : Information Disclosure, Spoofing
  • CVEs : CVE-2020-3833, CVE-2020-3841


  • Affected OS : Windows 7 and later
  • Affected features : Mobile Device Service
  • Impact : Unauthorized access to protected parts of the file system
  • CVEs : CVE-2020-3861


  • Affected OS : Apple TV 4K and Apple TV HD
  • Affected features : Audio, IOAcceleratorFamily, IPSec, ImageIO, Kernel, WebKit, libxpc, wifivelocityd
  • Impact : Information Disclosure, Arbitrary Code Execution, Privilege Escalation
  • CVEs : CVE-2020-3829, CVE-2020-3836, CVE-2020-3837, CVE-2020-3838, CVE-2020-3840, CVE-2020-3842, CVE-2020-3853, CVE-2020-3856, CVE-2020-3857, CVE-2020-3868, CVE-2020-3870, CVE-2020-3872, CVE-2020-3875, CVE-2020-3878


  • Affected OS : watchOS
  • Affected features : AnnotationKit, Audio, IOAcceleratorFamily, ImageIO, Kernel, libxpc, wifivelocityd
  • Impact : Arbitrary Code Execution, Privilege Escalation, Denial of Service, Information Disclosure
  • CVEs : CVE-2020-3829, CVE-2020-3834, CVE-2020-3836, CVE-2020-3837, CVE-2020-3838, CVE-2020-3842, CVE-2020-3853, CVE-2020-3856, CVE-2020-3857, CVE-2020-3860, CVE-2020-3870, CVE-2020-3872, CVE-2020-3875, CVE-2020-3877, CVE-2020-3878

iOS and iPadOS

  • Affected OS : iOS and iPadOS
  • Affected features : Audio, FaceTime, IOAcceleratorFamily, IPSec, ImageIO, Kernel, Mail, Messages, Phone, Safari Login AutoFill, Screenshots, libxpc, wifivelocityd
  • Impact : Arbitrary Code Execution, Privilege Escalation, Information Disclosure
  • CVEs : CVE-2020-3828, CVE-2020-3829, CVE-2020-3831, CVE-2020-3836, CVE-2020-3837, CVE-2020-3838, CVE-2020-3840, CVE-2020-3841, CVE-2020-3842, CVE-2020-3844, CVE-2020-3853, CVE-2020-3856, CVE-2020-3857, CVE-2020-3858, CVE-2020-3859, CVE-2020-3860, CVE-2020-3869, CVE-2020-3870, CVE-2020-3872, CVE-2020-3873, CVE-2020-3874, CVE-2020-3875, CVE-2020-3878

SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download SanerNow and keep your systems updated and secure.

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 vote
Article Rating
Notify of
Inline Feedbacks
View all comments