Apple released security updates for multiple products. A total of 59 vulnerabilities were addressed. The exploitation of some of these security flaws could allow an attacker to take control of an affected system.
The update for macOS includes fixes for 48 vulnerabilities which could allow an attacker to execute arbitrary code with kernel privileges, cause a denial of service, system termination or write kernel memory, leak memory, gain access to restricted files, bypass privacy preferences, gain elevated privileges, overwrite arbitrary files or corrupt memory.
A fix was released for dynamic library loading issue when running the installer in an untrusted directory in the Windows Migration Assistant. Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code.
A total of 10 vulnerabilities have been fixed in Apple Safari. The flaw exists while processing maliciously crafted web content. Successful exploitation may allow an attacker to execute arbitrary code.
Multiple vulnerabilities have been fixed in Apple iCloud for Windows 7 and Windows 10. Successful exploitation may allow an attacker to execute arbitrary code and may also cause a denial of service or potentially disclose memory contents.
Apple Security Updates Summary for May 2020:
- Affected OS: macOS Catalina, Mojave, and High Sierra
- Affected features: AirDrop, AppleMobileFileIntegrity, AppleUSBNetworking, Audio, Bluetooth, Calendar, CoreBluetooth, CVMS, DiskArbitration, Find My, FontParser, ImageIO, Intel Graphics Driver, IPSec, Kernel, Ksh, NSURL, PackageKit, Python, Sandbox, Security, SIP, SQLite, System Preferences, USB Audio, Wi-Fi, WindowServer, zsh
- Impact: Information Disclosure, Privilege Escalation, arbitrary code execution, memory corruption
- CVEs: CVE-2019-14868, CVE-2019-20044, CVE-2020-3878, CVE-2020-3882, CVE-2020-9771, CVE-2020-9772, CVE-2020-9788 – CVE-2020-9795, CVE-2020-9797, CVE-2020-9804, CVE-2020-9808, CVE-2020-9809, CVE-2020-9811 – CVE-2020-9817, CVE-2020-9821, CVE-2020-9822, CVE-2020-9824 – CVE-2020-9828, CVE-2020-9830 – CVE-2020-9834, CVE-2020-9837, CVE-2020-9839 – CVE-2020-9842, CVE-2020-9844, CVE-2020-9847, CVE-2020-9851, CVE-2020-9852, CVE-2020-9855 – CVE-2020-9857
- Affected OS: macOS Catalina
- Affected features: Windows Installer
- Impact: Arbitrary code execution
- CVEs: CVE-2020-9858
- Product: Safari
- Affected OS: macOS Mojave, macOS High Sierra, and macOS Catalina
- Affected features: WebKit, WebRTCImpact: Arbitrary code execution, Information Disclosure, Cross-Site scripting
- CVEs: CVE-2019-20503, CVE-2020-9800 – CVE-2020-9803, CVE-2020-9805 – CVE-2020-9807, CVE-2020-9843, CVE-2020-9850
- Product: iCloud
- Affected OS: Windows 7 and Windows 10
- Affected features: ImageIO, SQLite, WebKit
- Impact: Arbitrary Code Execution, Cross-Site scripting, Denial of service
- CVEs: CVE-2020-3878 – CVE-2020-9790, CVE-2020-9794, CVE-2020-9800, CVE-2020-9802, CVE-2020-9803, CVE-2020-9805 – CVE-2020-9807, CVE-2020-9843, CVE-2020-9850