Severity Rating: High
Software Affected
•Apple macOS Catalina versions prior to 10.15.4
•Apple macOS Mojave versions prior to 10.14.6
•Apple macOS High Sierra versions prior to 10.13.6
Overview
Multiple vulnerabilities have been reported in Apple macOS which could be
exploited by an attacker to execute arbitrary code, bypass security
restrictions, disclose sensitive information, gain elevated privileges,
cause a kernel panic or cause denial of service conditions.
Description
Multiple vulnerabilities exist in Apple macOS due to improper validation of
user-supplied input, error while parsing input, memory corruption issues,
improper bounds checking, improper state management, out-of-bounds read
errors, out-of-bounds write errors, use-after-free error, logic issues
while applying restrictions, or improper validation of symlinks. A remote
attacker could exploit these vulnerabilities by persuading the user to open
a specially crafted webpage.
Successful exploitation of these vulnerabilities could allow the attacker
to execute arbitrary code, bypass security restrictions, disclose sensitive
information, gain elevated privileges, cause a kernel panic or cause denial
of service conditions.
Solution
Apply appropriate security updates as mentioned in the Apple Security
Update
Vendor Information
Apple
References
Apple
CVE Name
CVE-2020-9827
CVE-2020-9772
CVE-2020-9826
CVE-2020-9842
CVE-2020-9804
CVE-2020-9815
CVE-2020-9856
CVE-2020-9791
CVE-2020-9831
CVE-2020-3882
CVE-2020-9847
CVE-2020-9855
CVE-2020-9816
CVE-2020-3878
CVE-2020-9789
CVE-2020-9790
CVE-2020-9822
CVE-2020-9837
CVE-2020-9821
CVE-2020-9797
CVE-2020-9852
CVE-2020-9795
CVE-2020-9808
CVE-2020-9811
CVE-2020-9812
CVE-2020-9813
CVE-2020-9814
CVE-2020-9809
CVE-2019-14868
CVE-2020-9857
CVE-2020-9817
CVE-2020-9851
CVE-2020-9793
CVE-2020-9825
CVE-2020-9771
CVE-2020-9788
CVE-2020-9824
CVE-2020-9794
CVE-2020-9839
CVE-2020-9792
CVE-2020-9844
CVE-2020-9830
CVE-2020-9834
CVE-2020-9833
CVE-2020-9832
CVE-2020-9841
CVE-2019-20044
CVE-2020-9828
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.
![Fwd: [CIVN-2020-0192] Remote code execution vulnerability in VMware Cloud Director](http://3.bp.blogspot.com/-ZRo8fwgs65M/UZC2jMJpcLI/AAAAAAAAC5Y/EfoFQsr1wzU/s1600/BS+No+Image.gif )