Multiple vulnerabilities have been discovered in iCloud for Windows, Safari, macOS, and Windows Migration Assistance. The most severe of these vulnerabilities could allow for arbitrary code execution.
- Safari is a web browser available for macOS.
- macOS is a desktop operating system for Macintosh computers
- iCloud is a cloud storage service.
- Windows Migration Assistance allows for migrating files from Windows to Mac.
Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Successful exploitation of these vulnerabilities could allow the attacker to execute remote code on the affected system.
THREAT INTELLIGENCE:
There are currently no reports of these vulnerabilities being exploited in the wild.
- macOS prior to Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra
- Windows Migration Assistant prior to 2.2.0.0
- Safari prior to 13.1.1
- iCloud for Windows prior to 11.2
- iCloud for Windows prior to 7.19
Multiple vulnerabilities have been discovered in iCloud for Windows, iTunes for Windows, iOS, iPadOS, Safari, watchOS, tvOS, macOS, and Xcode. The most severe of these vulnerabilities could allow for arbitrary code execution. Details of these vulnerabilities are as follows:
- A dynamic library loading issue was addressed with improved path searching.(CVE-2020-9858)
- A logic issue was addressed with improved restrictions.(CVE-2020-9805, CVE-2020-9801, CVE-2020-9850, CVE-2020-9802)
- A logic issue was addressed with improved restrictions.(CVE-2020-9805, CVE-2020-9850, CVE-2020-9802)
- A race condition was addressed with improved state handling.(CVE-2020-9839)
- An issue existed in the handling of environment variables. This issue was addressed with improved validation.(CVE-2019-1486)
- A denial of service issue was addressed with improved input validation.(CVE-2020-9827, CVE-2020-9826)
- An integer overflow was addressed with improved input validation.(CVE-2020-9841, CVE-2020-9852)
- An out-of-bounds read was addressed with improved input validation.(CVE-2020-9832, CVE-2020-3878, CVE-2020-9828, CVE-2020-9791)
- A type confusion issue was addressed with improved memory handling.(CVE-2020-9800)
- A memory corruption issue was addressed with improved state management.(CVE-2020-9808, CVE-2020-9821, CVE-2020-9830)
- An information disclosure issue was addressed by removing the vulnerable code.(CVE-2020-9797)
- An authorization issue was addressed with improved state management.(CVE-2019-20044)
- A logic issue existed resulting in memory corruption. This was addressed with improved state management.(CVE-2020-9813, CVE-2020-9814)
- A double free issue was addressed with improved memory management.(CVE-2020-9844)
- An out-of-bounds read was addressed with improved bounds checking.(CVE-2020-9815, CVE-2020-9831, CVE-2020-979, CVE-2020-9837, CVE-2020-9847)
- A memory corruption issue was addressed with improved validation.(CVE-2020-9803)
- A permissions issue existed. This issue was addressed with improved permission validation.(CVE-2020-9817)
- An out-of-bounds read was addressed with improved input validation.(CVE-2020-3878)
- An access issue was addressed with improved memory management.(CVE-2019-20503)
- An issue existed in the parsing of URLs. This issue was addressed with improved input validation.(CVE-2020-9857)
- A memory corruption issue was addressed with improved input validation.(CVE-2020-9834, CVE-2020-979)
- An access issue was addressed with improved access restrictions.(CVE-2020-9851)
- This issue was addressed with improved checks.(CVE-2020-3882, CVE-2020-9856)
- An information disclosure issue was addressed with improved state management.(CVE-2020-9811, CVE-2020-9809, CVE-2020-9812)
- An access issue was addressed with additional sandbox restrictions.(CVE-2020-9825)
- A use after free issue was addressed with improved memory management.(CVE-2020-9795)
- This issue was addressed with a new entitlement.(CVE-2020-9771)
- A memory initialization issue was addressed with improved memory handling.(CVE-2020-9833)
- A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.(CVE-2020-9855)
- An out-of-bounds write issue was addressed with improved bounds checking.(CVE-2020-9789, CVE-2020-9790)
- An out-of-bounds write issue was addressed with improved bounds checking.(CVE-2020-9822, CVE-2020-9816, CVE-2020-9790, CVE-2020-9789)
- An entitlement parsing issue was addressed with improved parsing.(CVE-2020-9842)
- An input validation issue was addressed with improved input validation.(CVE-2020-9843)
- A validation issue was addressed with improved input sanitization.(CVE-2020-9792, CVE-2020-9788)
- An out-of-bounds read was addressed with improved bounds checking.(CVE-2020-979)
- A memory corruption issue was addressed with improved state management.(CVE-2020-9806, CVE-2020-9807)
- A logic issue was addressed with improved restrictions.(CVE-2020-9824, CVE-2020-9804, CVE-2020-9772)
Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Successful exploitation of these vulnerabilities could allow the attacker to execute remote code on the affected system.
- After appropriate testing, immediately apply patches provided by Apple to vulnerable.
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
- Remind users not to download, accept, or execute files from un-trusted or unknown sources.
- Remind users not to visit untrusted websites or follow links provided by unknown or un-trusted sources.
- Apply the Principle of Least Privilege to all systems and services.
Apple:
https://support.apple.com/en-us/HT211170
https://support.apple.com/en-us/HT211177
https://support.apple.com/en-us/HT211179
https://support.apple.com/en-us/HT211181
https://support.apple.com/en-us/HT211186
CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14868
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20503
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3878
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3882
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9795
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9805
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9806
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9811
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9816
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9843
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9844
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9851
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9852
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9855
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9856