You are currently viewing Apple Critical Security Updates December 2020

Apple Critical Security Updates December 2020

  • Post author:
  • Reading time:4 mins read

Apple released security updates for multiple products. The exploitation of some of these security flaws will allow an attacker to crash the application or potentially control affected systems. However, a patch management solution can stop the exploitation.

The Apple Security updates for macOS include fixes for 59 vulnerabilities, which came to light using a vulnerability scanning tool, which could allow an attacker to execute arbitrary code with kernel or system privileges, gain elevated privileges, bypass privacy preferences, read restricted memory, cause unexpected application termination or heap corruption, disclose process memory, read arbitrary files, etc.

An improper input validation issue existed in the parsing of URLs of the macOS Server. The flaw could be used by an attacker to conduct open redirect or cross-site scripting attacks. This vulnerability, which affects macOS Big Sur, was addressed with improved input validation.

A Use-After-Free vulnerability has been fixed in Apple Safari. Processing of maliciously crafted web content may allow attackers to launch arbitrary code execution. The issue was fixed by improving memory management.


Apple Security Updates Summary for December 2020

macOS

  • Affected OS: macOS Big Sur, Catalina, and Mojave
  • Affected features: AMD, App Store, AppleGraphicsControl, AppleMobileFileIntegrity, Audio, Bluetooth, CoreAudio, FontParser, Graphics Drivers, HomeKit, Image Processing, ImageIO, Intel Graphics Driver, libxml2, Kernel, libxpc, Logging, Model I/O, NSRemoteView, Power Management, Quick Look, Ruby, System Preferences, WebRTC, Wi-Fi
  • Impact: Information Disclosure, Privilege Escalation, Arbitrary code execution, Security Bypass, Memory Corruption, Cross site scripting, File System Modification
  • CVEs: CVE-2020-27914, CVE-2020-27915, CVE-2020-27903, CVE-2020-27941, CVE-2020-29621, CVE-2020-27910, CVE-2020-9943, CVE-2020-9944, CVE-2020-27916, CVE-2020-27906, CVE-2020-27948, CVE-2020-9960, CVE-2020-27908, CVE-2020-10017, CVE-2020-27922, CVE-2020-27946, CVE-2020-9962, CVE-2020-27952, CVE-2020-9956, CVE-2020-27931, CVE-2020-27943, CVE-2020-27944, CVE-2020-10002, CVE-2020-27947, CVE-2020-29612, CVE-2020-9978, CVE-2020-27919, CVE-2020-29616, CVE-2020-27924, CVE-2020-29618, CVE-2020-29611, CVE-2020-29617, CVE-2020-29619, CVE-2020-27912, CVE-2020-27923, CVE-2020-10015, CVE-2020-27897, CVE-2020-27907, CVE-2020-9974, CVE-2020-10016, CVE-2020-9967, CVE-2020-9975, CVE-2020-27921, CVE-2020-27949, CVE-2020-29620, CVE-2020-27911, CVE-2020-27920, CVE-2020-27926, CVE-2020-10014, CVE-2020-10010, CVE-2020-13524, CVE-2020-10004, CVE-2020-27901, CVE-2020-10007, CVE-2020-10012, CVE-2020-27896, CVE-2020-10009, CVE-2020-15969 and then CVE-2020-27898

iOS and iPadOS

  • Affected OS : iOS and iPadOS
  • Affected Features: App Store, CoreAudio, FontParser, ImageIO, Security, Security
  • Impact : Arbitrary Code Execution, Authentication Bypass, Information Disclosure, Memory Corruption
  • CVEs : CVE-2020-29613, CVE-2020-27948, CVE-2020-27946, CVE-2020-27943, CVE-2020-27944, CVE-2020-29617, CVE-2020-29619, CVE-2020-29618, CVE-2020-29611, CVE-2020-27951 and then CVE-2020-15969

macOS Server

  • Affected OS: macOS Big Sur
  • Affected features: Profile Manager
  • Impact: Open redirection, Cross-site scripting
  • CVEs: CVE-2020-9995

Safari

  • Affected OS: macOS Catalina and Mojave
  • Affected features: WebRTC
  • Impact: Arbitrary code execution
  • CVEs: CVE-2020-15969

tvOS

  • Product: Apple TV 4K and Apple TV HD
  • Affected features: CoreAudio, FontParser, ImageIO, WebRTC
  • Impact: Arbitrary Code Execution, Information Disclosure, Memory Corruption
  • CVEs: CVE-2020-27948, CVE-2020-27946, CVE-2020-27943, CVE-2020-27944, CVE-2020-29617, CVE-2020-29619, CVE-2020-29618, CVE-2020-29611 and then CVE-2020-15969

watchOS

  • Product: Apple Watch
  • Affected features: Security, CoreAudio, FontParser, ImageIO, WebRTC
  • Impact: Code Execution, Information Disclosure, Memory Corruption
  • CVEs: CVE-2020-27951, CVE-2020-27948, CVE-2020-27946, CVE-2020-27943, CVE-2020-27944, CVE-2020-29617, CVE-2020-29619, CVE-2020-29618, CVE-2020-29611, CVE-2020-27951 and then CVE-2020-15969

SecPod SanerNow detects these vulnerabilities and automatically fixes them by applying security updates. Download SanerNow and keep your systems updated and secure.