CVE-2020-9945
https://notcve.org/view.php?id=CVE-2020-9945
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, Safari 14.0.1. Visiting a malicious website may lead to address bar spoofing. Se presentaba un problema de "spoofing" en el manejo de las URL. • http://seclists.org/fulldisclosure/2020/Dec/32 https://support.apple.com/en-us/HT211931 https://support.apple.com/en-us/HT211934 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVE-2020-9922
https://notcve.org/view.php?id=CVE-2020-9922
A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted email may lead to writing arbitrary files. Se abordó un problema lógico con una administración de estado mejorada. Este problema se corrigió en macOS Catalina versión 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. • https://github.com/Wowfunhappy/Fix-Apple-Mail-CVE-2020-9922 https://support.apple.com/en-us/HT211289 •
CVE-2020-9942
https://notcve.org/view.php?id=CVE-2020-9942
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing. Se abordó un problema de inconsistencia de la interfaz de usuario con una administración de estado mejorada. Este problema se corrigió en MacOS Big Sur versión 11.0.1, Safari versión 13.1.2. • http://seclists.org/fulldisclosure/2020/Dec/32 https://support.apple.com/en-us/HT211292 https://support.apple.com/en-us/HT211931 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVE-2020-27931 – Apple macOS libFontParser TwOFFStream TTF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-27931
A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0. Processing a maliciously crafted font file may lead to arbitrary code execution. Se presentó un problema de corrupción de memoria en un procesamiento de archivos de fuentes. • https://support.apple.com/en-us/HT211843 https://support.apple.com/en-us/HT211844 https://support.apple.com/en-us/HT211850 https://support.apple.com/en-us/HT211931 https://support.apple.com/en-us/HT212011 • CWE-787: Out-of-bounds Write •
CVE-2020-27897 – Apple macOS Kernel Command 0x10007 Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-27897
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de escritura fuera de límites con una comprobación de límites mejorada. Este problema es corregido en macOS Big Sur versión 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur versión 11.0.1. • https://support.apple.com/en-us/HT211931 https://support.apple.com/en-us/HT212011 https://www.zerodayinitiative.com/advisories/ZDI-21-486 • CWE-787: Out-of-bounds Write •