Malware Devil

Loading...

Monday, November 16, 2020

ESB-2020.4060 – [Mac] macOS Big Sur: Multiple vulnerabilities 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.4060
                APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1
                             16 November 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           macOS Big Sur
Publisher:         Apple
Operating System:  Mac OS
Impact/Access:     Root Compromise                 -- Remote with User Interaction
                   Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Increased Privileges            -- Existing Account            
                   Denial of Service               -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Unauthorised Access             -- Existing Account            
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-27950 CVE-2020-27932 CVE-2020-27930
                   CVE-2020-27927 CVE-2020-27918 CVE-2020-27917
                   CVE-2020-27916 CVE-2020-27912 CVE-2020-27911
                   CVE-2020-27910 CVE-2020-27906 CVE-2020-27904
                   CVE-2020-27903 CVE-2020-27900 CVE-2020-27898
                   CVE-2020-27896 CVE-2020-27894 CVE-2020-15358
                   CVE-2020-14155 CVE-2020-13631 CVE-2020-13630
                   CVE-2020-13524 CVE-2020-13435 CVE-2020-13434
                   CVE-2020-10663 CVE-2020-10017 CVE-2020-10016
                   CVE-2020-10014 CVE-2020-10012 CVE-2020-10010
                   CVE-2020-10009 CVE-2020-10007 CVE-2020-10006
                   CVE-2020-10004 CVE-2020-10003 CVE-2020-10002
                   CVE-2020-9999 CVE-2020-9996 CVE-2020-9991
                   CVE-2020-9989 CVE-2020-9988 CVE-2020-9977
                   CVE-2020-9974 CVE-2020-9969 CVE-2020-9966
                   CVE-2020-9965 CVE-2020-9963 CVE-2020-9949
                   CVE-2020-9945 CVE-2020-9944 CVE-2020-9943
                   CVE-2020-9942 CVE-2020-9941 CVE-2020-9883
                   CVE-2020-9876 CVE-2020-9849 CVE-2019-20838
                   CVE-2019-14899  

Reference:         ASB-2020.0186
                   ESB-2020.3919
                   ESB-2020.3918
                   ESB-2020.3911
                   ESB-2020.3909
                   ESB-2020.3884
                   ESB-2020.2879

Original Bulletin: 
   https://support.apple.com/HT211931

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1

macOS Big Sur 11.0.1 addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT211931.

App Store
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable
code.
CVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab

Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-
Year Lab

Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab

Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab

Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab

Bluetooth
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause unexpected application
termination or heap corruption
Description: Multiple integer overflows were addressed with improved
input validation.
CVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab

CoreAudio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Security Light-Year Lab

CoreCapture
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9949: Proteas

CoreGraphics
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro

Crash Reporter
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local attacker may be able to elevate  their privileges
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed with improved path sanitization.
CVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan

CoreText
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9999: Mickey Jin & Junzhi Lu of Trend Micro

Disk Images
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9965: Proteas
CVE-2020-9966: Proteas

Finder
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Users may be unable to remove metadata indicating where files
were downloaded from
Description: The issue was addressed with additional user controls.
CVE-2020-27894: Manuel Trezza of Shuggr (shuggr.com)

FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution. Apple is aware of reports that an exploit for this
issue exists in the wild.
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2020-27930: Google Project Zero

FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab

Foundation
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local user may be able to read arbitrary files
Description: A logic issue was addressed with improved state
management.
CVE-2020-10002: James Hutchins

ImageIO
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab

ImageIO
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9876: Mickey Jin of Trend Micro

Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue existed resulting in memory corruption.
This was addressed with improved state management.
CVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqong
Security Lab

Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An attacker in a privileged network position may be able to
inject into active connections within a VPN tunnel
Description: A routing issue was addressed with improved
restrictions.
CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R.
Crandall

Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to disclose kernel
memory. Apple is aware of reports that an exploit for this issue
exists in the wild.
Description: A memory initialization issue was addressed.
CVE-2020-27950: Google Project Zero

Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-9974: Tommy Muir (@Muirey03)

Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-10016: Alex Helie

Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges. Apple is aware of reports that an exploit for
this issue exists in the wild.
Description: A type confusion issue was addressed with improved state
handling.
CVE-2020-27932: Google Project Zero

libxml2
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27917: found by OSS-Fuzz

libxml2
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2020-27911: found by OSS-Fuzz

libxpc
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to break out of its
sandbox
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2020-10014:  Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab

Logging
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local attacker may be able to elevate their privileges
Description: A path handling issue was addressed with improved
validation.
CVE-2020-10010: Tommy Muir (@Muirey03)

Mail
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to unexpectedly alter
application state
Description: This issue was addressed with improved checks.
CVE-2020-9941: Fabian Ising of FH Münster University of Applied
Sciences and Damian Poddebniak of FH Münster University of Applied
Sciences

Messages
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local user may be able to discover a userâx{128}x{153}s deleted
messages
Description: The issue was addressed with improved deletion.
CVE-2020-9988: William Breuer of the Netherlands
CVE-2020-9989: von Brunn Media

Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-13524: Aleksandar Nikolic of Cisco Talos

Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-10004: Aleksandar Nikolic of Cisco Talos

NetworkExtension
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to elevate privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and
Mickey Jin of Trend Micro

NSRemoteView
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to preview files it does
not have access to
Description: An issue existed in the handling of snapshots. The issue
was resolved with improved permissions logic.
CVE-2020-27900: Thijs Alkemade of Computest Research Division

PCRE
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Multiple issues in pcre
Description: Multiple issues were addressed by updating to version
8.44.
CVE-2019-20838
CVE-2020-14155

Power Management
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved state
management.
CVE-2020-10007: singi@theori working with Trend Micro Zero Day
Initiative

python
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Cookies belonging to one origin may be sent to another origin
Description: Multiple issues were addressed with improved logic.
CVE-2020-27896: an anonymous researcher

Quick Look
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious app may be able to determine the existence of
files on the computer
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security

Quick Look
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing a maliciously crafted document may lead to a cross
site scripting attack
Description: An access issue was addressed with improved access
restrictions.
CVE-2020-10012: Heige of KnownSec 404 Team
(https://www.knownsec.com/) and Bo Qu of Palo Alto Networks
(https://www.paloaltonetworks.com/)

Ruby
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to modify the file system
Description: A path handling issue was addressed with improved
validation.
CVE-2020-27896: an anonymous researcher

Ruby
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: When parsing certain JSON documents, the json gem can be
coerced into creating arbitrary objects in the target system
Description: This issue was addressed with improved checks.
CVE-2020-10663: Jeremy Evans

Safari
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A spoofing issue existed in the handling of URLs. This
issue was addressed with improved input validation.
CVE-2020-9945: Narendra Bhati From Suma Soft Pvt. Ltd. Pune (India)
@imnarendrabhati

Safari
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to determine a user's
open tabs in Safari
Description: A validation issue existed in the entitlement
verification. This issue was addressed with improved validation of
the process entitlement.
CVE-2020-9977: Josh Parnham (@joshparnham)

Safari
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2020-9942: an anonymous researcher, Rahul d Kankrale
(servicenger.com), Rayyan Bijoora (@Bijoora) of The City School, PAF
Chapter, Ruilin Yang of Tencent Security Xuanwu Lab, YoKo Kho
(@YoKoAcc) of PT Telekomunikasi Indonesia (Persero) Tbk, Zhiyang
Zeng(@Wester) of OPPO ZIWU Security Lab

Sandbox
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A local user may be able to view senstive user information
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-9969: Wojciech ReguÃ…x{130}a of SecuRing (wojciechregula.blog)

SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-9991

SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to leak memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9849

SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating SQLite to
version 3.32.3.
CVE-2020-15358

SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A maliciously crafted SQL query may lead to data corruption
Description: This issue was addressed with improved checks.
CVE-2020-13631

SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-13434
CVE-2020-13435
CVE-2020-9991

SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-13630

System Preferences
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved state
management.
CVE-2020-10009: Thijs Alkemade of Computest Research Division

WebKit
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-27918: an anonymous researcher

Wi-Fi
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: An attacker may be able to bypass Managed Frame Protection
Description: A denial of service issue was addressed with improved
state handling.
CVE-2020-27898: Stephan Marais of University of Johannesburg

Xsan
Available for: Mac Pro (2013 and later), MacBook Air (2013 and
later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later),
iMac (2014 and later), MacBook (2015 and later), iMac Pro (all
models)
Impact: A malicious application may be able to access restricted
files
Description: This issue was addressed with improved entitlements.
CVE-2020-10006: Wojciech ReguÃ…x{130}a (@_r3ggi) of SecuRing

Additional recognition

Audio
We would like to acknowledge JunDong Xie and XingWei Lin of Ant-
financial Light-Year Security Lab, an anonymous researcher for their
assistance.

Bluetooth
We would like to acknowledge Dennis Heinze (@ttdennis) of TU
Darmstadt, Secure Mobile Networking Lab for their assistance.

Clang
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.

Core Location
We would like to acknowledge YiÄx{159}it Can YILMAZ (@yilmazcanyigit) for
their assistance.

Directory Utility
We would like to acknowledge Wojciech ReguÃ…x{130}a (@_r3ggi) of SecuRing
for their assistance.

iAP
We would like to acknowledge Andy Davis of NCC Group for their
assistance.

Kernel
We would like to acknowledge Brandon Azad of Google Project Zero,
Stephen Röttger of Google for their assistance.

Login Window
We would like to acknowledge Rob Morton of Leidos for their
assistance.

Photos Storage
We would like to acknowledge Paulos Yibelo of LimeHats for their
assistance.

Quick Look
We would like to acknowledge Csaba Fitzl (@theevilbit) and Wojciech
ReguÃ…x{130}a of SecuRing (wojciechregula.blog) for their assistance.

Safari
We would like to acknowledge Gabriel Corona and Narendra Bhati From
Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati for their
assistance.

Security
We would like to acknowledge Christian Starkjohann of Objective
Development Software GmbH for their assistance.

System Preferences
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.

Installation note:

macOS Big Sur 11.0.1 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+uxpgACgkQZcsbuWJ6
jjAP3Q/6AvM2UcU/A8Ij+ik4Z1LiQRGe68fDBoBXES2sEWd9UF3sbM8rfOy6eo4O
KzERdlr1I2JRXY4QoTNnO2k0HFhJyj/pQQtm23PlyH6bKmE4pT7KFjngWlvIkp3J
q6JqnmGP628kRdo6NXPUQ1d4xdJ9Q2UT5ND/IDc8sKSk4Y4tdeY9iiZGakmnoPU+
ZBS59GDXmLObm1yOmww0bSTwm2aUd9BMAdiV3PSUPd/6//aW1T6o8sWUAlDMjLUA
u70gbqvwsjDVhPyQpAdmhzBR+VYVNoVbAkV3WvaqA4Wyf1BT/GFvJ5qZPbKJ8RsF
EL+QJsrqswgHCvweuMISPlzt+AIQSYL6nW7f+vP5W0bjS+xeRxWw5Kswm8zQWZBw
ylrRA3npjlJ1SKjPBCyi8uFZJh+Ob5qk4L0Z3L7pMMnAypYvxkxfqdoYbpajekvn
k4lTtbeKSomV12IBcOddqIUv2LTBcifMF+kN2hg9XfuTJlUByHy9y5bIkUtm506C
4nh1pGjhncD4v4ZggM8r7yqFkHUGDhnN/SQ6aKZhJtgI26kXZm5YsGsZnZPuh9CG
XjY2oeJDq6XcWz47lV6sEo1mBR7dqFNhZhz7UzN2c+ZiolIKoFpSGZ9tHP1lLj2S
woTYZ1YgWejKBF+TvggRbNoXljIX4e2BVORT3e0V42tDXE1SMYw=
=6zWD
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX7HW6uNLKJtyKPYoAQgNMRAApzynx/sH3QbGyv8ppDej04cYtOouyjTT
MJshhiHBf/WOw49i6Dp5/thEKwk+dwqnpNlz0oPoGjTgz//pSeJ9BLgOJSuaFrj9
4nZwxR+hKnOXqlGKXS9BbM8ZMn9MF1yaFJBC4L7pj48wx9PG4Od3WuRadFhWorFZ
NGNcFFTHM7AOLGlUee+Z1VPVZvEqXBco8JYsR4fQ9RJ7wvvyDCP0yUZkPAePPwQ5
kNh/eTFrYSyhJ9lOYhxxrcch0Lexwvs64z5QjKFGME1tKo6i+2BroSZUDKRUoMtW
jIbMoMel5btSkYh0ga3t/lZsFJVU2OnnyL4B1AmK51jwYLjDlfVJMFSrUWaYxmiv
PUyPGyduETbu0SvGkvzTewBKZwxNebBYiyqy5wtb/NZU7+aBxV5WlhxRqoYjErFl
+IDAU11bh+9/+6pZJrzINierVPDqSYi+vCRjvbB4E5FiF1w/IQbUfbixgl2Y0ET4
LsPS2iGA4cmHIt7DI5Hui/2Ui0UxDKsUptaUc/NFcFKvGMKHEK8j6UOXNmRwp2dz
Sunlg12UeEURyp+MLvnUhJ8mYT1Wp/z1zzvP6hUiT/jxV4l6CPE5EsBy8w4Mk4ff
sWiM3YAX/mTs6nnpJ9R9PK0w7AUWEknzcotNuo5/0j366lysE1+h2tE5KfGQDh9C
7zDeWNR9HM8=
=ZAaq
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.4060 – [Mac] macOS Big Sur: Multiple vulnerabilities appeared first on Malware Devil.



https://malwaredevil.com/2020/11/16/esb-2020-4060-mac-macos-big-sur-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-4060-mac-macos-big-sur-multiple-vulnerabilities
at No comments:
Labels:

ESB-2020.3181.2 – UPDATE [Apple iOS] iOS & iPadOS: Multiple vulnerabilities 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2020.3181.2
              APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0
                             16 November 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           iOS
                   iPadOS
Publisher:         Apple
Operating System:  Apple iOS
Impact/Access:     Root Compromise                 -- Existing Account            
                   Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Increased Privileges            -- Existing Account            
                   Access Privileged Data          -- Existing Account            
                   Cross-site Scripting            -- Remote with User Interaction
                   Denial of Service               -- Existing Account            
                   Reduced Security                -- Unknown/Unspecified         
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-15358 CVE-2020-13631 CVE-2020-13630
                   CVE-2020-13520 CVE-2020-13435 CVE-2020-13434
                   CVE-2020-10013 CVE-2020-9996 CVE-2020-9993
                   CVE-2020-9992 CVE-2020-9991 CVE-2020-9989
                   CVE-2020-9988 CVE-2020-9983 CVE-2020-9981
                   CVE-2020-9979 CVE-2020-9977 CVE-2020-9976
                   CVE-2020-9973 CVE-2020-9972 CVE-2020-9969
                   CVE-2020-9968 CVE-2020-9966 CVE-2020-9965
                   CVE-2020-9964 CVE-2020-9963 CVE-2020-9961
                   CVE-2020-9959 CVE-2020-9958 CVE-2020-9954
                   CVE-2020-9952 CVE-2020-9951 CVE-2020-9950
                   CVE-2020-9949 CVE-2020-9947 CVE-2020-9946
                   CVE-2020-9944 CVE-2020-9943 CVE-2020-9941
                   CVE-2020-9876 CVE-2020-9849 CVE-2020-9773
                   CVE-2020-6147 CVE-2019-14899 

Reference:         ESB-2020.1044
                   ESB-2020.1043
                   ESB-2020.1042
                   ESB-2020.1041

Original Bulletin: 
   https://support.apple.com/en-ie/HT211850

Revision History:  November  16 2020: Vendor added additional entries for 
                   multiple products and additional CVEs
                   September 17 2020: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2020-11-13-3 Additional information for
APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0

iOS 14.0 and iPadOS 14.0 addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT211850.

AppleAVD

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9958: Mohamed Ghannam (@_simo36)

Assets

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An attacker may be able to misuse a trust relationship to
download malicious content
Description: A trust issue was addressed by removing a legacy API.
CVE-2020-9979: CodeColorist of LightYear Security Lab of AntGroup
Entry updated November 12, 2020

Audio

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab
Entry added November 12, 2020

Audio

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab
Entry added November 12, 2020

CoreAudio

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Playing a malicious audio file may lead to arbitrary code
execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2020-9954: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Group Light-Year Security Lab
Entry added November 12, 2020

CoreCapture

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9949: Proteas
Entry added November 12, 2020

Disk Images

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9965: Proteas
CVE-2020-9966: Proteas
Entry added November 12, 2020

Icons

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to identify what other
applications a user has installed
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs

IDE Device Support

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An attacker in a privileged network position may be able to
execute arbitrary code on a paired device during a debug session over
the network
Description: This issue was addressed by encrypting communications
over the network to devices running iOS 14, iPadOS 14, tvOS 14, and
watchOS 7.
CVE-2020-9992: Dany Lisiansky (@DanyL931), Nikias Bassen of Zimperium
zLabs
Entry updated September 17, 2020

ImageIO

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab
Entry added November 12, 2020

ImageIO

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9876: Mickey Jin of Trend Micro
Entry added November 12, 2020

IOSurfaceAccelerator

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2020-9964: Mohamed Ghannam (@_simo36), Tommy Muir (@Muirey03)

Kernel

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An attacker in a privileged network position may be able to
inject into active connections within a VPN tunnel
Description: A routing issue was addressed with improved
restrictions.
CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R.
Crandall
Entry added November 12, 2020

Keyboard

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved state
management.
CVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany

libxml2

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9981: found by OSS-Fuzz
Entry added November 12, 2020

Mail

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to unexpectedly alter
application state
Description: This issue was addressed with improved checks.
CVE-2020-9941: Fabian Ising of FH Münster University of Applied
Sciences and Damian Poddebniak of FH Münster University of Applied
Sciences
Entry added November 12, 2020

Messages

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to discover a users deleted
messages
Description: The issue was addressed with improved deletion.
CVE-2020-9988: William Breuer of the Netherlands
CVE-2020-9989: von Brunn Media
Entry added November 12, 2020

Model I/O

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-13520: Aleksandar Nikolic of Cisco Talos
Entry added November 12, 2020

Model I/O

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2020-6147: Aleksandar Nikolic of Cisco Talos
CVE-2020-9972: Aleksandar Nikolic of Cisco Talos
Entry added November 12, 2020

Model I/O

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9973: Aleksandar Nikolic of Cisco Talos

NetworkExtension

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to elevate privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and
Mickey Jin of Trend Micro
Entry added November 12, 2020

Phone

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: The screen lock may not engage after the specified time
period
Description: This issue was addressed with improved checks.
CVE-2020-9946: Daniel Larsson of iolight AB

Quick Look

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious app may be able to determine the existence of
files on the computer
Description: The issue was addressed with improved handling of icon
caches.
CVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added November 12, 2020

Safari

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to determine a user's
open tabs in Safari
Description: A validation issue existed in the entitlement
verification. This issue was addressed with improved validation of
the process entitlement.
CVE-2020-9977: Josh Parnham (@joshparnham)
Entry added November 12, 2020

Safari

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Visiting a malicious website may lead to address bar spoofing
Description: The issue was addressed with improved UI handling.
CVE-2020-9993: Masato Sugiyama (@smasato) of University of Tsukuba,
Piotr Duszynski
Entry added November 12, 2020

Sandbox

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A local user may be able to view senstive user information
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-9969: Wojciech Regua of SecuRing (wojciechregula.blog)
Entry added November 12, 2020

Sandbox

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A malicious application may be able to access restricted
files
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9968: Adam Chester (@_xpn_) of TrustedSec
Entry updated September 17, 2020

Siri

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A person with physical access to an iOS device may be able to
view notification contents from the lockscreen
Description: A lock screen issue allowed access to messages on a
locked device. This issue was addressed with improved state
management.
CVE-2020-9959: an anonymous researcher, an anonymous researcher, an
anonymous researcher, an anonymous researcher, an anonymous
researcher, Andrew Goldberg The University of Texas at Austin,
McCombs School of Business, MeliÌh Kerem GÃ of LiÌv College, Sinan
Gulguler

SQLite

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-13434
CVE-2020-13435
CVE-2020-9991
Entry added November 12, 2020

SQLite

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to leak memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9849
Entry added November 12, 2020

SQLite

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating SQLite to
version 3.32.3.
CVE-2020-15358
Entry added November 12, 2020

SQLite

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A maliciously crafted SQL query may lead to data corruption
Description: This issue was addressed with improved checks.
CVE-2020-13631
Entry added November 12, 2020

SQLite

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-13630
Entry added November 12, 2020

WebKit

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9947: cc working with Trend Micro Zero Day Initiative
CVE-2020-9950: cc working with Trend Micro Zero Day Initiative
CVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos
Entry added November 12, 2020

WebKit

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9983: zhunki
Entry added November 12, 2020

WebKit

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9952: Ryan Pickren (ryanpickren.com)

Wi-Fi

Available for: iPhone 6s and later, iPod touch 7th generation, iPad
Air 2 and later, and iPad mini 4 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2020-10013: Yu Wang of Didi Research America
Entry added November 12, 2020

Additional recognition

App Store
We would like to acknowledge Giyas Umarov of Holmdel High School for
their assistance.

Audio
We would like to acknowledge JunDong Xie and XingWei Lin of Ant-
financial Light-Year Security Lab for their assistance.
Entry added November 12, 2020

Bluetooth
We would like to acknowledge Andy Davis of NCC Group and Dennis
Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for
their assistance.

CallKit
We would like to acknowledge Federico Zanetello for their assistance.

CarPlay
We would like to acknowledge an anonymous researcher for their
assistance.

Clang
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Entry added November 12, 2020

Core Location
We would like to acknowledge YiÄx{159}it Can YILMAZ (@yilmazcanyigit) for
their assistance.

debugserver
We would like to acknowledge Linus Henze (pinauten.de) for their
assistance.

iAP
We would like to acknowledge Andy Davis of NCC Group for their
assistance.

iBoot
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.

Kernel
We would like to acknowledge Brandon Azad of Google Project Zero,
Stephen Röttger of Google for their assistance.
Entry updated November 12, 2020

libarchive
We would like to acknowledge Dzmitry Plotnikau and an anonymous
researcher for their assistance.

lldb
We would like to acknowledge Linus Henze (pinauten.de) for their
assistance.
Entry added November 12, 2020

Location Framework
We would like to acknowledge Nicolas Brunner
(linkedin.com/in/nicolas-brunner-651bb4128) for their assistance.
Entry updated October 19, 2020

Mail
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added November 12, 2020

Mail Drafts
We would like to acknowledge Jon Bottarini of HackerOne for their
assistance.
Entry added November 12, 2020

Maps
We would like to acknowledge Matthew Dolan of Amazon Alexa for their
assistance.

NetworkExtension
We would like to acknowledge Thijs Alkemade of Computest and Qubo
Song of Symantec, a division of Broadcomâ for their assistance.

Phone Keypad
We would like to acknowledge Hasan Fahrettin Kaya of Akdeniz
University, an anonymous researcher for their assistance.
Entry updated November 12, 2020 

Safari
We would like to acknowledge Andreas Gutmann (@KryptoAndI) of
OneSpan's Innovation Centre (onespan.com) and University College
London, Steven J. Murdoch (@SJMurdoch) of OneSpan's Innovation Centre
(onespan.com) and University College London, Jack Cable of Lightning
Security, Ryan Pickren (ryanpickren.com), Yair Amit for their
assistance.
Entry added November 12, 2020

Safari Reader
We would like to acknowledge Zhiyang Zeng(@Wester) of OPPO ZIWU
Security Lab for their assistance.
Entry added November 12, 2020

Security
We would like to acknowledge Christian Starkjohann of Objective
Development Software GmbH for their assistance.
Entry added November 12, 2020

Status Bar
We would like to acknowledge Abdul M. Majumder, Abdullah Fasihallah
of Taif university, Adwait Vikas Bhide, Frederik Schmid, Nikita, and
an anonymous researcher for their assistance.

Telephony
We would like to acknowledge Onur Can Bıkmaz, Vodafone Turkey
@canbkmaz, Yiit Can YILMAZ (@yilmazcanyigit), an anonymous
researcher for their assistance.
Entry updated November 12, 2020

UIKit
We would like to acknowledge Borja Marcos of Sarenet, Simon de Vegt,
and Talal Haj Bakry (@hajbakri) and Tommy Mysk (@tommymysk) of Mysk
Inc for their assistance.

Web App
We would like to acknowledge Augusto Alvarez of Outcourse Limited for
their assistance.

WebKit
We would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan
Pickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang
Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance.
Entry added November 12, 2020

Installation note:

This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/

iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "iOS 14.0 and iPadOS 14.0".

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+uxqgACgkQZcsbuWJ6
jjBhIhAAhLzDSjgjVzG0JLzEerhFBcAWQ1G8ogmIdxuC0aQfvxO4V1NriKzUcmsZ
UgQCEdN4kzfLsj3KeuwSeq0pg2CX1eZdgY/FyuOBRzljsmGPXJgkyYapJww6mC8n
7jeJazKusiyaRmScLYDwvbOQGlaqCfu6HrM9umMpLfwPGjFqe/gz8jyxohdVZx9t
pNC0g9l37dVJIvFRc1mAm9HAnIQoL8CDOEd96jVYiecB8xk0X6CwjZ7nGzYJc5LZ
A54EaN0dDz+8q8jgylmAd8xkA8Pgdsxw+LWDr1TxPuu3XIzYa98S1AsItK2eiWx8
pIhrzVZ3fk1w3+W/cSWrgzUq4ouijWcWw9dmVgxmzv9ldL/pS+wIgFsYLJm4xHAp
PH+9p3JmMQks9BWgr3h+NEcJwCUm5J7y0PNuCnQL2iKzn4jikqgfCXHZOidkPV3t
KjeeIFX30AGI7cUqhRl9GbRn8l5SA4pbd4a0Y5df1PgkDjSXxw91Z1+5S15Qfrzs
K8pBlPH37yU3aqMEvxBsN5Fd7vdFdA+pV/aWG5tw4pUlZJC25c50w1ZW0vrnsisg
/isPJqXhUWiGAfQ7s5W6W3AMs4PyvRjY+7zzGiHAd+wNkUNwVTbXvKP4W4n/vGH8
uARpQRQsureymLerXpVTwH8ZoeDEeZZwaqNHTQKg/M9ifAZPZUA=
=WdqR
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX7HXYeNLKJtyKPYoAQjyhhAAlYg66CIonxBR/vPojBq14Rfi8oiOaCnL
eMKzROp3D8fl8rZ+BooXaUWwRPPZdnQ+zxaKidZ03Zz8F9d9YvY+B4oHbX18v+y7
U5I/IVPCBR8VtRg4QBQRU41vRe0BPOxUNvxcGtTUl9z5vfHFzaWqSh1RAWhYOf8e
chchkl7nch3IfRKVlJ57iQ58OkVD/90rYZS59+E7/fFZJqPRuNZneX1Znuwhhnk8
rMGmEh7IQJkHfEeo8wV0svVuRt123GFOeMzWHHM8qB2JKS7VnklQTogkI8TRZUjJ
XgwH078baLp7BCLd3T4vcgNZ7epJs2rmsjC5LReDkreYnGySkDRUawuW4PyEG0qa
6tqu8MSa2p5Kj6P6uWIFkcnOIU0YeY/AJ/Sc36yY/QYaKHaI/pjsGD+BBvsinS0Q
b7eZ6XQuZFaKkHAsNz3//sgHa2QqiIxaWpNUacErPTvGXeD1uC40tNu8iAswJwGR
7T93hM+irDrtmg6W0hJQsPGECCbMNJDog6VsyPL0Sau3UlckU8mzUfAHq2jApmPq
dTtaqvJiMdgvrcZvGglliQVzZoYQyYP1cL8wXiVaLnhGEy+1JxiJ90b9y1zGSJWd
dDNBr4I77TjnC+iYpAV0VEPIX2l5rMPkX95uakfjWAApGDzXyXxO4ClfEzn5dGb8
0SegleDQ91k=
=n9Ov
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3181.2 – UPDATE [Apple iOS] iOS & iPadOS: Multiple vulnerabilities appeared first on Malware Devil.



https://malwaredevil.com/2020/11/16/esb-2020-3181-2-update-apple-ios-ios-ipados-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3181-2-update-apple-ios-ios-ipados-multiple-vulnerabilities
at No comments:
Labels:

ESB-2020.3183.2 – UPDATE [Apple iOS] tvOS: Multiple vulnerabilities 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2020.3183.2
                      APPLE-SA-2020-09-16-2 tvOS 14.0
                             16 November 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           tvOS
Publisher:         Apple
Operating System:  Apple iOS
Impact/Access:     Root Compromise                 -- Existing Account            
                   Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote/Unauthenticated      
                   Cross-site Scripting            -- Remote with User Interaction
                   Access Confidential Data        -- Existing Account            
                   Unauthorised Access             -- Existing Account            
                   Reduced Security                -- Existing Account            
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-15358 CVE-2020-13631 CVE-2020-13630
                   CVE-2020-13435 CVE-2020-13434 CVE-2020-10013
                   CVE-2020-9991 CVE-2020-9983 CVE-2020-9981
                   CVE-2020-9979 CVE-2020-9976 CVE-2020-9969
                   CVE-2020-9968 CVE-2020-9966 CVE-2020-9965
                   CVE-2020-9961 CVE-2020-9954 CVE-2020-9952
                   CVE-2020-9951 CVE-2020-9950 CVE-2020-9949
                   CVE-2020-9947 CVE-2020-9944 CVE-2020-9943
                   CVE-2020-9876 CVE-2020-9849 

Reference:         ESB-2020.3181

Original Bulletin: 
   https://support.apple.com/en-ie/HT211843

Revision History:  November  16 2020: Vendor added additional entries, CVEs and updated entries
                   September 17 2020: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2020-11-13-4 Additional information for
APPLE-SA-2020-09-16-2 tvOS 14.0

tvOS 14.0 addresses the following issues. Information about the
security content is also available at
https://support.apple.com/HT211843.

Assets
Available for: Apple TV 4K and Apple TV HD
Impact: An attacker may be able to misuse a trust relationship to
download malicious content
Description: A trust issue was addressed by removing a legacy API.
CVE-2020-9979: CodeColorist of LightYear Security Lab of AntGroup
Entry updated November 12, 2020

Audio
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab
Entry added November 12, 2020

Audio
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab
Entry added November 12, 2020

CoreAudio
Available for: Apple TV 4K and Apple TV HD
Impact: Playing a malicious audio file may lead to arbitrary code
execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2020-9954: Francis working with Trend Micro Zero Day Initiative,
JunDong Xie of Ant Group Light-Year Security Lab
Entry added November 12, 2020

CoreCapture
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9949: Proteas
Entry added November 12, 2020

Disk Images
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9965: Proteas
CVE-2020-9966: Proteas
Entry added November 12, 2020

ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab
Entry added November 12, 2020

ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9876: Mickey Jin of Trend Micro
Entry added November 12, 2020

Keyboard
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved state
management.
CVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany

libxml2
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9981: found by OSS-Fuzz
Entry added November 12, 2020

Sandbox
Available for: Apple TV 4K and Apple TV HD
Impact: A local user may be able to view senstive user information
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2020-9969: Wojciech Regua of SecuRing (wojciechregula.blog)
Entry added November 12, 2020

Sandbox
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to access restricted
files
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9968: Adam Chester (@_xpn_) of TrustedSec
Entry updated September 17, 2020

SQLite
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-13434
CVE-2020-13435
CVE-2020-9991
Entry added November 12, 2020

SQLite
Available for: Apple TV 4K and Apple TV HD
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating SQLite to
version 3.32.3.
CVE-2020-15358
Entry added November 12, 2020

SQLite
Available for: Apple TV 4K and Apple TV HD
Impact: A maliciously crafted SQL query may lead to data corruption
Description: This issue was addressed with improved checks.
CVE-2020-13631
Entry added November 12, 2020

SQLite
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to leak memory
Description: An information disclosure issue was addressed with
improved state management.
CVE-2020-9849
Entry added November 12, 2020

SQLite
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-13630
Entry added November 12, 2020

WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-9947: cc working with Trend Micro Zero Day Initiative
CVE-2020-9950: cc working with Trend Micro Zero Day Initiative
CVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos
Entry added November 12, 2020

WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9983: zhunki
Entry added November 12, 2020

WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9952: Ryan Pickren (ryanpickren.com)

Wi-Fi
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2020-10013: Yu Wang of Didi Research America
Entry added November 12, 2020

Additional recognition

Audio
We would like to acknowledge JunDong Xie and XingWei Lin of Ant-
financial Light-Year Security Lab for their assistance.
Entry added November 12, 2020

Bluetooth
We would like to acknowledge Andy Davis of NCC Group and Dennis
Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for
their assistance.

Clang
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Entry added November 12, 2020

Core Location
We would like to acknowledge YiÄx{159}it Can YILMAZ (@yilmazcanyigit) for
their assistance.

iAP
We would like to acknowledge Andy Davis of NCC Group for their
assistance.

Kernel
We would like to acknowledge Brandon Azad of Google Project Zero,
Stephen Röttger of Google for their assistance.
Entry updated November 12, 2020

Location Framework
We would like to acknowledge Nicolas Brunner
(linkedin.com/in/nicolas-brunner-651bb4128) for their assistance.
Entry updated October 19, 2020

Safari
We would like to acknowledge Ryan Pickren (ryanpickren.com) for their
assistance.
Entry added November 12, 2020

WebKit
We would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan
Pickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang
Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance.
Entry added November 12, 2020

Installation note:

Apple TV will periodically check for software updates. Alternatively,
you may manually check for software updates by selecting
"Settings -> System -> Software Update -> Update Software."

To check the current version of software, select
"Settings -> General -> About."

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+uyHoACgkQZcsbuWJ6
jjAwvw/+LOihEZ6W7DntL6nfl432KOZ58vNbauzTxYCo6HHsfu9d80SP7BF/BiIf
5rXBfJSyP8K0cQwmhli5xv4DH2VPSwP9GKZXDEG9OYQoHZJ3aie2bOUyPlH14WTZ
JbL00oIdSXaPeovCNah6ahyI6apX63NpJr3FZkbNCDFsGdv7bjkoshRacGMkVSqG
ytAoAsTpuaQEzHCWkvj0hdUasB/VmlnZQS5CzasGplL+1Y6pkwxjxEnN4BlV1/Zn
r7ZWn2SOrf1UZoB/TAE39WdXY7pZ2WfDIyOzIqCioPc3ZlE7bRh7KKRMHwXNDp6Q
XMeb6G818+XpHFKTV/NbLKpq0SjS8YEVhPmpS5e30HepgGbU3h/ufjqJQdnSWyj4
P33pI5Bfo5nFISyyJ+EsDczfWjpUn10F3xiOUb3IZcFuXrbkCFx4GrpnZ25eg1Z0
sXSTq9+lSc1lqDkyBVRNyWAKp5/lsLAmV+WaFugv9svXoxdDyYVA9waFiaxnGHPy
E1hTrVKUFKZmUmiYxEo4b/LSdr8IdaLvsdlWb/4z+C9c1ei/U+yMtOYU8U+JCsVP
4v5hVcnPvL7sFiKfBPW7LsvRq5z1L58l61AivGbPZRkRG4oObOtoWvec4ygQ6tbM
Hmc8HATllbUSoeu0eTtnlYgIKdia14DQFclcbTdMBU37y0DrBJc=
=CBpG
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX7HXbeNLKJtyKPYoAQgdTQ//ZlqxwMkw4EEYjI0hja+5uw2sNRY/FrPl
5i0B7Ym1784wSMJxFNQ9UBm73ILBbmmGhCz7rWJMvjV7FmT7E7abZ7ipJFH3Pz/w
v5FNSqFIqnD5m9ejPqqFOVttQ8MafaPZ/aZq0Vvu9zrF8L2PM62KP++L+mfH6uVl
01uyf7qjFeIoc/czB2XbAu/sdz1UP+En3zWoqi8tY9KfgWmwv12fp33al4JszEV2
maKY8Jj+nYS/WY4urlYZ9RFNmcP7+Yzf4MGi23ZDa3CcQujANNiOiyh+vw9HSrQ9
bMbo60BfhPI6g28lupg8N6dvMcehNsJHvySfErwFdAVMVV7fgRMNixSV0pDToRK6
91yq47RgYDoerNTrHFk/0+/G21JlpoD26FOtU4uBvAs1wPZMxAoXQdDyUdI6bBt2
NS3o59ruoDRiOZxVHKMQJCL883G89CUizlv13SvrqLY8yJLfklMfDtdB6NvLJMpY
By1qw5Mjemeve2CWJ4hfAxmJoFnrwECcKXerXj38xT/TX7GFnJt9gTCc5e0+vTR/
6n8icS1rnZfQ4QUkhkr0bebiIvWpdobCs0ybilDczYnbgAB7E8Wki1SfSTs/A5RX
zGGoQ4jaA6p6/8z3HtflIvAupDpviQqybXsfYm/sBE2JPFvIV6T8rXEyNyCUIG36
AqkWb5YC6DM=
=M8mm
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3183.2 – UPDATE [Apple iOS] tvOS: Multiple vulnerabilities appeared first on Malware Devil.



https://malwaredevil.com/2020/11/16/esb-2020-3183-2-update-apple-ios-tvos-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3183-2-update-apple-ios-tvos-multiple-vulnerabilities
at No comments:
Labels:

ESB-2020.4058 – [SUSE] java-1_7_0-openjdk: Multiple vulnerabilities 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.4058
                  Security update for java-1_7_0-openjdk
                             16 November 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           java-1_7_0-openjdk
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Modify Arbitrary Files          -- Remote/Unauthenticated      
                   Denial of Service               -- Remote/Unauthenticated      
                   Access Confidential Data        -- Remote/Unauthenticated      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-14803 CVE-2020-14798 CVE-2020-14797
                   CVE-2020-14796 CVE-2020-14792 CVE-2020-14782
                   CVE-2020-14781 CVE-2020-14779 

Reference:         ASB-2020.0175
                   ESB-2020.3930
                   ESB-2020.3929
                   ESB-2020.3772

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2020/suse-su-20203310-1

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for java-1_7_0-openjdk

______________________________________________________________________________

Announcement ID:   SUSE-SU-2020:3310-1
Rating:            important
References:        #1177943
Cross-References:  CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792
                   CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803
Affected Products:
                   SUSE OpenStack Cloud Crowbar 9
                   SUSE OpenStack Cloud Crowbar 8
                   SUSE OpenStack Cloud 9
                   SUSE OpenStack Cloud 8
                   SUSE OpenStack Cloud 7
                   SUSE Linux Enterprise Server for SAP 12-SP4
                   SUSE Linux Enterprise Server for SAP 12-SP3
                   SUSE Linux Enterprise Server for SAP 12-SP2
                   SUSE Linux Enterprise Server 12-SP5
                   SUSE Linux Enterprise Server 12-SP4-LTSS
                   SUSE Linux Enterprise Server 12-SP3-LTSS
                   SUSE Linux Enterprise Server 12-SP3-BCL
                   SUSE Linux Enterprise Server 12-SP2-LTSS
                   SUSE Linux Enterprise Server 12-SP2-BCL
                   SUSE Enterprise Storage 5
                   HPE Helion Openstack 8
______________________________________________________________________________

An update that fixes 8 vulnerabilities is now available.

Description:

This update for java-1_7_0-openjdk fixes the following issues:

  o Update to 2.6.24 - OpenJDK 7u281 (October 2020 CPU, bsc#1177943) * Security
    fixes + JDK-8233624: Enhance JNI linkage + JDK-8236862, CVE-2020-14779:
    Enhance support of Proxy class + JDK-8237990, CVE-2020-14781: Enhanced LDAP
    contexts + JDK-8237995, CVE-2020-14782: Enhance certificate processing +
    JDK-8240124: Better VM Interning + JDK-8241114, CVE-2020-14792: Better
    range handling + JDK-8242680, CVE-2020-14796: Improved URI Support +
    JDK-8242685, CVE-2020-14797: Better Path Validation + JDK-8242695,
    CVE-2020-14798: Enhanced buffer support + JDK-8243302: Advanced class
    supports + JDK-8244136, CVE-2020-14803: Improved Buffer supports +
    JDK-8244479: Further constrain certificates + JDK-8244955: Additional Fix
    for JDK-8240124 + JDK-8245407: Enhance zoning of times + JDK-8245412:
    Better class definitions + JDK-8245417: Improve certificate chain handling
    + JDK-8248574: Improve jpeg processing + JDK-8249927: Specify limits of
    jdk.serialProxyInterfaceLimit + JDK-8253019: Enhanced JPEG decoding *
    Import of OpenJDK 7 u281 build 1 + JDK-8145096: Undefined behaviour in
    HotSpot + JDK-8215265: C2: range check elimination may allow illegal out of
    bound access * Backports + JDK-8250861, PR3812: Crash in MinINode::Ideal
    (PhaseGVN*, bool)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE OpenStack Cloud Crowbar 9:
    zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-3310=1
  o SUSE OpenStack Cloud Crowbar 8:
    zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3310=1
  o SUSE OpenStack Cloud 9:
    zypper in -t patch SUSE-OpenStack-Cloud-9-2020-3310=1
  o SUSE OpenStack Cloud 8:
    zypper in -t patch SUSE-OpenStack-Cloud-8-2020-3310=1
  o SUSE OpenStack Cloud 7:
    zypper in -t patch SUSE-OpenStack-Cloud-7-2020-3310=1
  o SUSE Linux Enterprise Server for SAP 12-SP4:
    zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-3310=1
  o SUSE Linux Enterprise Server for SAP 12-SP3:
    zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3310=1
  o SUSE Linux Enterprise Server for SAP 12-SP2:
    zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-3310=1
  o SUSE Linux Enterprise Server 12-SP5:
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3310=1
  o SUSE Linux Enterprise Server 12-SP4-LTSS:
    zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-3310=1
  o SUSE Linux Enterprise Server 12-SP3-LTSS:
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3310=1
  o SUSE Linux Enterprise Server 12-SP3-BCL:
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-3310=1
  o SUSE Linux Enterprise Server 12-SP2-LTSS:
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-3310=1
  o SUSE Linux Enterprise Server 12-SP2-BCL:
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-3310=1
  o SUSE Enterprise Storage 5:
    zypper in -t patch SUSE-Storage-5-2020-3310=1
  o HPE Helion Openstack 8:
    zypper in -t patch HPE-Helion-OpenStack-8-2020-3310=1

Package List:

  o SUSE OpenStack Cloud Crowbar 9 (x86_64):
       java-1_7_0-openjdk-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debugsource-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-debuginfo-1.7.0.281-43.44.2
  o SUSE OpenStack Cloud Crowbar 8 (x86_64):
       java-1_7_0-openjdk-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debugsource-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-debuginfo-1.7.0.281-43.44.2
  o SUSE OpenStack Cloud 9 (x86_64):
       java-1_7_0-openjdk-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debugsource-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-debuginfo-1.7.0.281-43.44.2
  o SUSE OpenStack Cloud 8 (x86_64):
       java-1_7_0-openjdk-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debugsource-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-debuginfo-1.7.0.281-43.44.2
  o SUSE OpenStack Cloud 7 (s390x x86_64):
       java-1_7_0-openjdk-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debugsource-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-debuginfo-1.7.0.281-43.44.2
  o SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
       java-1_7_0-openjdk-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debugsource-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-debuginfo-1.7.0.281-43.44.2
  o SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
       java-1_7_0-openjdk-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debugsource-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-debuginfo-1.7.0.281-43.44.2
  o SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64):
       java-1_7_0-openjdk-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debugsource-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-debuginfo-1.7.0.281-43.44.2
  o SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
       java-1_7_0-openjdk-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debugsource-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-debuginfo-1.7.0.281-43.44.2
  o SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
       java-1_7_0-openjdk-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debugsource-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-debuginfo-1.7.0.281-43.44.2
  o SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
       java-1_7_0-openjdk-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debugsource-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-debuginfo-1.7.0.281-43.44.2
  o SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
       java-1_7_0-openjdk-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debugsource-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-debuginfo-1.7.0.281-43.44.2
  o SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64):
       java-1_7_0-openjdk-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debugsource-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-debuginfo-1.7.0.281-43.44.2
  o SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
       java-1_7_0-openjdk-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debugsource-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-debuginfo-1.7.0.281-43.44.2
  o SUSE Enterprise Storage 5 (aarch64 x86_64):
       java-1_7_0-openjdk-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debugsource-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-debuginfo-1.7.0.281-43.44.2
  o HPE Helion Openstack 8 (x86_64):
       java-1_7_0-openjdk-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-debugsource-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-demo-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-1.7.0.281-43.44.2
       java-1_7_0-openjdk-devel-debuginfo-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-1.7.0.281-43.44.2
       java-1_7_0-openjdk-headless-debuginfo-1.7.0.281-43.44.2


References:

  o https://www.suse.com/security/cve/CVE-2020-14779.html
  o https://www.suse.com/security/cve/CVE-2020-14781.html
  o https://www.suse.com/security/cve/CVE-2020-14782.html
  o https://www.suse.com/security/cve/CVE-2020-14792.html
  o https://www.suse.com/security/cve/CVE-2020-14796.html
  o https://www.suse.com/security/cve/CVE-2020-14797.html
  o https://www.suse.com/security/cve/CVE-2020-14798.html
  o https://www.suse.com/security/cve/CVE-2020-14803.html
  o https://bugzilla.suse.com/1177943

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX7HTAeNLKJtyKPYoAQj9gBAAmMNo963FhddUwddFp1C1FPvccAam2E5v
sONTfTrjxpqR90k73JqNMe4KWWaXHSJdO+UF1GaRqTqjIN211nloaiVY6fQ/mRpS
+TSMKGdzYK8HhVKsIarI2W5YqJB95QsyTo6YF3uuw689ZpgCRK3qBe6yMbP+s3dK
nJ++8bGEmB7xh7dEM4WF/D0OzSJC8UEiqFxIn9sNw+SToRTH22JpA6yjhi14RSFR
HNQRb6EHnr0ZPA6JF5har09VPcKZ7NEsNWKwxXk+knKGpk26+Bu6FiBi9YBqZM+M
7Q0Vk3wSQpYuBnZfnPva0quI28P52k1V4to3XLISDhhMisfjpaQi3USOcZ6S11IN
u+CV2U7VnyMhMXJ7Bq47GtmaglsS/2/3tSUc0T5t1s7yiD390aGykzrVgawGu1BC
XpqIt1a4cpPDWZEqtDsLyT/UMI/sPrJNQheTqeOeo9436rOrf1ctxmudH+CKHaZ6
N1Z4lZHSMc8U2jiYyT3FcVVgfGyIK4JBLVTKSQwn66Kc6ggRED6O6VRcSZ/bTQd3
WMj+Ekk24NQq77RYZQ0mggb7M8XvcLyTIsqlwxDVH6a3QxLt4bbw0J30MxjjETga
odBmAP1Dak1DbPlMie9OnMahgLZQjLgKvGiVDG3XemMophEp7XeePyi/n+1tBkil
+eOc5tWLd7k=
=Ge+H
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.4058 – [SUSE] java-1_7_0-openjdk: Multiple vulnerabilities appeared first on Malware Devil.



https://malwaredevil.com/2020/11/16/esb-2020-4058-suse-java-1_7_0-openjdk-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-4058-suse-java-1_7_0-openjdk-multiple-vulnerabilities
at No comments:
Labels:

Sunday, November 15, 2020

ENISA: Top 15 Threats: Spam, Phishing, and Malware!

ENISA’s Top 15 Threats report starts with this summary document: 

The list of the Top 15 Threats is an annual list from ENISA, with only slight changes in positions for the various threats since last year. Malware remains in the Number 1 spot, and Web-based attacks remains Number 2. Phishing actually increased from 4th to 3rd position. Spam also rose this year, from 6th to 5th position. The threat making the greatest movement was Identity Theft, jumping from 13th to 7th position!

    
  A full report from ENISA is available for each of the topics below. Click to access each one. I’ll only comment on a few in this blog post!
    1. Malware
    2. Web-based Attacks
    3. Phishing
    4. Web Application Attacks
    5. Spam 
    6. DDOS 
    7. Identify Theft
    8. Data Breach 
    9. Insider Threat
    10. Botnets
    11. Physical manipulation, damage, theft and loss
    12. Information Leakage 
    13. Ransomware
    14. Cyber espionage
    15. Cryptojacking 

#1 Cyber Threat – Malware

ENISA ranks Malware as the #1 threat again, pointing out several troubling trends.  Detection of malware on Business-owned Windows computers went up 13% from the previous year, and 71% of malware infections had spread from one infected user to another.  46.5% of malware delivered by email used a “.docx” file extension, indicating that our continued unsafe business practice of sharing Word documents by email continues to put our organizations and our employees at risk!  Another change was that 67% of malware was delivered via an encrypted HTTPS connection — the “increased safety” of having encrypted web pages has also greatly increased our difficulty in understanding when an employee is receiving malware by visiting a webpage.
The number one malware family in this reporting period was Emotet, which targeted US-based businesses 71% of the time and UK targets 24% of the time.  
An increasing number of banking trojans were also seen that targeted the Android operating system.  Top families included Asacub, SVPeng, Agent, Faketoken, and HQWar.
 The so-called File-less Malware was also a significant attack method, often using Windows Management Instrumentation or PowerShell scripts to perform complex attacks more or less “at the command line” rather than by downloading a Windows PE Executable.

For C2-based malware, a growing trend in having Russian-based Command & Control servers was observed, with the likelihood of a Russian-host going up 143% from the previous reporting period.  these malware families included Emotet, JSECoin, XMRig, CryptoLoot, Coinhive, Trickbot, Lokibot, and AgentTesla (according to MalwareBytes, quoted in the report.)

ENISA says that 94% of all malware deliveries were via email during 2019, quoting from the EC3 Internet Organised Crime Threat Assessment.   Many such attacks were enabled by employee behavior and gained extended reach due to vulnerabilities in Windows, several of which allowed Remote Code Execution, making malware attacks “wormable” and able to spread throughout the enterprise, often due to poor patch management.
Proposed actions in this report include the need for better in-bound screening, including the ability to decrypt and inspect SSL/TLS traffic as it comes into the network, including web, email, and mobile applications.  Security policies must also be updated to include what processes and escalations must occur “post-detection” in the case of an infection.  Log monitoring must be improved.  
One suggestion that I strongly agree with — “Organizations need to disable or reduce access to PowerShell functions” — so much malware this year, especially ransomware, would be stopped cold in its tracks if PowerShell were not so prevalently deployed and enabled in our organizations!  
Although it is not mentioned by ENISA, my favorite document for understanding PowerShell threats is “The art and science of detecting Cobalt Strike” from our friends at Talos Intelligence!  More than any other attack platform, Cobalt Strike is being abused by malicious actors in order to fully compromise domains, often for the purpose of exfiltrating and encrypting for ransomware.
Please refer to the full report for additional recommendations.

#2 Cyber Threat – Web-Based Attacks

Web-Based Attacks are broken into four main vectors by ENISA.  Drive-by downloads, Watering hole attacks, Form-jacking, and Malicious URLs. 
As noted in part one, due to the age of the reporting window (January 2019 to April 2020) some of the particular attacks noted are more historical and of less keen interest by this time, however a couple trends are worth calling attention to.
“MageCart” attacks continue to be a prominent method for acquiring financial credentials.  Because of the vast popularity of a small handful of online “checkout” systems, many organized crime groups are investing heavily in hackers who have “nation-state” level capabilities in order to create new zero day attacks into these systems.  Shoppers are basically defenseless as their order information is transparently transmitted to criminals while they shop at even the largest and most prominent “trust-worthy” online vendors. 
In addition to browser vulnerabilities that can make watering hole attacks quite successful, attackers are also attacking popular web browser extensions, which often have less rigorous security updates than the base browser products themselves.
Content Management Systems also present an enormous footprint of vulnerability as platforms such as WordPress provide millions of vulnerable websites that can be used at will by hackers to host both phishing sites and malware payload files.

#3 Cyber Threat – Phishing

Phishing has historically been email-based crime that lures a target to an illicit website via a social engineering email.  It is the key to $26 Billion in losses due to Business Email Compromise, as well as to a growing number of scams linked to the COVID-19 Pandemic.  In the FIRST MONTH of the COVID-19 Pandemic, ENISA reports that phishing attacks increased 667%!  As previously mentioned, these dangerous emails are now very likely to contain a trojaned Microsoft Office family document.  
ENISA warns that phishing URLs are now being seen more frequently delivered via SMS, WhatsApp, and Social Media platforms, expanding beyond the original email platform.
While phishing historically targeted financial institutions, ENISA says that webmail became the leading target of phishing in Q1 of 2019, with Microsoft 365 services being particularly targeted.
User education and user reporting remains a critical strategy, especially as ENISA says that 99% of phishing emails require human interaction in order to be effective.
The most effective means to combat phishing continues to be the implementation of 2FA. If a phisher cannot gain access to an account with simple userid and password, many schemes would be immediately blocked.
From a financial perspective, wiring money should ALWAYS require out of band confirmation.  The cost of not getting the confirmation is simply too high, with some Business Email Compromise attacks costing tens of millions of dollars!

#5 Cyber Threat – Spam 

As the ENISA report on Spam menions, after 41 years of dealing with spam, “nothing compared with the spam activity seen this year with the COVID-19 pandemic!”
During the reporting period, Emotet, Necurs, and Gamut were some of the top spamming families.
Some other findings: 
85% of all emails exchanged in April of 2019 were spam, a 15-month high.
13% of data breaches could be traced back to malicious spam.
83% of companies were unprotected against email-based brand impersonation (DMARC)
42% of CISOs reported dealing with at least one spam-based security incident.
To bring this category up to date, we noticed that ENISA was fond of the Quarterly Spam & Phishing reports from Kaspersky.  Please find below links to the 2020 Q1, Q2, and Q3 reports from Kasperky, which will technically be part of NEXT year’s ENISA reporting:
Kaspersky found that throughout the third quarter, spam was at least 48.9% of all email sent, a slight decline from Q2, however the portion of spam containing malicious emails was up significantly.  Kaspersky identified 51 Million malicious attachments in that quarter, with 8.4% of them being the keylogger commonly known as Agent Tesla (Kaspersky uses the name “Trojan-PSW.MSIL.Agensla.gen”). Microsoft Office documents exploiting CVE-2017-11882 were the second most common.
They also noted 103 million phishing attacks, with the top targeted sectors being Online Stores (19.2%) and Global Web Portals (14.48%) which would include Office365.  Only 10.8% of the phishing attacks observed by Kaspersky targeted banks!
My favorite spam campaign here was the “FTC Official Personal Data Protection Fund” which claimed that the Federal Trade Commission had found that the recipient was a victim of “personal data leakage” and they were eligible to be compensated for that loss, if they just filled out a simple form on their website (which harvested personal data, including credit card and social security number.) 

The post ENISA: Top 15 Threats: Spam, Phishing, and Malware! appeared first on Security Boulevard.

Read More

The post ENISA: Top 15 Threats: Spam, Phishing, and Malware! appeared first on Malware Devil.



https://malwaredevil.com/2020/11/15/enisa-top-15-threats-spam-phishing-and-malware/?utm_source=rss&utm_medium=rss&utm_campaign=enisa-top-15-threats-spam-phishing-and-malware
at No comments:
Labels:

The ENISA Cybersecurity Threat Landscape

 ENISA, the European Union Agency for CyberSecurity, met on October 6, 2020 to review their current recommendations and get any last minute changes.  On October 20, 2020, they released a huge batch of reports that many folks seem to have not seen.  We wanted to take a moment to give you the guided tour and strongly recommend the consumption of these report.  Each publication is available “flip book” style on the ENISA website, and also as a downloadable PDF.

Let’s get started!

https://www.enisa.europa.eu/publications/year-in-review 

This is the 8th Year In Review for ENISA and their reporting just keeps getting better!  This year the main components of the report break down into topics like this: 

  • The Year In Review
  • Cyber Threat Intelligence Overview 
  • Sectoral and Thematic Threat Analysis 
  • Main Incidents in the EU and WorldWide
  • Research Topics
  • Emerging Trends
  • List of Top 15 Threats 

The Year In Review 

This report has a few key sections.  The first that we’ll cover is the “Ten Main Trends” that were observed during the reporting period: 

  1. Attack surface in cybersecurity continues to expand as we are entering a new phase of the digital transformation 
  2. There will be a new social and economic norm after the COVID-19 pandemic even more dependent on a secure and reliable cyberspace.
  3. The use of social media platforms in targeted attacks is a serious trend and reaches different domains and types of threats.
  4. Finely targeted and persistent attacks on high-value data (e.g. intellectual property and state secrets) are being meticulously planned and executed by state-sponsored actors
  5. Massively distributed attacks with a short duration and wide impact are used with multiple objectives such as credential theft
  6. The motivation behind the majority of cyberattacks is still financial 
  7. Ransomware remains widespread with costly consequences to many organisations
  8. Still many cybersecurity incidents go unnoticed or take a long time to be detected
  9. With more security automation, organizations will invest more in preparedness using Cyber Threat Intelligence as its main capability
  10. The number of phishing victims continues to grow since it exploits the human dimension being the weakest link.
Another key section in this area was the “What To Expect” which broke the topic into three areas — Nation States, Cyber Offenders, and Cyber Criminals.  The reader is invited to view the full report, but I did want to mention that with regards to Nation States, ENISA describes the coming year as an “Uncontrolled cyber-arms race” with a free-for-all of nation states trying to buy up and acquire the best attack tools for the “cyberspace warfare domain” possibly through sponsored agents who may not present as the purchasing nation.
In the area of What to Expect From Cyber Criminals … BEC – Business Email Compromise, and BPC – Business PROCESS Compromise are expected to continue, along with malware targeting Managed Service Providers.  They predict that “Deep Fakes Used for Fraud” may be a rising trend.  I’m not sold on this concept as being a 2021 reality, but it is certainly something to watch for.
I also wanted to call attention to the prediction that Cyberbullying is likely to greatly increase as a growing number of adolescents are spending a much greater time online, possibly with limited parental oversight of their activities, as Mom and Dad are busy working from home as well!

Cyber Threat Intelligence Overview 

In this area, training resource links are offered, however the report begins by calling attention to the great gap between higher performing CTI practices and the training and tools available to the average user.  While praising existing frameworks, such as MITRE: ATT&CK, they also point out the short-comings in addressing specialized sector-specific systems, emerging systems, and cloud-computing and managed service threats.
The call is made to spend more emphasis on PREVENTION, DETECTION, and MITIGATION rather than the current near-total obsession with IOCs and APT-naming. Some sectors are especially trailing in the CTI area due to the specialty nature of their equipment and practices.  ALL SECTORS need to be greatly improving their capabilities in PDR (to use the more common Prevent, Detect, Respond term that I still prefer.)  The report calls attention to the fact that trailing sectors are often dealing with limited trust between organizations.  The more isolated your organization is from its peers, the more likely that your sector is struggling in this way.  Improved information sharing is a key.  To quote the report: “one should note that the deficiencies described are not due to a lack of CTI knowledge per se but rather to the lengthy cross- and intra-sector communication and coordination cycles for exchanging CTI knowledge.”  A related quote => “Existing offerings concentrate on operational and tactical CTI, while strategic CTI is mostly offered independently.”
Results are shared of a “Comprehensive CTI Survey” conducted by ENISA.  Some key findings include: 
  • CTI is still primarily a MANUAL PROCESS in most organizations.
  • Much CTI data is still primarily being passed through spreadsheets and email.
  • CTI Requirements are becoming more defined and beginning to take significant guidance from business needs and executive input.
  • CTI from Public Sources combined with observations from internal network and system monitoring is a popular model
  • Open-source information, enriched by threat feeds from CTI vendors is a “clear upwards trend” indicating more focus on internal CTI production.
  • Threat Detection is described as the main use for CTI, with IOCs being a base, but more interest in TTPs in the area of threat behavior and adversary tactics.
  • Only 4% of respondents felt they could measure the effectiveness of their CTI programs!  OUCH!  Machine learning was ranked especially low, with most saying the skill of the analysts was the best predictor of success!
Several areas of interest in the “Next Steps” section to me included:
–  an emphasis on coordinating CTI requirements.  While the report called for this at the EU-member state level, I would say that SECTORS should be working together to determine appropriate CTI requirements and encouraging a sector-wide improvement through collaboration.  
– development of a CTI Maturity model and Threat Hierarchies model.
– ensuring that CTI is taking into account the geopolitical world state and not just the state of bits and bytes.
Please refer to the full report for more details!  

Sectoral and Thematic Threat Analysis 

This report begins by describing the difficulty of measuring and categorizing differences by sector. I must confess to being disappointed by the lack of insights in this particular report.  As sectors shifted to the cloud during the COVID-19 Pandemic, much of the “targeting” became less sector-targeting and more “target of opportunity” focused. 
While most attack trends were “stable” there were some “cross-sector” attack types described as “Increasing” … specifically Web Application Attacks, Phishing, and Malware.
The only sector actually that was called out as being at significantly greater risk than others based on incident trends was “Health/Medical” where increases in Malware, Insider Threat, and Web Application Attacks were all marked as Increasing.
After a lack-luster “trends” report, all of two pages long, the remainder of the report focuses on Threats to Emerging Technologies, where there are some interesting observations regarding 5G Mobile communications, Internet-of-Things (IoT), and Smart Cars.
The reader is invited to visit the report for more details.

Main Incidents in the EU and WorldWide

Unfortunately, with the official timeline of this report being January 2019 through April 2020, many of the “main incidents” here are quite dated.  Good to cover them for historical documentation, but not really worth re-hashing them at this time. Significant data breaches included the 770 million email addresses stolen from MEGA (the cloud data storage service in New Zealand run by “Kim Dot Com”.) They also mention breaches such as ElasticSearch, Canva, Dream Market, Verifications.io, and a couple big MongoDB breaches.
The most targeted services, according to this report, are Digital Services, Government Administration, Tech Industry, Financial Institutions, and Healthcare entitites.  In the area of Digital Services, we know that the primary use is to take the email address/password pairs and use them to attempt password replay attacks attempting to use the same pair against many additional online properties.  ENISA refers to those as “credential stuffing” attacks and indicates that “companies experience an average of 12 credential-stuffing attacks each month!” 
The report indicates that 84% of cyber attacks “rely on social engineering” and that 71% of the organizations with malware activity have seen the malware spread from one employee to another. 
Groups that are depicted in the report as “Most active actors” don’t really align with what we’ve seen from other sources, but are listed as: 
  • TURLA – attacking Microsoft Exchange serveres
  • APT27 – mentions attacks against government SharePoint servers in the Middle East 
  • Vicious Panda – targeting Mongolian government entities
  • Gamaredon – spear-phished the Ministry of Defence in Ukraine in December 2019

The report indicates that ENISA believes most cyber attacks originate from Organized Crime groups.

The Top Five motivations for attackers are: Financial, Espionage, Disruption, Political, and Retaliation.
The Top Five “Most Desired Assets” by Cyber Criminals are listed as: 
  1. Industrial property and Trade secrets
  2. State/Military classified information
  3. Server infrastructure
  4. Authentication Data
  5. Financial Data 
I won’t detail is here, but the report also has advice on “What changed in the landscape with the COVID-19 Pandemic?” and refers to several previous publications from ENISA for that topic.

Research Topics

ENISA says that “apart from basic cybersecurity hygiene and training, investing in research and innovation is the most viable option for defenders.” Some of the key areas that they are encouraging research to be performed are: 
  • Better understanding of the human dimension of security – (I know so many great researchers in this space, from UAB’s own Nitesh Saxena, to UAB’s Ragib Hasan and his current survey on “User Preferences in Authentication” to Carnegie Mellon’s Lorrie Cranor and the IIIT Delhi PreCog lab run by Ponnurangam “PK” Kumaraguru.) 
  • Cybersecurity research and innovation – with a special focus on building “test labs and cyber ranges” that better reflect real world deployments. 
  • 5G Security 
  • EU Research and Innovation Projects on Cybersecurity 
  • Rapid dissemination of CTI methods and content 

Emerging Trends

This report begins by pointing out that COVID-19 has initiated “new and profound changes in the physical world and in cyberspace” and pointing out that “cybersecurity risks will become harder to assess and interpret due to the growing complexity of the threat landscape, adversarial ecosystem and expansion of the attack surface.”
The Emerging Trends are given as three trend lists — Ten Cybersecurity Challenges; Five Trends with cyber threats; and Ten emerging trends in attack vectors.  As I’ve said a few times, go check out the report for the full details, but a few really caught my eye, which I’ll comment on below:
Cybersecurity Challenge 1 – Dealing with systemic and complex risks.  The interconnectedness of our systems and networks means that a risk introduced in one part of the environment can quickly spread throughout our organizations.  The demands of reducing complexity and increasing ease of management has unfortunately caused many organizations to create flat network structures where a single Active Directory domain may touch every resource in the environment and where network segmentation has become almost non-existent.
Unfortunately many of the other “emerging trends” in the cybersecurity challenges are seem more like wishful thinking than an emerging trend.  Reducing unintentional errors, automation of CTI ingestion, Reducing alarm fatigue and false positives, and cloud migration protections are all things we would love to see, but calling them an “emerging trend” strikes me as premature.  A few that I definitely agree with however include the role of CTI and the lack of a skilled workforce.
Cyber Threat Intelligence (CTI) is needed to help with the WHY, the HOW, and the WHAT questions.  The report points out “the value proposition of any CTI capability or program is to improve the preparedness of the organization to protect its critical assets from unknown threats.” Anticipating the unknown requires a deeper understanding of both threat and adversary – not just in the form of specific Indicators of Compromise (IOCs) but in the form of TTPs – based on the Tactics, Techniques and Procedures – as evidenced by observations made both from open source intelligence (OSINT) but also through same sector and cross-sector intelligence sharing is going to be a key to hardening and preparing the organization to address forth-coming attacks instead of constantly reacting to known attacks.
Just as we see in the US, a shortage in cybersecurity skills is hitting the EU hard. 70% of firms say that lack of skills is hampering investment in new technologies, and 46% of firms report difficulty filling vacancies in cybersecurity due to a lack of skilled applicants.  In the US, I constantly refer students to the Cybersecurity Supply/Demand Heatmap maintained by Cyberseek.org.  Currently they are showing 521,617 cybersecurity vacancies just in the United States!
The final “Emerging Trends” area – Ten Emerging Trends in Attack Vectors –  has a few that I wanted to call attention to as well.  I’ll share the list and comment on a few:
  1. Attacks will be massively distributed with a short duration and a wider impact
  2. Finely targeted and persistent attacks will be meticulously planned with well-defined and long-term objectives
  3. Malicious actors will use digital platforms in targeted attacks
  4. The exploitation of business processes will increase
  5. The attack surface will continue expanding 
  6. Teleworking will be exploited through home devices
  7. Attackers will come better prepared 
  8. Obfuscation techniques will sophisticate 
  9. The automated exploitation of unpatched systems and discontinued applications will increase
  10. Cyber threats are moving to the edge 
A key thread that flows through many of these trends is that attacks will move to new less defended “soft spots.”   The report mentions banking trojans being downloaded from the Google Play store, attacks against routers, switches and firewalls rather than servers, and attacks being presented through apps that are skating on the edge between personal and business apps, such as SMS, WhatsApp, SnapChat and various messaging platforms, as well as gaming and streaming apps that may be present on devices being used to “work from home.”

List of Top 15 Threats 

The next post will address the ENISA “Top 15 Threats” 

The post The ENISA Cybersecurity Threat Landscape appeared first on Security Boulevard.

Read More

The post The ENISA Cybersecurity Threat Landscape appeared first on Malware Devil.



https://malwaredevil.com/2020/11/15/the-enisa-cybersecurity-threat-landscape/?utm_source=rss&utm_medium=rss&utm_campaign=the-enisa-cybersecurity-threat-landscape
at No comments:
Labels:

When good URLs are bad for business

Analyzing memory dumps comes with a price – ‘good’ information overload. One that annoys me a lot is running URl/domain extraction tools over the memdump and finding tones of legitimate […]
Read More

The post When good URLs are bad for business appeared first on Malware Devil.



https://malwaredevil.com/2020/11/15/when-good-urls-are-bad-for-business-2/?utm_source=rss&utm_medium=rss&utm_campaign=when-good-urls-are-bad-for-business-2
at No comments:
Labels:
Subscribe to: Posts (Atom)

Barbary Pirates and Russian Cybercrime

In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...