| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Nov 2020 11:37:26 -0800 From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org> To: security-announce@...ts.apple.com Subject: [FD] APPLE-SA-2020-11-13-2 Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-11-13-2 Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave addresses the following issues. Information about the security content is also available at https://support.apple.com/HT211946. FontParser Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild. Description: A memory corruption issue was addressed with improved input validation. CVE-2020-27930: Google Project Zero Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild. Description: A type confusion issue was addressed with improved state handling. CVE-2020-27932: Google Project Zero Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild. Description: A memory initialization issue was addressed. CVE-2020-27950: Google Project Zero Installation note: Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+ux1sACgkQZcsbuWJ6 jjCLQg/7By2IOJn8Ks7hXOPA2P7+dQoBpfnnl2cDP761lLEsSmFtzFjNZsQgwz1Q q7Vt5DbByRgHceBbKs0o++1IEzWIxLu4Wz5n7bASYuhFLxxQ5D/pc5nnFZjjCirU PbjRhRAmDmmS39Q1g2e1+w+TIZPlER21Hn8zVBTmmoKqrnR/MTvcTp09OjiNPocB POIxTA6Ahn/Pc7YqzdmSh+/Uho9GQIHvxHSXxKz+TyL0ulhFYwWIjPt/O+EjObsw NtVSkdh1t3Wj91VyWA+JOzNTOxTabKVXJsrIhmjO7ynIAmgf534GKX6SB7IDchSC kVFvo11jEuUdl7hR0YNHyPqWrV5xN/dbzo1miztW2kZcvpEttCx5EJ4PmLaK+XTZ 9PTHCV2fPC55jsE1E4lDp/AgQUKuFrNPjjj2HjWuRo/nnd91XVlm/8KcHrdeJUyR HLwK0Jd+pAW62/rhlZkz+59zLIk49ySaSz425KawCImP9f2bhVwDCfv0+vHcHaS4 ocgzW+nr5Yfiyk+SCnexN3l37WoeXxQVqxKoGhcw5E+ZrxpOOqOLoXDJEQADOl4v 9EEkNv1TE3BKG72Q6Ktsqo1oeFVnByYrk3yzONC7BT1HG9As81HW2bKIPpkV5fvY NbO7VvmJfIPLIpFXzcmF8TtDUt3puy/Ri4dgJJi5/i1wRtct+Cc= =6mA0 -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists