HKCert
  

Apple Products Multiple Vulnerabilities

Release Date: 06 / 11 / 2020
Last Update: 16 / 11 / 2020
Risk Level:  


Multiple vulnerabilities were identified in Apple products, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, sensitive information disclosure and elevation of privilege on the targeted system.

 

Note:

CVE-2020-27930, CVE-2020-27932, CVE-2020-27950 are being exploited in the wild

 

[Updated 16-Nov-2020] Note: Added new CVEs and updated in the "System / Technologies Affected", "Vulnerability Identifier" and "Related Links" Section.

  • Denial of Service
  • Elevation of Privilege
  • Remote Code Execution
  • Information Disclosure
  • iOS 
  • iPadOS
  • watchOS
  • macOS
  • tvOS
  • Safari

 

Before installation of the software, please visit the vendor web-site for more details.

 
Apply fixes issued by the vendor:
  • iOS 12.4.9           
  • iOS 14.2
  • iPadOS 14.2
  • watchOS 5.3.9   
  • watchOS 6.2.9
  • watchOS 7.1      
  • macOS High Sierra 10.13.6
  • macOS Mojave 10.14.6
  • macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update
  • macOS Big Sur 11.0.1
  • tvOS 14.2
  • Safari 14.0.1
 Note: included some discontinued products, for detail, please refer to the "Related Links"