A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iTunes for Windows 12.10.9. Processing a maliciously crafted text file may lead to arbitrary code execution.

CONFIRM:https://support.apple.com/kb/HT211843 | CONFIRM:https://support.apple.com/kb/HT211844 | CONFIRM:https://support.apple.com/kb/HT211850 | CONFIRM:https://support.apple.com/kb/HT211935 | FULLDISC:20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1 | URL:http://seclists.org/fulldisclosure/2020/Dec/32 | MISC:https://support.apple.com/en-us/HT211931 | URL:https://support.apple.com/en-us/HT211931 | MISC:https://support.apple.com/en-us/HT211952 | URL:https://support.apple.com/en-us/HT211952

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, watchOS 6.2.8. A malicious application may disclose restricted memory.

MISC:https://support.apple.com/kb/HT211289 | URL:https://support.apple.com/kb/HT211289 | MISC:https://support.apple.com/kb/HT211291 | URL:https://support.apple.com/kb/HT211291

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to elevate privileges.

FULLDISC:20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1 | URL:http://seclists.org/fulldisclosure/2020/Dec/32 | MISC:https://support.apple.com/en-us/HT211850 | URL:https://support.apple.com/en-us/HT211850 | MISC:https://support.apple.com/en-us/HT211931 | URL:https://support.apple.com/en-us/HT211931

A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to overwrite arbitrary files.

MISC:https://support.apple.com/kb/HT211168 | URL:https://support.apple.com/kb/HT211168 | MISC:https://support.apple.com/kb/HT211170 | URL:https://support.apple.com/kb/HT211170 | MISC:https://support.apple.com/kb/HT211171 | URL:https://support.apple.com/kb/HT211171 | MISC:https://support.apple.com/kb/HT211175 | URL:https://support.apple.com/kb/HT211175

The issue was addressed with improved UI handling. This issue is fixed in watchOS 7.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Visiting a malicious website may lead to address bar spoofing.

MISC:https://support.apple.com/en-us/HT211844 | URL:https://support.apple.com/en-us/HT211844 | MISC:https://support.apple.com/en-us/HT211845 | URL:https://support.apple.com/en-us/HT211845 | MISC:https://support.apple.com/en-us/HT211850 | URL:https://support.apple.com/en-us/HT211850

This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network.

FULLDISC:20201115 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0 | URL:http://seclists.org/fulldisclosure/2020/Nov/20 | MISC:https://support.apple.com/HT211848 | URL:https://support.apple.com/HT211848 | MISC:https://support.apple.com/HT211850 | URL:https://support.apple.com/HT211850

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service.

CONFIRM:https://support.apple.com/kb/HT211846 | FULLDISC:20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1 | URL:http://seclists.org/fulldisclosure/2020/Dec/32 | MISC:https://support.apple.com/en-us/HT211843 | URL:https://support.apple.com/en-us/HT211843 | MISC:https://support.apple.com/en-us/HT211844 | URL:https://support.apple.com/en-us/HT211844 | MISC:https://support.apple.com/en-us/HT211847 | URL:https://support.apple.com/en-us/HT211847 | MISC:https://support.apple.com/en-us/HT211850 | URL:https://support.apple.com/en-us/HT211850 | MISC:https://support.apple.com/en-us/HT211931 | URL:https://support.apple.com/en-us/HT211931

A race condition was addressed with additional validation. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges.

MISC:https://support.apple.com/kb/HT211289 | URL:https://support.apple.com/kb/HT211289

The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages.

FULLDISC:20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1 | URL:http://seclists.org/fulldisclosure/2020/Dec/32 | MISC:https://support.apple.com/en-us/HT211844 | URL:https://support.apple.com/en-us/HT211844 | MISC:https://support.apple.com/en-us/HT211850 | URL:https://support.apple.com/en-us/HT211850 | MISC:https://support.apple.com/en-us/HT211931 | URL:https://support.apple.com/en-us/HT211931

The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages.

FULLDISC:20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1 | URL:http://seclists.org/fulldisclosure/2020/Dec/32 | MISC:https://support.apple.com/en-us/HT211850 | URL:https://support.apple.com/en-us/HT211850 | MISC:https://support.apple.com/en-us/HT211931 | URL:https://support.apple.com/en-us/HT211931