MacOS Catalina 10.15.7 provides important security updates and bug fixes for your Mac. Resolves an issue where macOS would not automatically connect to Wi-Fi networks; Fixes an issue that could prevent files syncing through iCloud Drive; Addresses a graphic issue that may occur on iMac (Retina 5K, 27-inch, 2020) with Radeon Pro 5700 XT. Open the App Store app on your Mac. Click Updates in the App Store toolbar. Use the Update buttons to download and install any updates listed. When the App Store shows no more updates, the installed version of macOS and all of its apps are up to date. That includes Safari, iTunes, iBooks, Messages, Mail, Calendar, Photos, and FaceTime. According to a tweet from tipster Komiya, the 2020 model of the 16in MacBook Pro will be receiving three minor upgrades, the first of which will be an updated CPU and GPU. Will Apple update the 13in MacBook Pro again in 2020? Following the MacBook Pro's May 2020 update, every Apple laptop now has the new-style keyboard that replaced the problematic butterfly model.
About Apple security updates
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra
Released January 28, 2020
AnnotationKit
Available for: macOS Catalina 10.15.2
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-3877: an anonymous researcher working with Trend Micro's Zero Day Initiative
apache_mod_php
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: Multiple issues in PHP
Description: Multiple issues were addressed by updating to PHP version 7.3.11.
CVE-2019-11043
Audio
Available for: macOS Catalina 10.15.2
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2020-3857: Zhuo Liang of Qihoo 360 Vulcan Team
autofs
Available for: macOS Catalina 10.15.2
Impact: Searching for and opening a file from an attacker controlled NFS mount may bypass Gatekeeper
Description: This was addressed with additional checks by Gatekeeper on files mounted through a network share.
CVE-2020-3866: Jose Castro Almeida (@HackerOn2Wheels) and René Kroka (@rene_kroka)
CoreBluetooth
Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.2
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved input validation.
CVE-2020-3848: Jianjun Dai of Qihoo 360 Alpha Lab
CVE-2020-3849: Jianjun Dai of Qihoo 360 Alpha Lab
CVE-2020-3850: Jianjun Dai of Qihoo 360 Alpha Lab
Entry updated February 3, 2020
CoreBluetooth
Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.2
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-3847: Jianjun Dai of Qihoo 360 Alpha Lab
Entry updated February 3, 2020
Crash Reporter
Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.2
Impact: A malicious application may be able to access restricted files
Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.
CVE-2020-3835: Csaba Fitzl (@theevilbit)
crontab
Available for: macOS Catalina 10.15.2
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2020-3863: James Hutchins
Entry added September 8, 2020
Found in Apps
Available for: macOS Catalina 10.15.2
Impact: Encrypted data may be inappropriately accessed
Description: An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting access to encrypted data.
CVE-2020-9774: Bob Gendler of the National Institute of Standards and Technology
Entry updated July 28, 2020
Image Processing
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved input validation.
CVE-2020-3827: Samuel Groß of Google Project Zero
ImageIO
Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.2
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-3826: Samuel Groß of Google Project Zero
CVE-2020-3870
CVE-2020-3878: Samuel Groß of Google Project Zero
CVE-2020-3880: Samuel Groß of Google Project Zero
Entry updated April 4, 2020
Intel Graphics Driver
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2020-3845: Zhuo Liang of Qihoo 360 Vulcan Team
IOAcceleratorFamily
Available for: macOS Catalina 10.15.2
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2020-3837: Brandon Azad of Google Project Zero
IOThunderboltFamily
Available for: macOS Catalina 10.15.2
Impact: An application may be able to gain elevated privileges
Description: A use after free issue was addressed with improved memory management.
CVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington
Entry added April 4, 2020
IPSec
Available for: macOS Catalina 10.15.2
Impact: Loading a maliciously crafted racoon configuration file may lead to arbitrary code execution
Description: An off by one issue existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking.
CVE-2020-3840: @littlelailo
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
CVE-2020-3875: Brandon Azad of Google Project Zero
Kernel
Available for: macOS Catalina 10.15.2
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with improved memory handling.
CVE-2020-3872: Haakon Garseg Mørk of Cognite and Cim Stordal of Cognite
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A type confusion issue was addressed with improved memory handling.
CVE-2020-3853: Brandon Azad of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: A malicious application may be able to determine kernel memory layout
Description: An access issue was addressed with improved memory management.
CVE-2020-3836: Brandon Azad of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2020-3842: Ned Williamson working with Google Project Zero
CVE-2020-3871: Corellium
libxml2
Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.2
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow was addressed with improved size validation.
CVE-2020-3846: Ranier Vilela
Entry updated February 3, 2020
libxpc
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: Processing a maliciously crafted string may lead to heap corruption
Description: A memory corruption issue was addressed with improved input validation.
CVE-2020-3856: Ian Beer of Google Project Zero
libxpc
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-3829: Ian Beer of Google Project Zero
PackageKit
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: A malicious application may be able to overwrite arbitrary files
Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.
CVE-2020-3830: Csaba Fitzl (@theevilbit)
Security
Available for: macOS Catalina 10.15.2
Impact: A malicious application may be able to break out of its sandbox
Macbook Pro 13 Update 2020
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3854: Jakob Rieck (@0xdead10cc) and Maximilian Blochberger of the Security in Distributed Systems Group of University of Hamburg
Entry updated February 3, 2020
sudo
New Macbook Update 2020
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: Certain configurations may allow a local attacker to execute arbitrary code
Description: A buffer overflow issue was addressed with improved memory handling.
CVE-2019-18634: Apple
System
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: A malicious application may be able to overwrite arbitrary files
Description: An access issue was addressed with improved access restrictions.
CVE-2020-3855: Csaba Fitzl (@theevilbit) Apple antivirus free.
Wi-Fi
Available for: macOS Catalina 10.15.2
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
CVE-2020-3839: s0ngsari of Theori and Lee of Seoul National University working with Trend Micro's Zero Day Initiative
Wi-Fi
Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.2
Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory
Description: A memory corruption issue was addressed with improved input validation.
CVE-2020-3843: Ian Beer of Google Project Zero
Entry updated May 13, 2020
wifivelocityd
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: An application may be able to execute arbitrary code with system privileges
Description: The issue was addressed with improved permissions logic.
CVE-2020-3838: Dayton Pidhirney (@_watbulb)
Additional recognition
Photos Storage
We would like to acknowledge Allison Husain of UC Berkeley for their assistance.
Entry updated March 19, 2020
SharedFileList
We would like to acknowledge Patrick Wardle of Jamf for their assistance.
Entry added April 4, 2020
How to get updates for macOS Mojave or later
If you've upgraded to macOS Mojave or later, follow these steps to keep it up to date:
- Choose System Preferences from the Apple menu , then click Software Update to check for updates.
- If any updates are available, click the Update Now button to install them. Or click 'More info' to see details about each update and select specific updates to install.
- When Software Update says that your Mac is up to date, the installed version of macOS and all of its apps are also up to date. That includes Safari, iTunes, Books, Messages, Mail, Calendar, Photos, and FaceTime.
To find updates for iMovie, Garageband, Pages, Numbers, Keynote, and other apps that were downloaded separately from the App Store, open the App Store on your Mac, then click the Updates tab.
To automatically install macOS updates in the future, including apps that were downloaded separately from the App Store, select 'Automatically keep my Mac up to date.' Your Mac will notify you when updates require it to restart, so you can always choose to install those later.
How to get updates for earlier macOS versions
If you're using an earlier macOS, such as macOS High Sierra, Sierra, El Capitan, or earlier,* follow these steps to keep it up to date:
- Open the App Store app on your Mac.
- Click Updates in the App Store toolbar.
- Use the Update buttons to download and install any updates listed.
- When the App Store shows no more updates, the installed version of macOS and all of its apps are up to date. That includes Safari, iTunes, iBooks, Messages, Mail, Calendar, Photos, and FaceTime. Later versions may be available by upgrading your macOS.
To automatically download updates in the future, choose Apple menu > System Preferences, click App Store, then select 'Download newly available updates in the background.' Your Mac will notify you when updates are ready to install.
* If you're using OS X Lion or Snow Leopard, get OS X updates by choosing Apple menu > Software Update.
Mac Os Update 2020
How to get updates for iOS
Learn how to update your iPhone, iPad, or iPod touch to the latest version of iOS.
Learn more
- Learn how to upgrade to the latest version of macOS.
- Find out which macOS your Mac is using.
- You can redownload apps that you previously downloaded from the App Store.
- Your Mac doesn't automatically download large updates when it's using a Personal Hotspot.
