About Apple security updates
- Mac Os Security Update 2020
- Mac Os Update September 2020
- Macos Sierra Update 2020
- Latest Mac Os Update 2020
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
Apple says the new MacOS Big Sur update is its biggest design change in almost 20 years. The refreshed operating system for Mac computers includes a big update to the web browser, more privacy. The current version of your macOS will be shown at the top of the Overview tab. If you see an older version written there, you may want to update your Mac to the latest version (see below). How to update to the latest macOS version. To get the latest macOS version, you must open the Mac App Store and search for macOS Big Sur.
macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra
Released January 28, 2020
AnnotationKit
Available for: macOS Catalina 10.15.2
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-3877: an anonymous researcher working with Trend Micro's Zero Day Initiative
apache_mod_php
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: Multiple issues in PHP
Description: Multiple issues were addressed by updating to PHP version 7.3.11.
CVE-2019-11043
Audio
Available for: macOS Catalina 10.15.2
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2020-3857: Zhuo Liang of Qihoo 360 Vulcan Team
autofs
Available for: macOS Catalina 10.15.2
Impact: Searching for and opening a file from an attacker controlled NFS mount may bypass Gatekeeper
Description: This was addressed with additional checks by Gatekeeper on files mounted through a network share.
CVE-2020-3866: Jose Castro Almeida (@HackerOn2Wheels) and René Kroka (@rene_kroka)
CoreBluetooth
Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.2
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved input validation.
CVE-2020-3848: Jianjun Dai of Qihoo 360 Alpha Lab
CVE-2020-3849: Jianjun Dai of Qihoo 360 Alpha Lab
CVE-2020-3850: Jianjun Dai of Qihoo 360 Alpha Lab
Entry updated February 3, 2020
CoreBluetooth
Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.2
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-3847: Jianjun Dai of Qihoo 360 Alpha Lab
Entry updated February 3, 2020
Crash Reporter
Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.2
Impact: A malicious application may be able to access restricted files
Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.
CVE-2020-3835: Csaba Fitzl (@theevilbit)
crontab
Available for: macOS Catalina 10.15.2
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2020-3863: James Hutchins
Entry added September 8, 2020
Found in Apps
Available for: macOS Catalina 10.15.2
Impact: Encrypted data may be inappropriately accessed
Description: An issue existed with Siri Suggestions access to encrypted data. The issue was fixed by limiting access to encrypted data.
CVE-2020-9774: Bob Gendler of the National Institute of Standards and Technology
Entry updated July 28, 2020
Image Processing
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved input validation.
CVE-2020-3827: Samuel Groß of Google Project Zero
ImageIO
Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.2
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-3826: Samuel Groß of Google Project Zero
CVE-2020-3870
CVE-2020-3878: Samuel Groß of Google Project Zero
CVE-2020-3880: Samuel Groß of Google Project Zero
Entry updated April 4, 2020
Intel Graphics Driver
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
Mac Os Security Update 2020
CVE-2020-3845: Zhuo Liang of Qihoo 360 Vulcan Team
IOAcceleratorFamily
Available for: macOS Catalina 10.15.2
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2020-3837: Brandon Azad of Google Project Zero
IOThunderboltFamily
Available for: macOS Catalina 10.15.2
Impact: An application may be able to gain elevated privileges
Description: A use after free issue was addressed with improved memory management.
CVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington
Entry added April 4, 2020
IPSec
Available for: macOS Catalina 10.15.2
Impact: Loading a maliciously crafted racoon configuration file may lead to arbitrary code execution
Description: An off by one issue existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking.
CVE-2020-3840: @littlelailo
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
CVE-2020-3875: Brandon Azad of Google Project Zero
Kernel
Available for: macOS Catalina 10.15.2
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with improved memory handling.
CVE-2020-3872: Haakon Garseg Mørk of Cognite and Cim Stordal of Cognite
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A type confusion issue was addressed with improved memory handling.
CVE-2020-3853: Brandon Azad of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: A malicious application may be able to determine kernel memory layout
Description: An access issue was addressed with improved memory management.
CVE-2020-3836: Brandon Azad of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2020-3842: Ned Williamson working with Google Project Zero
CVE-2020-3871: Corellium
libxml2
Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.2
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow was addressed with improved size validation.
CVE-2020-3846: Ranier Vilela
Entry updated February 3, 2020
libxpc
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: Processing a maliciously crafted string may lead to heap corruption
Description: A memory corruption issue was addressed with improved input validation.
CVE-2020-3856: Ian Beer of Google Project Zero
libxpc
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: An application may be able to gain elevated privileges
Mac Os Update September 2020
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-3829: Ian Beer of Google Project Zero
PackageKit
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: A malicious application may be able to overwrite arbitrary files
Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.
CVE-2020-3830: Csaba Fitzl (@theevilbit)
Security
Available for: macOS Catalina 10.15.2
Impact: A malicious application may be able to break out of its sandbox
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3854: Jakob Rieck (@0xdead10cc) and Maximilian Blochberger of the Security in Distributed Systems Group of University of Hamburg
Entry updated February 3, 2020
sudo
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: Certain configurations may allow a local attacker to execute arbitrary code
Description: A buffer overflow issue was addressed with improved memory handling.
CVE-2019-18634: Apple
System
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: A malicious application may be able to overwrite arbitrary files
Description: An access issue was addressed with improved access restrictions.
CVE-2020-3855: Csaba Fitzl (@theevilbit)
Wi-Fi
Available for: macOS Catalina 10.15.2
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
CVE-2020-3839: s0ngsari of Theori and Lee of Seoul National University working with Trend Micro's Zero Day Initiative
Wi-Fi
Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.2
Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory
Description: A memory corruption issue was addressed with improved input validation.
CVE-2020-3843: Ian Beer of Google Project Zero
Entry updated May 13, 2020
wifivelocityd
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: An application may be able to execute arbitrary code with system privileges
Description: The issue was addressed with improved permissions logic.
CVE-2020-3838: Dayton Pidhirney (@_watbulb)
Additional recognition
Photos Storage
We would like to acknowledge Allison Husain of UC Berkeley for their assistance.
Entry updated March 19, 2020
SharedFileList
We would like to acknowledge Patrick Wardle of Jamf for their assistance.
Entry added April 4, 2020
Best apps live in Setapp
Macos Sierra Update 2020
macOS Big Sur 11 has become available as a public macOS update starting November 12, 2020. This means now is the time to get your hands on all of its great features.
The recent macOS arrives with a revolutionary design change (many call it “macOS marries iOS”), a big Safari update, more Catalyst apps, and some substantial privacy enhancements. In this article, we’ll explain how to upgrade to Big Sur and make it work seamlessly on your Mac. This includes all the best options for installing macOS 11, based on your needs.
Prepare your Mac for Big Sur upgrade
We’ll start with your Mac. The fundamental question you should answer is “Can I install Big Sur on my MacBook?” Apple has shifted device compatibility a year or two, which means some of the older Macs are no longer compatible with macOS Big Sur — even those that can run macOS Catalina. Also, your Mac should have enough storage capacity to install the new operating system, and you should create a secure data backup before upgrading.
So here’s a step-by-step guide on how to get your Mac ready for the Big Sur upgrade.
1. Check system requirements
Would be a pity to go through the installation process only to find out you need to buy a new Mac for this. Let’s make sure this doesn’t happen. Check out the list of Macs compatible with macOS 11:
MacBook (2015 or later)
MacBook Air (2013 or later)
MacBook Pro (2013 or later)
Mac Pro (2013 or later)
Mac Mini (2014 or later)
iMac (2014 or later)
iMac Pro (2017 or later).
Found yours? Great. Another thing to consider is the minimum macOS requirement — a macOS version that your Mac should be running before switching. For macOS 11 Big Sur, it’s macOS 10.10 or later. If you use an older version, your Mac might misbehave during the installation process. You can find more on Big Sur system requirements here.
2. Free up storage for macOS 11 installation
Here’s a weird thing about new macOS versions: They require a specific amount of storage space — but you never know the exact amount. From what we’ve seen in the recent releases, a clean installation requires around 12.5GB of storage space, and an upgrade takes 18.5GB. Hence you might assume 15-20GB is the amount that should be good for macOS 11.
CleanMyMac X is a great Mac utility that will make sure you comply with the requirements — even if you don’t know the exact amount of storage you should free up. It removes all the clutter from your Mac, including old caches, file leftovers, mail attachments, and more. In other words, it wins you maximum free storage you wouldn’t be able to free up manually. So it’s a great tool to own, whether you decide to upgrade to Big Sur or not.
3. Backup your data
Installing a new macOS version is always a big event for your Mac. A fresh start. To make sure you don’t lose anything from your Mac’s previous life, create a backup. You can use Apple’s Time Machine for the job, or go with a more advanced tool like Get Backup Pro. Unlike Time Machine, it can create bootable backups — which means enhanced security — and has lots of handy features like scheduling and compressing backups. The choice of tools is up to you, but make sure you don’t miss this step.
The steps described above are relevant for any macOS installations you might run in the future. So it’s a great idea to get CleanMyMac X and Get Backup Pro with the Setapp membership — it will cost you much less than buying individual app licenses. Once you’re all set, let’s get back to Big Sur and answer the question you came here for: “How do I update my Mac to macOS 11 in 2020?”
Here’s how to upgrade to Big Sur
You can get started with Big Sur as a member of Apple Developer Program, install the public beta, or get the public software update starting November 12. We’ve described the processes of installing the betas and the official macOS 11 version below.
Download and install macOS 11 developer beta
Back up your Mac with Get Backup Pro or Time Machine to make sure nothing gets lost in the shuffle
Go to developer.apple.com
Click Discover > macOS
On the macOS page, click Download in the top right corner
Sign in to your Developer account and select Install Profile
Find and launch the installer in the Downloads folder
Open the PKG file and agree to the terms of installation
Verify account by entering your system password
Access the update via System Preferences and click Update to install the beta.
Download and install macOS 11 public beta
Step one is always the same: Create a backup of your Mac with Get Backup Pro, Time Machine, or any other reliable backup app
Go to Apple’s beta website and sign up
In the top right corner, click on Enroll Your Devices > macOS
Scroll down to the bottom of the page, and select “Download the macOS Public Beta Access Utility” > Allow
Navigate to your Downloads folder and double-click on utility.dmg
Launch the .pkg installer and follow the instructions
Access and install the update via System Preferences > Software Update.
macOS Big Sur release date
Apple announced the macOS Big Sur release date in their “One More Thing” event where they introduced the first ARM-based Macs. The newest macOS 11 goes public on November 12.
Every year, Apple announces new macOS releases in June, without specifying the exact dates. The developer beta of macOS 11 went out into the world right after the WWDC event, public beta followed in August, and the official version is available starting November 12, 2020. Even though it’s safe to install betas on Mac with the Setapp apps like Get Backup Pro and CleanMyMac X, the official version is always the best one.
Should I upgrade to Big Sur?
If you’re wondering whether it’s even worth it, dive deeper into macOS Big Sur features. Figure out whether there’s anything that might make your Mac routine better. From what we’ve heard from Reddit users, Big Sur is pretty stable and safe. So you don’t have to worry about the new macOS “breaking your Mac.” Just make sure you use a backup to stay on the safe side.
The bottom line is macOS 11 Big Sur is a lot. One of the most important improvements arrives with Safari — it’s faster, has a dedicated Privacy Report, a personalized start page, built-in translation, and other perks. The updated Messages gets the inline reply feature and new Memojis. Maps have curated Guides and new green routes on macOS Big Sur.
Finally, the most obvious change is the redesign: Big Sur looks more like an iPad, with a new Control Center, refreshed toolbars, and full-height sidebars in apps. For more information, check out the infographic, and then decide whether the guide on how to upgrade to macOS 11 Big Sur makes sense for you.
That’s about it on how to update to Big Sur. We hope you’ll have a great experience with the new macOS. If not, rolling back to an old version is pretty straightforward — so we say go for it. The new design looks totally worth it.