CVE-2020-9804: Medium severity macos catalina vulnerability

Q: What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2020-9804.

Q: What is the title of this vulnerability?

The title of this vulnerability is 'AppleUSBNetworking. A logic issue was addressed with improved restrictions.'

Q: What is the affected software?

The affected software includes macOS Catalina (up to exclusive version 10.15.5), Mojave, and High Sierra by Apple.

Q: How can I fix this vulnerability?

To fix this vulnerability, update your macOS to the latest version, as recommended by Apple.

Q: Where can I find more information about this vulnerability?

You can find more information about this vulnerability on the Apple support website: https://support.apple.com/en-us/HT211170

Published May 26, 2020

Updated

AppleUSBNetworking. A logic issue was addressed with improved restrictions.

Other sources

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. Inserting a USB device that sends invalid messages may cause a kernel panic.

Credit

Andy Davis(NCC Group)

Affected Software

4 affected componentsFixes available

apple macOS Catalina<10.15.5

10.15.5

apple Mojave

apple High Sierra

Apple iOS and macOS<10.15.5

Event History

Jun 9, 2020

CVE Published

via MITRE·04:05 PM

Data Sourced

via MITRE·04:05 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

HT211170

Frequently Asked Questions

What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2020-9804.

What is the title of this vulnerability?

The title of this vulnerability is 'AppleUSBNetworking. A logic issue was addressed with improved restrictions.'

What is the affected software?

The affected software includes macOS Catalina (up to exclusive version 10.15.5), Mojave, and High Sierra by Apple.

How can I fix this vulnerability?