Malwarebytes Antivirus for Mac scans & removes viruses, adware, ransomware & other Mac malware. The Mac antivirus protects you & your mac so it keeps running. Testing conducted by Apple in February 2015 using preproduction 1.6GHz dual-core Intel Core i5–based 13-inch MacBook Air units. The wireless web test measures battery life by wirelessly.
- Antivirus For Macbook Air 2015 Pro
- Antivirus For Macbook Pro
- Antivirus For Macbook Air 2015 Refurbished
- Does Macbook Air Need Antivirus
Our Mac OS antivirus software offers the best Mac virus removal and protects your system. Scan your system at the push of a button and repair folders with just one click. Our Apple virus scan software is free. Download it now for your Mac. Number 1 Leading Mac security and antivirus software since 1997. Award-winning AV, network security, utility and parental control software exclusively for Mac OS X and macOS.
As Apple products are getting famous around the world, these are also very hot talk among the cyber offenders. Although Apple Macbook Air do not need any free or paid antivirus software but still for the ultimate security you need to keep you Apple Macbook safe from any possible threat or malicious activities by installing one of these best security softwares specially design as an antivirus for Macbook Air.
Sophos SafeGuard for Macbook Air Retina
Sophos Antivirus for Macbook Air gives the complete security plan for Macbook. Its salient features include the full protection from the Trojans, viruses and any bugs for your Macbook Air Retina. Sophos Antivirus offers a complete and secure web browsing and lay off malicious codes and blocks the malwares which are web based just before it try to infect your Macbook Air. It always laid some hindrances in way of all the known and unknown threats.
Sophos Safeguard removes the files immediately which are trying to infect your Macbook Air. It will alert you in case it finds anything suspicious. It immediately removes dubious files even it is possible to separate such doubtful files so that you can check them later.
Don't miss: Apple introducing iWatch as a wearable Gadget
Sophos Firewall is specially designed to be used by all the users no matter dealing with small, large or medium sized business or organization or even for domestic use. It provides the same quality for every user. It is easy to install, convenient to use and completely free.
Avast Antivirus for MacBook Air Retina
Avast is the most protective, specific and Award-winning antivirus for Macbook Air and the best about it is, it's light to use and very fast to operate with. It contains anti-spyware and certified antivirus for Macbook Air. This technology is based on unique scanning criteria.
Avast antivirus for Macbook Air can securely scan your file system, email tools and web browsing routines. It has impeccable track records on windows and it's absolutely free to use.
ClamXav – Free Antivirus for MacBook Air Retina
ClamXav is highly recommended free Antivirus for Macbook Air Retina as well as other Mac OS X operating systems. It is upon you to command it to scan your Macbook Air entirely or just to scan the specific files. It can also scan your hard drive and whatever you want it to scan to escape from the possible threats and risks.
By selecting the sentry activation option, you would be able to monitor all of your files and hard drives as they appear. ClamXav is easy and simple to operate and it list down the infected files. It usually updates itself on daily basis and provide free virus definitions.
You can easily access the areas where scan is necessary and where you usually scan the most. It can send the infected files to the trash in only one click. ClamXav is a free antivirus for Macbook Air and compatible with Mac OS X 10.6, 10.7, 10.8 and 10.9 and upcoming versions.
Also Read: Skype for Web – The Instant messaging service
About Apple security updates
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
macOS Big Sur 11.0.1
Released November 12, 2020
AMD
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved input validation.
CVE-2020-27914: Yu Wang of Didi Research America
CVE-2020-27915: Yu Wang of Didi Research America
Antivirus For Macbook Air 2015 Pro
Entry added December 14, 2020
App Store
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable code.
CVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab
Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: An out-of-bounds write was addressed with improved input validation.
CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab
Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab
Audio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab
Bluetooth
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A remote attacker may be able to cause unexpected application termination or heap corruption
Description: Multiple integer overflows were addressed with improved input validation.
CVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab
CoreAudio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-27908: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab
CVE-2020-27909: Anonymous working with Trend Micro Zero Day Initiative, JunDong Xie and XingWei Lin of Ant Security Light-Year Lab
CVE-2020-9960: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab
Entry added December 14, 2020
CoreAudio
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: An out-of-bounds write was addressed with improved input validation.
CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Security Light-Year Lab
CoreCapture
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A use after free issue was addressed with improved memory management.
CVE-2020-9949: Proteas
CoreGraphics
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds write was addressed with improved input validation.
CVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro
Crash Reporter
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A local attacker may be able to elevate their privileges
Description: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.
CVE-2020-10003: Tim Michaud (@TimGMichaud) of Leviathan
CoreText
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
Description: A logic issue was addressed with improved state management.
CVE-2020-27922: Mickey Jin of Trend Micro
Entry added December 14, 2020
CoreText
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: Processing a maliciously crafted text file may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved state management.
CVE-2020-9999: Apple
Entry updated December 14, 2020
Disk Images
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-9965: Proteas
CVE-2020-9966: Proteas
Finder
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: Users may be unable to remove metadata indicating where files were downloaded from
Description: The issue was addressed with additional user controls.
CVE-2020-27894: Manuel Trezza of Shuggr (shuggr.com)
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: A buffer overflow was addressed with improved size validation.
CVE-2020-9962: Yiğit Can YILMAZ (@yilmazcanyigit)
Entry added December 14, 2020
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
Description: An out-of-bounds write was addressed with improved input validation.
CVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of Trend Micro
Entry added December 14, 2020
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile Security Research Team working with Trend Micro's Zero Day Initiative
Entry added December 14, 2020
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
Description: A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation.
CVE-2020-27931: Apple
Entry added December 14, 2020
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild.
Description: A memory corruption issue was addressed with improved input validation.
CVE-2020-27930: Google Project Zero
FontParser
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2020-27927: Xingwei Lin of Ant Security Light-Year Lab
Foundation
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A local user may be able to read arbitrary files
Description: A logic issue was addressed with improved state management.
CVE-2020-10002: James Hutchins
HomeKit
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: An attacker in a privileged network position may be able to unexpectedly alter application state
Description: This issue was addressed with improved setting propagation.
CVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana University Bloomington, Yan Jia of Xidian University and University of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University of Science and Technology
Entry added December 14, 2020
ImageIO
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2020-9955: Mickey Jin of Trend Micro, Xingwei Lin of Ant Security Light-Year Lab
Entry added December 14, 2020
ImageIO
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-27924: Lei Sun
Entry added December 14, 2020
ImageIO
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds write was addressed with improved input validation.
CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab
CVE-2020-27923: Lei Sun
Entry updated December 14, 2020 How much storage does a macbook pro have.
ImageIO
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2020-9876: Mickey Jin of Trend Micro
Intel Graphics Driver
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day Initiative
CVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc., and Luyi Xing of Indiana University Bloomington
Entry added December 14, 2020
Intel Graphics Driver
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day Initiative
Entry added December 14, 2020
Image Processing
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds write was addressed with improved input validation.
CVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei Lin of Ant Security Light-Year Lab
Entry added December 14, 2020
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory
Description: Multiple memory corruption issues were addressed with improved input validation.
CVE-2020-9967: Alex Plaskett (@alexjplaskett)
Entry added December 14, 2020
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A use after free issue was addressed with improved memory management.
CVE-2020-9975: Tielei Wang of Pangu Lab
Entry added December 14, 2020
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A race condition was addressed with improved state handling.
CVE-2020-27921: Linus Henze (pinauten.de)
Entry added December 14, 2020
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management.
CVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqong Security Lab
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel
Description: A routing issue was addressed with improved restrictions.
CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild.
Description: A memory initialization issue was addressed.
CVE-2020-27950: Google Project Zero
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A malicious application may be able to determine kernel memory layout
Description: A logic issue was addressed with improved state management.
CVE-2020-9974: Tommy Muir (@Muirey03)
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved state management.
CVE-2020-10016: Alex Helie
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.
Description: A type confusion issue was addressed with improved state handling.
CVE-2020-27932: Google Project Zero
libxml2
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: Processing maliciously crafted web content may lead to code execution
Description: A use after free issue was addressed with improved memory management.
CVE-2020-27917: found by OSS-Fuzz
CVE-2020-27920: found by OSS-Fuzz
Entry updated December 14, 2020
libxml2
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: An integer overflow was addressed through improved input validation.
CVE-2020-27911: found by OSS-Fuzz
libxpc
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved validation.
CVE-2020-9971: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Entry added December 14, 2020
libxpc
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A malicious application may be able to break out of its sandbox
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
CVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Logging
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A local attacker may be able to elevate their privileges
Description: A path handling issue was addressed with improved validation.
CVE-2020-10010: Tommy Muir (@Muirey03)
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A remote attacker may be able to unexpectedly alter application state
Description: This issue was addressed with improved checks.
CVE-2020-9941: Fabian Ising of FH Münster University of Applied Sciences and Damian Poddebniak of FH Münster University of Applied Sciences
Messages
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Description: A use after free issue was addressed with improved memory management.
CVE-2020-27917: found by OSS-Fuzz
CVE-2020-27920: found by OSS-Fuzz
Entry updated December 14, 2020
libxml2
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: An integer overflow was addressed through improved input validation.
CVE-2020-27911: found by OSS-Fuzz
libxpc
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved validation.
CVE-2020-9971: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Entry added December 14, 2020
libxpc
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A malicious application may be able to break out of its sandbox
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
CVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Logging
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A local attacker may be able to elevate their privileges
Description: A path handling issue was addressed with improved validation.
CVE-2020-10010: Tommy Muir (@Muirey03)
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A remote attacker may be able to unexpectedly alter application state
Description: This issue was addressed with improved checks.
CVE-2020-9941: Fabian Ising of FH Münster University of Applied Sciences and Damian Poddebniak of FH Münster University of Applied Sciences
Messages
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A local user may be able to discover a user's deleted messages
Description: The issue was addressed with improved deletion.
CVE-2020-9988: William Breuer of the Netherlands
3d slicer software cura. CVE-2020-9989: von Brunn Media
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-10011: Aleksandar Nikolic of Cisco Talos
Entry added December 14, 2020
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-13524: Aleksandar Nikolic of Cisco Talos
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution
Description: A logic issue was addressed with improved state management.
CVE-2020-10004: Aleksandar Nikolic of Cisco Talos
NetworkExtension
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A malicious application may be able to elevate privileges
Description: A use after free issue was addressed with improved memory management.
CVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and Mickey Jin of Trend Micro
NSRemoteView
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A sandboxed process may be able to circumvent sandbox restrictions
Description: A logic issue was addressed with improved restrictions.
CVE-2020-27901: Thijs Alkemade of Computest Research Division
Entry added December 14, 2020
NSRemoteView
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A malicious application may be able to preview files it does not have access to
Description: An issue existed in the handling of snapshots. The issue was resolved with improved permissions logic.
CVE-2020-27900: Thijs Alkemade of Computest Research Division
PCRE
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: Multiple issues in pcre
Description: Multiple issues were addressed by updating to version 8.44.
CVE-2019-20838
CVE-2020-14155
Power Management
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A malicious application may be able to determine kernel memory layout
Description: A logic issue was addressed with improved state management.
CVE-2020-10007: singi@theori working with Trend Micro Zero Day Initiative
python
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: Cookies belonging to one origin may be sent to another origin
Description: Multiple issues were addressed with improved logic.
CVE-2020-27896: an anonymous researcher
Quick Look
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A malicious app may be able to determine the existence of files on the computer
Description: The issue was addressed with improved handling of icon caches.
CVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security
Quick Look
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: Processing a maliciously crafted document may lead to a cross site scripting attack
Description: An access issue was addressed with improved access restrictions.
CVE-2020-10012: Heige of KnownSec 404 Team (https://www.knownsec.com/) and Bo Qu of Palo Alto Networks (https://www.paloaltonetworks.com/)
Ruby
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A remote attacker may be able to modify the file system
Description: A path handling issue was addressed with improved validation.
CVE-2020-27896: an anonymous researcher
Ruby
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: When parsing certain JSON documents, the json gem can be coerced into creating arbitrary objects in the target system
Description: This issue was addressed with improved checks.
CVE-2020-10663: Jeremy Evans
Safari
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: Visiting a malicious website may lead to address bar spoofing
Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
CVE-2020-9945: Narendra Bhati From Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati
Safari
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A malicious application may be able to determine a user's open tabs in Safari
Description: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement.
Antivirus For Macbook Pro
CVE-2020-9977: Josh Parnham (@joshparnham)
Safari
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with improved state management.
CVE-2020-9942: an anonymous researcher, Rahul d Kankrale (servicenger.com), Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter, Ruilin Yang of Tencent Security Xuanwu Lab, YoKo Kho (@YoKoAcc) of PT Telekomunikasi Indonesia (Persero) Tbk, Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab
Sandbox
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A local user may be able to view senstive user information
Description: An access issue was addressed with additional sandbox restrictions.
CVE-2020-9969: Wojciech Reguła of SecuRing (wojciechregula.blog)
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-9991
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A remote attacker may be able to leak memory
Description: An information disclosure issue was addressed with improved state management.
CVE-2020-9849
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed with improved checks.
CVE-2020-15358
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A maliciously crafted SQL query may lead to data corruption
Description: This issue was addressed with improved checks.
CVE-2020-13631
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-13434
CVE-2020-13435
CVE-2020-9991
SQLite
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A remote attacker may be able to cause arbitrary code execution
Description: A memory corruption issue was addressed with improved state management.
CVE-2020-13630
Symptom Framework
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A local attacker may be able to elevate their privileges
Description: A use after free issue was addressed with improved memory management.
CVE-2020-27899: 08Tc3wBB working with ZecOps
Entry added December 14, 2020
System Preferences
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A sandboxed process may be able to circumvent sandbox restrictions
Description: A logic issue was addressed with improved state management.
CVE-2020-10009: Thijs Alkemade of Computest Research Division
TCC
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A malicious application with root privileges may be able to access private information
Description: A logic issue was addressed with improved restrictions.
CVE-2020-10008: Wojciech Reguła of SecuRing (wojciechregula.blog)
Entry added December 14, 2020
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
CVE-2020-27918: Liu Long of Ant Security Light-Year Lab
Entry updated December 14, 2020
Wi-Fi
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Antivirus For Macbook Air 2015 Refurbished
Impact: An attacker may be able to bypass Managed Frame Protection
Description: A denial of service issue was addressed with improved state handling.
CVE-2020-27898: Stephan Marais of University of Johannesburg
XNU
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Does Macbook Air Need Antivirus
Impact: A sandboxed process may be able to circumvent sandbox restrictions
Description: Multiple issues were addressed with improved logic.
CVE-2020-27935: Lior Halphon (@LIJI32) Adobe premiere elements movie editing software.
Entry added December 17, 2020
Xsan
Available for: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)
Impact: A malicious application may be able to access restricted files
Description: This issue was addressed with improved entitlements.
CVE-2020-10006: Wojciech Reguła (@_r3ggi) of SecuRing
Additional recognition
802.1X
We would like to acknowledge Kenana Dalle of Hamad bin Khalifa University and Ryan Riley of Carnegie Mellon University in Qatar for their assistance.
Entry added December 14, 2020
Audio
We would like to acknowledge JunDong Xie and XingWei Lin of Ant-financial Light-Year Security Lab, an anonymous researcher for their assistance.
Bluetooth
We would like to acknowledge Andy Davis of NCC Group, Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their assistance.
Entry updated December 14, 2020
Clang
We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.
Core Location
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance.
Crash Reporter
We would like to acknowledge Artur Byszko of AFINE for their assistance.
Entry added December 14, 2020
Directory Utility
We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
iAP
We would like to acknowledge Andy Davis of NCC Group for their assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero, Stephen Röttger of Google for their assistance.
libxml2
We would like to acknowledge an anonymous researcher for their assistance.
Entry added December 14, 2020
Login Window
We would like to acknowledge Rob Morton of Leidos for their assistance.
Photos Storage
We would like to acknowledge Paulos Yibelo of LimeHats for their assistance.
Quick Look
We would like to acknowledge Csaba Fitzl (@theevilbit) and Wojciech Reguła of SecuRing (wojciechregula.blog) for their assistance.
Safari
We would like to acknowledge Gabriel Corona and Narendra Bhati From Suma Soft Pvt. Ltd. Pune (India) @imnarendrabhati for their assistance.
Security
We would like to acknowledge Christian Starkjohann of Objective Development Software GmbH for their assistance.
System Preferences
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
