CVE-2020-29611: 
macOS vulnerability analysis and mitigation

CVE-2020-29611 is an out-of-bounds write vulnerability discovered in Apple's ImageIO component that was disclosed and patched in December 2020. The vulnerability affects multiple Apple operating systems including iOS, iPadOS, tvOS, macOS, watchOS, and iCloud for Windows. When processing a maliciously crafted image, this vulnerability could lead to arbitrary code execution (Apple Support, NVD). The issue was discovered by Alexandru-Vlad Niculae working with Google Project Zero.

The vulnerability is classified as an out-of-bounds write issue in the ImageIO component that was addressed with improved bounds checking. It has a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is identified as CWE-787 (Out-of-bounds Write) (NVD).

If exploited, this vulnerability could allow an attacker to execute arbitrary code on the target system through processing a maliciously crafted image. This could potentially lead to unauthorized access and control of the affected device (Apple Support, Apple Support).

Apple addressed this vulnerability by releasing security updates across multiple platforms: iOS 14.3 and iPadOS 14.3, tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.2, and iCloud for Windows 12.0. Users are advised to update their devices to these versions or later to protect against this vulnerability (Apple Support, Apple Support).