{"vulnerability": "CVE-2020-27950", "sightings": [{"uuid": "52ab62b9-200b-4bc6-bd71-e6849608e107", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27950", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:17.000000Z"}, {"uuid": "042ad33f-d93f-471a-83a1-7e342cb1b19b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27950", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "5d174c80-f661-4c4e-92b8-8287628263b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27950", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971144", "content": "", "creation_timestamp": "2024-12-24T20:24:54.296084Z"}, {"uuid": "ee7204bf-fc5d-4cee-995b-d606977414fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27950", "type": "seen", "source": "Telegram/fodeIPNgAWXbEjbKFrGMZ73RrT6mZHqsqbk_RhCKIOhfdDWB", "content": "", "creation_timestamp": "2025-03-02T11:45:36.000000Z"}, {"uuid": "31f6bd7a-f03a-4159-a7b2-c46f915fc70d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2020-27950", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=524", "content": "", "creation_timestamp": "2020-11-06T04:00:00.000000Z"}, {"uuid": "677a59f5-2e08-44f4-a07b-cad97aae8234", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27950", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:47.000000Z"}, {"uuid": "59ec882b-9e00-46e6-be45-aab54fa4ac05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2020-27950", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/apple-julkaisi-korjaavia-kriittisia-paivityksia-ios-laitteiden-0-paivahaavoihin", "content": "", "creation_timestamp": "2020-11-08T07:51:35.000000Z"}, {"uuid": "bde7ee55-dd85-473f-9c15-e439f7d5011d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2020-27950", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/e83fd66e-3f97-4c83-a632-c29d95ed22d3", "content": "", "creation_timestamp": "2026-02-02T12:28:36.526575Z"}, {"uuid": "413252dc-5e74-4441-8bfe-754a73c5d64e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27950", "type": "exploited", "source": "https://t.me/true_secator/1121", "content": "\u200b\u200b\u041a\u0430\u0437\u0430\u043b\u043e\u0441\u044c \u0431\u044b \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u043b\u0442\u043e\u0440\u0430 \u043c\u0435\u0441\u044f\u0446\u0430 \u043d\u0430\u0437\u0430\u0434 Apple \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 11 \u043e\u0448\u0438\u0431\u043e\u043a, \u0441\u0440\u0435\u0434\u0438 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0431\u044b\u043b\u0430 \u0438 \u0434\u043e\u043f\u0443\u0441\u043a\u0430\u044e\u0449\u0430\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430 (RCE). \u0418 \u0432\u043e\u0442 \u043e\u043f\u044f\u0442\u044c, \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u044b\u0435 \u0442\u0440\u0438 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u044f\u0431\u043b\u043e\u0447\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445. \n\n\u0412\u0447\u0435\u0440\u0430 Apple \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043e\u043a iOS, iPadOS \u0438 watchOS, \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0438 \u0442\u0440\u0438 \u043d\u043e\u0432\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u043b\u043e\u0441\u044c \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435 (!).\n\n\u0422\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u043d\u0435\u0442, \u043d\u043e \u043f\u043e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043a\u043e\u043c\u0430\u043d\u0434\u044b Google Project Zero, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 \u0434\u044b\u0440\u043a\u0438, \u044d\u0442\u043e \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438:\n\n- CVE-2020-27930 - \u043e\u0448\u0438\u0431\u043a\u0430 \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 FontParser, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a RCE;\n- CVE-2020-27932 - \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0430\u044f \u043a \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044e \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439;\n- CVE-2020-27950 - \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0430\u044f \u043a \u0443\u0442\u0435\u0447\u043a\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438\u0437 \u044f\u0434\u0440\u0430 \u041e\u0421.\n\n\u041e\u0447\u0435\u043d\u044c \u043d\u0435\u043f\u0440\u0438\u044f\u0442\u043d\u044b\u0435 \u043e\u0448\u0438\u0431\u043a\u0438, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e  \u0434\u0430\u0441\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u043f\u043e\u0434 \u0441\u0432\u043e\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c. \u0412\u0441\u0435\u043c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0441\u0440\u043e\u0447\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f. \u041c\u044b \u0443\u0436\u0435.", "creation_timestamp": "2020-11-06T10:46:03.000000Z"}, {"uuid": "56265856-29ff-494f-a276-72b02282b72a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27950", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2943", "content": "In-the-Wild Series: October 2020 0-day discovery for Android, Windows, iOS devices\nhttps://googleprojectzero.blogspot.com/2021/03/in-wild-series-october-2020-0-day.html\nPoCs:\nCVE-2020-15999\u00a0- Chrome Freetype heap buffer overflow\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2103\nCVE-2020-17087\u00a0- Windows heap buffer overflow in cng.sys\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2104\nCVE-2020-16009\u00a0- Chrome type confusion in V8\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2106\nCVE-2020-16010/16011\u00a0- Chrome heap buffer overflow\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2112\nCVE-2020-27930\u00a0- Safari arbitrary stack read/write\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2105\nCVE-2020-27950\u00a0- iOS XNU kernel memory disclosure\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2108\nCVE-2020-27932\u00a0- iOS kernel type confusion\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2107", "creation_timestamp": "2022-06-03T18:52:35.000000Z"}, {"uuid": "7b0fdfd1-d3f0-44ba-b768-631c5c4235cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27950", "type": "exploited", "source": "https://t.me/thehackernews/892", "content": "WARNING: Update your iOS devices now!\n\nApple releases emergency iOS update to patch 3 actively exploited 0-day vulnerabilities.\n\nRead details: https://thehackernews.com/2020/11/update-your-ios-devices-now-3-actively.html\n\n\u2705 CVE-2020-27930\n\u2705 CVE-2020-27932\n\u2705 CVE-2020-27950", "creation_timestamp": "2020-11-06T09:06:43.000000Z"}, {"uuid": "7cfb67b3-d255-498a-a65c-932fc3db9ce2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27950", "type": "seen", "source": "https://t.me/arvin_club/2957", "content": "WARNING: Update your iOS devices now!\n\nApple releases emergency iOS update to patch 3 actively exploited 0-day vulnerabilities.\n\nRead details: https://thehackernews.com/2020/11/update-your-ios-devices-now-3-actively.html\n\n\u2705 CVE-2020-27930\n\u2705 CVE-2020-27932\n\u2705 CVE-2020-27950", "creation_timestamp": "2020-11-06T15:57:15.000000Z"}, {"uuid": "d5b8617f-8fe9-4d05-8eb2-6302b581f4b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27950", "type": "published-proof-of-concept", "source": "https://t.me/androidMalware/1074", "content": "iOS 1-day hunting: uncovering and exploiting CVE-2020-27950 kernel memory leak\nhttps://www.synacktiv.com/publications/ios-1-day-hunting-uncovering-and-exploiting-cve-2020-27950-kernel-memory-leak.html", "creation_timestamp": "2020-12-14T14:15:44.000000Z"}, {"uuid": "c946f1c3-ff5d-4484-8bab-222e3a96580e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27950", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2212", "content": "IOS 1-Day Hunting:\nUncovering and Exploiting CVE-2020-27950 Kernel Memory Leak\nhttps://www.synacktiv.com/publications/ios-1-day-hunting-uncovering-and-exploiting-cve-2020-27950-kernel-memory-leak.html", "creation_timestamp": "2020-12-02T11:07:01.000000Z"}]}