cvelistv5 - cve-2020-27912

CVE-2020-27912 (GCVE-0-2020-27912)

Vulnerability from cvelistv5 – Published: 2020-12-08 20:10 – Updated: 2024-08-04 16:25

Summary

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution.

Severity ?

No CVSS data available.

CWE

Processing a maliciously crafted image may lead to arbitrary code execution

Assigner

apple

References

URL

Tags

	https://support.apple.com/en-us/HT211931	x_refsource_MISC
	https://support.apple.com/en-us/HT211935	x_refsource_MISC
	https://support.apple.com/en-us/HT211928	x_refsource_MISC
	https://support.apple.com/en-us/HT211929	x_refsource_MISC
	https://support.apple.com/en-us/HT211930	x_refsource_MISC
	https://support.apple.com/en-us/HT211933	x_refsource_MISC
	https://support.apple.com/kb/HT212011	x_refsource_CONFIRM
	http://seclists.org/fulldisclosure/2020/Dec/32	mailing-listx_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2020/Dec/26	mailing-listx_refsource_FULLDISC

Impacted products

Vendor

Product

Version

Apple

watchOS

Affected: unspecified , < 7.1 (custom)

Apple	iOS and iPadOS	Affected: unspecified , < 14.2 (custom)
Apple	tvOS	Affected: unspecified , < 14.2 (custom)
Apple	macOS	Affected: unspecified , < 11.0 (custom)
Apple	macOS	Affected: unspecified , < 12.11 (custom)
Apple	macOS	Affected: unspecified , < 11.5 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:25:43.896Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT211931"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT211935"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT211928"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT211929"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT211930"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT211933"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT212011"
          },
          {
            "name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2020/Dec/32"
          },
          {
            "name": "20201215 APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2020/Dec/26"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "7.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "11.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "12.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "11.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing a maliciously crafted image may lead to arbitrary code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-15T19:07:09",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT211931"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT211935"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT211928"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT211929"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT211930"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT211933"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT212011"
        },
        {
          "name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2020/Dec/32"
        },
        {
          "name": "20201215 APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2020/Dec/26"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2020-27912",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "watchOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "iOS and iPadOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "14.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "tvOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "14.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "11.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "12.11"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Processing a maliciously crafted image may lead to arbitrary code execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT211931",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT211931"
            },
            {
              "name": "https://support.apple.com/en-us/HT211935",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT211935"
            },
            {
              "name": "https://support.apple.com/en-us/HT211928",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT211928"
            },
            {
              "name": "https://support.apple.com/en-us/HT211929",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT211929"
            },
            {
              "name": "https://support.apple.com/en-us/HT211930",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT211930"
            },
            {
              "name": "https://support.apple.com/en-us/HT211933",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT211933"
            },
            {
              "name": "https://support.apple.com/kb/HT212011",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT212011"
            },
            {
              "name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2020/Dec/32"
            },
            {
              "name": "20201215 APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2020/Dec/26"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2020-27912",
    "datePublished": "2020-12-08T20:10:05",
    "dateReserved": "2020-10-27T00:00:00",
    "dateUpdated": "2024-08-04T16:25:43.896Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*\", \"versionEndExcluding\": \"11.5\", \"matchCriteriaId\": \"5AD2710B-E1DB-4D6C-9A0E-1EC033AEC709\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*\", \"versionEndExcluding\": \"12.11\", \"matchCriteriaId\": \"BB5256B0-7FBC-4A35-8E15-0C333EE0B366\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"14.2\", \"matchCriteriaId\": \"8768B67A-43ED-4726-A99F-A0A57A9A2CEC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"14.2\", \"matchCriteriaId\": \"468039C1-6A38-44D0-A0A1-294966117744\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.0.1\", \"matchCriteriaId\": \"F2EE75CC-3796-416A-9E58-64788BB89240\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"14.2\", \"matchCriteriaId\": \"25DF8721-B1E2-45AF-87FD-14AB02B5506A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.1\", \"matchCriteriaId\": \"845B0F8C-2958-4BD2-9141-DCF894AFB953\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution.\"}, {\"lang\": \"es\", \"value\": \"Se abord\\u00f3 una escritura fuera de l\\u00edmites con una comprobaci\\u00f3n de entrada mejorada.\u0026#xa0;Este problema se corrigi\\u00f3 en macOS Big Sur versi\\u00f3n 11.0.1, watchOS versi\\u00f3n 7.1, iOS versi\\u00f3n 14.2 y iPadOS versi\\u00f3n 14.2, iCloud para Windows versi\\u00f3n 11.5, tvOS versi\\u00f3n 14.2, iTunes versi\\u00f3n 12.11 para Windows.\u0026#xa0;El procesamiento de una imagen dise\\u00f1ada maliciosamente puede conllevar a una ejecuci\\u00f3n de c\\u00f3digo arbitraria\"}]",
      "id": "CVE-2020-27912",
      "lastModified": "2024-11-21T05:22:02.350",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2020-12-08T21:15:13.420",
      "references": "[{\"url\": \"http://seclists.org/fulldisclosure/2020/Dec/26\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2020/Dec/32\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT211928\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT211929\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT211930\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT211931\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT211933\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT211935\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT212011\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2020/Dec/26\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2020/Dec/32\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT211928\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT211929\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT211930\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT211931\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT211933\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT211935\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT212011\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-27912\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2020-12-08T21:15:13.420\",\"lastModified\":\"2024-11-21T05:22:02.350\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution.\"},{\"lang\":\"es\",\"value\":\"Se abord\u00f3 una escritura fuera de l\u00edmites con una comprobaci\u00f3n de entrada mejorada.\u0026#xa0;Este problema se corrigi\u00f3 en macOS Big Sur versi\u00f3n 11.0.1, watchOS versi\u00f3n 7.1, iOS versi\u00f3n 14.2 y iPadOS versi\u00f3n 14.2, iCloud para Windows versi\u00f3n 11.5, tvOS versi\u00f3n 14.2, iTunes versi\u00f3n 12.11 para Windows.\u0026#xa0;El procesamiento de una imagen dise\u00f1ada maliciosamente puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitraria\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"11.5\",\"matchCriteriaId\":\"5AD2710B-E1DB-4D6C-9A0E-1EC033AEC709\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"12.11\",\"matchCriteriaId\":\"BB5256B0-7FBC-4A35-8E15-0C333EE0B366\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"14.2\",\"matchCriteriaId\":\"8768B67A-43ED-4726-A99F-A0A57A9A2CEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"14.2\",\"matchCriteriaId\":\"468039C1-6A38-44D0-A0A1-294966117744\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.0.1\",\"matchCriteriaId\":\"F2EE75CC-3796-416A-9E58-64788BB89240\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"14.2\",\"matchCriteriaId\":\"25DF8721-B1E2-45AF-87FD-14AB02B5506A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.1\",\"matchCriteriaId\":\"845B0F8C-2958-4BD2-9141-DCF894AFB953\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2020/Dec/26\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2020/Dec/32\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT211928\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT211929\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT211930\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT211931\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT211933\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT211935\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT212011\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2020/Dec/26\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2020/Dec/32\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT211928\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT211929\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT211930\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT211931\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT211933\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT211935\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT212011\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2020-AVI-789

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Apple iCloud pour Windows. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	iCloud pour Windows 10 versions antérieures à 11.5

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT211935 du 3 décembre 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "iCloud pour Windows 10 versions ant\u00e9rieures \u00e0 11.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-13434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
    },
    {
      "name": "CVE-2020-27918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27918"
    },
    {
      "name": "CVE-2020-27912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27912"
    },
    {
      "name": "CVE-2020-9983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9983"
    },
    {
      "name": "CVE-2020-9951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9951"
    },
    {
      "name": "CVE-2020-27911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27911"
    },
    {
      "name": "CVE-2020-13630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
    },
    {
      "name": "CVE-2020-9849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9849"
    },
    {
      "name": "CVE-2020-10002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10002"
    },
    {
      "name": "CVE-2020-9876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9876"
    },
    {
      "name": "CVE-2020-9981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9981"
    },
    {
      "name": "CVE-2020-27917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27917"
    },
    {
      "name": "CVE-2020-13631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
    },
    {
      "name": "CVE-2020-9961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9961"
    },
    {
      "name": "CVE-2020-13435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13435"
    },
    {
      "name": "CVE-2020-9947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9947"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-789",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-12-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apple iCloud pour\nWindows. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iCloud pour Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211935 du 3 d\u00e9cembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211935"
    }
  ]
}

CERTFR-2020-AVI-789

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	iCloud pour Windows 10 versions antérieures à 11.5

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT211935 du 3 décembre 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "iCloud pour Windows 10 versions ant\u00e9rieures \u00e0 11.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-13434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
    },
    {
      "name": "CVE-2020-27918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27918"
    },
    {
      "name": "CVE-2020-27912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27912"
    },
    {
      "name": "CVE-2020-9983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9983"
    },
    {
      "name": "CVE-2020-9951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9951"
    },
    {
      "name": "CVE-2020-27911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27911"
    },
    {
      "name": "CVE-2020-13630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
    },
    {
      "name": "CVE-2020-9849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9849"
    },
    {
      "name": "CVE-2020-10002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10002"
    },
    {
      "name": "CVE-2020-9876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9876"
    },
    {
      "name": "CVE-2020-9981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9981"
    },
    {
      "name": "CVE-2020-27917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27917"
    },
    {
      "name": "CVE-2020-13631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
    },
    {
      "name": "CVE-2020-9961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9961"
    },
    {
      "name": "CVE-2020-13435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13435"
    },
    {
      "name": "CVE-2020-9947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9947"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-789",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-12-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apple iCloud pour\nWindows. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iCloud pour Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211935 du 3 d\u00e9cembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211935"
    }
  ]
}

CERTFR-2020-AVI-747

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	macOS High Sierra versions 10.13.x versions antérieures à 10.13.6
Apple	Safari	Safari versions antérieures à 14.0.1
Apple	macOS	macOS Mojave versions 10.14.x versions antérieures à 10.14.6
Apple	macOS	macOS Big Sur versions 11.0.x versions antérieures à 11.0.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT211934 du 12 novembre 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211946 du 12 novembre 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211931 du 12 novembre 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "macOS High Sierra versions 10.13.x versions ant\u00e9rieures \u00e0 10.13.6",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 14.0.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Mojave versions 10.14.x versions ant\u00e9rieures \u00e0 10.14.6",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Big Sur versions 11.0.x versions ant\u00e9rieures \u00e0 11.0.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-27903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27903"
    },
    {
      "name": "CVE-2020-9977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9977"
    },
    {
      "name": "CVE-2020-9945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9945"
    },
    {
      "name": "CVE-2020-9991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9991"
    },
    {
      "name": "CVE-2020-9941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9941"
    },
    {
      "name": "CVE-2020-9963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9963"
    },
    {
      "name": "CVE-2020-13434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
    },
    {
      "name": "CVE-2020-27894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27894"
    },
    {
      "name": "CVE-2020-9883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9883"
    },
    {
      "name": "CVE-2019-20838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20838"
    },
    {
      "name": "CVE-2020-27918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27918"
    },
    {
      "name": "CVE-2020-27912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27912"
    },
    {
      "name": "CVE-2020-9944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9944"
    },
    {
      "name": "CVE-2020-10016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10016"
    },
    {
      "name": "CVE-2020-9974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9974"
    },
    {
      "name": "CVE-2020-10003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10003"
    },
    {
      "name": "CVE-2020-27906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27906"
    },
    {
      "name": "CVE-2020-27950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27950"
    },
    {
      "name": "CVE-2020-27911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27911"
    },
    {
      "name": "CVE-2020-9988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9988"
    },
    {
      "name": "CVE-2020-13630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
    },
    {
      "name": "CVE-2020-10009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10009"
    },
    {
      "name": "CVE-2020-9849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9849"
    },
    {
      "name": "CVE-2020-27932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27932"
    },
    {
      "name": "CVE-2020-10002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10002"
    },
    {
      "name": "CVE-2020-9996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9996"
    },
    {
      "name": "CVE-2019-14899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14899"
    },
    {
      "name": "CVE-2020-27930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27930"
    },
    {
      "name": "CVE-2020-9876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9876"
    },
    {
      "name": "CVE-2020-9999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9999"
    },
    {
      "name": "CVE-2020-10014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10014"
    },
    {
      "name": "CVE-2020-9949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9949"
    },
    {
      "name": "CVE-2020-10006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10006"
    },
    {
      "name": "CVE-2020-15358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
    },
    {
      "name": "CVE-2020-9942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9942"
    },
    {
      "name": "CVE-2020-10007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10007"
    },
    {
      "name": "CVE-2020-10663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10663"
    },
    {
      "name": "CVE-2020-10004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10004"
    },
    {
      "name": "CVE-2020-9966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9966"
    },
    {
      "name": "CVE-2020-9965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9965"
    },
    {
      "name": "CVE-2020-13524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13524"
    },
    {
      "name": "CVE-2020-9969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9969"
    },
    {
      "name": "CVE-2020-27900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27900"
    },
    {
      "name": "CVE-2020-10012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10012"
    },
    {
      "name": "CVE-2020-27917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27917"
    },
    {
      "name": "CVE-2020-13631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
    },
    {
      "name": "CVE-2020-9989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9989"
    },
    {
      "name": "CVE-2020-27896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27896"
    },
    {
      "name": "CVE-2020-27904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27904"
    },
    {
      "name": "CVE-2020-27898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27898"
    },
    {
      "name": "CVE-2020-27916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27916"
    },
    {
      "name": "CVE-2020-14155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
    },
    {
      "name": "CVE-2020-10017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10017"
    },
    {
      "name": "CVE-2020-27910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27910"
    },
    {
      "name": "CVE-2020-10010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10010"
    },
    {
      "name": "CVE-2020-9943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9943"
    },
    {
      "name": "CVE-2020-27927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27927"
    },
    {
      "name": "CVE-2020-13435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13435"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-747",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-11-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211934 du 12 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211934"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211946 du 12 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211946"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211931 du 12 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211931"
    }
  ]
}

CERTFR-2020-AVI-717

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple iPadOS versions 14.x antérieures à 14.2
Apple	macOS	Apple macOS Catalina versions antérieures à 10.15.7
Apple	N/A	Apple tvOS versions 14.x antérieures à 14.2
Apple	N/A	Apple watchOS versions 7.x antérieures à 7.1
Apple	N/A	Apple watchOS versions 5.x antérieures à 5.3.9
Apple	N/A	Apple watchOS versions 6.x antérieures à 6.2.9
Apple	N/A	Apple iOS versions 14.x antérieures à 14.2
Apple	N/A	Apple iOS versions 12.x antérieures à 12.4.9

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT211945 du 05 novembre 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211930 du 05 novembre 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211947 du 05 novembre 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211944 du 05 novembre 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211929 du 05 novembre 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211940 du 05 novembre 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211928 du 05 novembre 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple iPadOS versions 14.x ant\u00e9rieures \u00e0 14.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple macOS Catalina versions ant\u00e9rieures \u00e0 10.15.7",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple tvOS versions 14.x ant\u00e9rieures \u00e0 14.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple watchOS versions 7.x ant\u00e9rieures \u00e0 7.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple watchOS versions 5.x ant\u00e9rieures \u00e0 5.3.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple watchOS versions 6.x ant\u00e9rieures \u00e0 6.2.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iOS versions 14.x ant\u00e9rieures \u00e0 14.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iOS versions 12.x ant\u00e9rieures \u00e0 12.4.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-10011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10011"
    },
    {
      "name": "CVE-2020-27918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27918"
    },
    {
      "name": "CVE-2020-27912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27912"
    },
    {
      "name": "CVE-2020-10016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10016"
    },
    {
      "name": "CVE-2020-9974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9974"
    },
    {
      "name": "CVE-2020-27909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27909"
    },
    {
      "name": "CVE-2020-10003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10003"
    },
    {
      "name": "CVE-2020-27950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27950"
    },
    {
      "name": "CVE-2020-27911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27911"
    },
    {
      "name": "CVE-2020-27925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27925"
    },
    {
      "name": "CVE-2020-27932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27932"
    },
    {
      "name": "CVE-2020-10002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10002"
    },
    {
      "name": "CVE-2020-27930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27930"
    },
    {
      "name": "CVE-2020-27926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27926"
    },
    {
      "name": "CVE-2020-10004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10004"
    },
    {
      "name": "CVE-2020-13524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13524"
    },
    {
      "name": "CVE-2020-27902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27902"
    },
    {
      "name": "CVE-2020-27917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27917"
    },
    {
      "name": "CVE-2020-27929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27929"
    },
    {
      "name": "CVE-2020-27905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27905"
    },
    {
      "name": "CVE-2020-27916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27916"
    },
    {
      "name": "CVE-2020-10017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10017"
    },
    {
      "name": "CVE-2020-27910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27910"
    },
    {
      "name": "CVE-2020-10010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10010"
    },
    {
      "name": "CVE-2020-27927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27927"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-717",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-11-06T00:00:00.000000"
    },
    {
      "description": "Correction coquille.",
      "revision_date": "2023-12-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211945 du 05 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211945"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211930 du 05 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211930"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211947 du 05 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211947"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211944 du 05 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211944"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211929 du 05 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211929"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211940 du 05 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211940"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211928 du 05 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211928"
    }
  ]
}

CERTFR-2020-AVI-747

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	macOS High Sierra versions 10.13.x versions antérieures à 10.13.6
Apple	Safari	Safari versions antérieures à 14.0.1
Apple	macOS	macOS Mojave versions 10.14.x versions antérieures à 10.14.6
Apple	macOS	macOS Big Sur versions 11.0.x versions antérieures à 11.0.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT211934 du 12 novembre 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211946 du 12 novembre 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211931 du 12 novembre 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "macOS High Sierra versions 10.13.x versions ant\u00e9rieures \u00e0 10.13.6",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 14.0.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Mojave versions 10.14.x versions ant\u00e9rieures \u00e0 10.14.6",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Big Sur versions 11.0.x versions ant\u00e9rieures \u00e0 11.0.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-27903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27903"
    },
    {
      "name": "CVE-2020-9977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9977"
    },
    {
      "name": "CVE-2020-9945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9945"
    },
    {
      "name": "CVE-2020-9991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9991"
    },
    {
      "name": "CVE-2020-9941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9941"
    },
    {
      "name": "CVE-2020-9963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9963"
    },
    {
      "name": "CVE-2020-13434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
    },
    {
      "name": "CVE-2020-27894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27894"
    },
    {
      "name": "CVE-2020-9883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9883"
    },
    {
      "name": "CVE-2019-20838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20838"
    },
    {
      "name": "CVE-2020-27918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27918"
    },
    {
      "name": "CVE-2020-27912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27912"
    },
    {
      "name": "CVE-2020-9944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9944"
    },
    {
      "name": "CVE-2020-10016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10016"
    },
    {
      "name": "CVE-2020-9974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9974"
    },
    {
      "name": "CVE-2020-10003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10003"
    },
    {
      "name": "CVE-2020-27906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27906"
    },
    {
      "name": "CVE-2020-27950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27950"
    },
    {
      "name": "CVE-2020-27911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27911"
    },
    {
      "name": "CVE-2020-9988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9988"
    },
    {
      "name": "CVE-2020-13630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
    },
    {
      "name": "CVE-2020-10009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10009"
    },
    {
      "name": "CVE-2020-9849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9849"
    },
    {
      "name": "CVE-2020-27932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27932"
    },
    {
      "name": "CVE-2020-10002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10002"
    },
    {
      "name": "CVE-2020-9996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9996"
    },
    {
      "name": "CVE-2019-14899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14899"
    },
    {
      "name": "CVE-2020-27930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27930"
    },
    {
      "name": "CVE-2020-9876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9876"
    },
    {
      "name": "CVE-2020-9999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9999"
    },
    {
      "name": "CVE-2020-10014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10014"
    },
    {
      "name": "CVE-2020-9949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9949"
    },
    {
      "name": "CVE-2020-10006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10006"
    },
    {
      "name": "CVE-2020-15358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
    },
    {
      "name": "CVE-2020-9942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9942"
    },
    {
      "name": "CVE-2020-10007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10007"
    },
    {
      "name": "CVE-2020-10663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10663"
    },
    {
      "name": "CVE-2020-10004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10004"
    },
    {
      "name": "CVE-2020-9966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9966"
    },
    {
      "name": "CVE-2020-9965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9965"
    },
    {
      "name": "CVE-2020-13524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13524"
    },
    {
      "name": "CVE-2020-9969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9969"
    },
    {
      "name": "CVE-2020-27900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27900"
    },
    {
      "name": "CVE-2020-10012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10012"
    },
    {
      "name": "CVE-2020-27917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27917"
    },
    {
      "name": "CVE-2020-13631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
    },
    {
      "name": "CVE-2020-9989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9989"
    },
    {
      "name": "CVE-2020-27896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27896"
    },
    {
      "name": "CVE-2020-27904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27904"
    },
    {
      "name": "CVE-2020-27898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27898"
    },
    {
      "name": "CVE-2020-27916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27916"
    },
    {
      "name": "CVE-2020-14155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
    },
    {
      "name": "CVE-2020-10017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10017"
    },
    {
      "name": "CVE-2020-27910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27910"
    },
    {
      "name": "CVE-2020-10010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10010"
    },
    {
      "name": "CVE-2020-9943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9943"
    },
    {
      "name": "CVE-2020-27927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27927"
    },
    {
      "name": "CVE-2020-13435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13435"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-747",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-11-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211934 du 12 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211934"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211946 du 12 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211946"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211931 du 12 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211931"
    }
  ]
}

CERTFR-2020-AVI-717

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple iPadOS versions 14.x antérieures à 14.2
Apple	macOS	Apple macOS Catalina versions antérieures à 10.15.7
Apple	N/A	Apple tvOS versions 14.x antérieures à 14.2
Apple	N/A	Apple watchOS versions 7.x antérieures à 7.1
Apple	N/A	Apple watchOS versions 5.x antérieures à 5.3.9
Apple	N/A	Apple watchOS versions 6.x antérieures à 6.2.9
Apple	N/A	Apple iOS versions 14.x antérieures à 14.2
Apple	N/A	Apple iOS versions 12.x antérieures à 12.4.9

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT211945 du 05 novembre 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211930 du 05 novembre 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211947 du 05 novembre 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211944 du 05 novembre 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211929 du 05 novembre 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211940 du 05 novembre 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211928 du 05 novembre 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple iPadOS versions 14.x ant\u00e9rieures \u00e0 14.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple macOS Catalina versions ant\u00e9rieures \u00e0 10.15.7",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple tvOS versions 14.x ant\u00e9rieures \u00e0 14.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple watchOS versions 7.x ant\u00e9rieures \u00e0 7.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple watchOS versions 5.x ant\u00e9rieures \u00e0 5.3.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple watchOS versions 6.x ant\u00e9rieures \u00e0 6.2.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iOS versions 14.x ant\u00e9rieures \u00e0 14.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iOS versions 12.x ant\u00e9rieures \u00e0 12.4.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-10011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10011"
    },
    {
      "name": "CVE-2020-27918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27918"
    },
    {
      "name": "CVE-2020-27912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27912"
    },
    {
      "name": "CVE-2020-10016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10016"
    },
    {
      "name": "CVE-2020-9974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9974"
    },
    {
      "name": "CVE-2020-27909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27909"
    },
    {
      "name": "CVE-2020-10003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10003"
    },
    {
      "name": "CVE-2020-27950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27950"
    },
    {
      "name": "CVE-2020-27911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27911"
    },
    {
      "name": "CVE-2020-27925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27925"
    },
    {
      "name": "CVE-2020-27932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27932"
    },
    {
      "name": "CVE-2020-10002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10002"
    },
    {
      "name": "CVE-2020-27930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27930"
    },
    {
      "name": "CVE-2020-27926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27926"
    },
    {
      "name": "CVE-2020-10004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10004"
    },
    {
      "name": "CVE-2020-13524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13524"
    },
    {
      "name": "CVE-2020-27902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27902"
    },
    {
      "name": "CVE-2020-27917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27917"
    },
    {
      "name": "CVE-2020-27929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27929"
    },
    {
      "name": "CVE-2020-27905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27905"
    },
    {
      "name": "CVE-2020-27916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27916"
    },
    {
      "name": "CVE-2020-10017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10017"
    },
    {
      "name": "CVE-2020-27910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27910"
    },
    {
      "name": "CVE-2020-10010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10010"
    },
    {
      "name": "CVE-2020-27927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27927"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-717",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-11-06T00:00:00.000000"
    },
    {
      "description": "Correction coquille.",
      "revision_date": "2023-12-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211945 du 05 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211945"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211930 du 05 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211930"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211947 du 05 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211947"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211944 du 05 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211944"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211929 du 05 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211929"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211940 du 05 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211940"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211928 du 05 novembre 2020",
      "url": "https://support.apple.com/fr-fr/HT211928"
    }
  ]
}

GHSA-CRRF-7WCM-2C9M

Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2022-05-24 17:35

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-27912"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-08T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution.",
  "id": "GHSA-crrf-7wcm-2c9m",
  "modified": "2022-05-24T17:35:42Z",
  "published": "2022-05-24T17:35:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27912"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT211928"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT211929"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT211930"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT211931"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT211933"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT211935"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212011"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2020/Dec/26"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2020/Dec/32"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-202012-0760

Vulnerability from variot - Updated: 2023-12-18 11:31

APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave

macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212011.

AMD Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2020-27914: Yu Wang of Didi Research America CVE-2020-27915: Yu Wang of Didi Research America

App Store Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: An application may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab

AppleGraphicsControl Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A validation issue was addressed with improved logic. CVE-2020-27941: shrek_wzw

AppleMobileFileIntegrity Available for: macOS Big Sur 11.0.1 Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed with improved checks. CVE-2020-29621: Wojciech Reguła (@_r3ggi) of SecuRing

Audio Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light- Year Lab

Audio Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9943: JunDong Xie of Ant Security Light-Year Lab

Audio Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9944: JunDong Xie of Ant Security Light-Year Lab

Audio Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab

Bluetooth Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: A remote attacker may be able to cause unexpected application termination or heap corruption Description: Multiple integer overflows were addressed with improved input validation. CVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab

CoreAudio Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-27948: JunDong Xie of Ant Security Light-Year Lab

CoreAudio Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9960: JunDong Xie and XingWei Lin of Ant Security Light-Year Lab CVE-2020-27908: JunDong Xie and XingWei Lin of Ant Security Light- Year Lab

CoreAudio Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-10017: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Security Light-Year Lab

CoreText Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2020-27922: Mickey Jin of Trend Micro

FontParser Available for: macOS Big Sur 11.0.1 Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An information disclosure issue was addressed with improved state management. CVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of Trend Micro

FontParser Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile Security Research Team working with Trend Micro’s Zero Day Initiative

FontParser Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. CVE-2020-27931: Apple CVE-2020-27943: Mateusz Jurczyk of Google Project Zero CVE-2020-27944: Mateusz Jurczyk of Google Project Zero

Foundation Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: A local user may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2020-10002: James Hutchins

Graphics Drivers Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2020-27947: ABC Research s.r.o. working with Trend Micro Zero Day Initiative

Graphics Drivers Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-29612: ABC Research s.r.o. working with Trend Micro Zero Day Initiative

HomeKit Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: An attacker in a privileged network position may be able to unexpectedly alter application state Description: This issue was addressed with improved setting propagation. CVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana University Bloomington, Yan Jia of Xidian University and University of Chinese Academy of Sciences, and Bin Yuan of HuaZhong University of Science and Technology

Image Processing Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei Lin of Ant Security Light-Year Lab

ImageIO Available for: macOS Big Sur 11.0.1 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2020-29616: zhouat working with Trend Micro Zero Day Initiative

ImageIO Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-27924: Lei Sun CVE-2020-29618: XingWei Lin of Ant Security Light-Year Lab

ImageIO Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-29611: Ivan Fratric of Google Project Zero

ImageIO Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1 Impact: Processing a maliciously crafted image may lead to heap corruption Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-29617: XingWei Lin of Ant Security Light-Year Lab CVE-2020-29619: XingWei Lin of Ant Security Light-Year Lab

ImageIO Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab CVE-2020-27923: Lei Sun

Intel Graphics Driver Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day Initiative CVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington

Intel Graphics Driver Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day Initiative

Kernel Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: A malicious application may be able to determine kernel memory layout Description: A logic issue was addressed with improved state management. CVE-2020-9974: Tommy Muir (@Muirey03)

Kernel Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2020-10016: Alex Helie

Kernel Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2020-9967: Alex Plaskett (@alexjplaskett)

Kernel Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9975: Tielei Wang of Pangu Lab

Kernel Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2020-27921: Linus Henze (pinauten.de)

Kernel Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1 Impact: A malicious application may cause unexpected changes in memory belonging to processes traced by DTrace Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2020-27949: Steffen Klee (@_kleest) of TU Darmstadt, Secure Mobile Networking Lab

Kernel Available for: macOS Big Sur 11.0.1 Impact: A malicious application may be able to elevate privileges Description: This issue was addressed with improved entitlements. CVE-2020-29620: Csaba Fitzl (@theevilbit) of Offensive Security

libxml2 Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow was addressed through improved input validation. CVE-2020-27911: found by OSS-Fuzz

libxml2 Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: Processing maliciously crafted web content may lead to code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-27926: found by OSS-Fuzz

libxpc Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: A malicious application may be able to break out of its sandbox Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab

Logging Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: A local attacker may be able to elevate their privileges Description: A path handling issue was addressed with improved validation. CVE-2020-10010: Tommy Muir (@Muirey03)

Model I/O Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-13524: Aleksandar Nikolic of Cisco Talos

Model I/O Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2020-10004: Aleksandar Nikolic of Cisco Talos

NSRemoteView Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved restrictions. CVE-2020-27901: Thijs Alkemade of Computest Research Division

Power Management Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: A malicious application may be able to determine kernel memory layout Description: A logic issue was addressed with improved state management. CVE-2020-10007: singi@theori working with Trend Micro Zero Day Initiative

Quick Look Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: Processing a maliciously crafted document may lead to a cross site scripting attack Description: An access issue was addressed with improved access restrictions. CVE-2020-10012: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)

Ruby Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: A remote attacker may be able to modify the file system Description: A path handling issue was addressed with improved validation. CVE-2020-27896: an anonymous researcher

System Preferences Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved state management. CVE-2020-15969: an anonymous researcher

Wi-Fi Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: An attacker may be able to bypass Managed Frame Protection Description: A denial of service issue was addressed with improved state handling. CVE-2020-27898: Stephan Marais of University of Johannesburg

Installation note:

macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl/YBj8ACgkQZcsbuWJ6 jjCVjw//QGrhMvU+nyuS1UwWs7rcqDJDNh0Zb7yUJali2Bdc9/l++i2pLFbmAwes 7AYCag+T3h3aP7YJAN13zb8KBmUcmnWkWupfx8kEGqHxSXnQTXvaEI59RyCobOCj OVPtboPMH1d94+6dABMp9kiLAHoZezm3hdF8ShT2Hqgq2TB16wZsa/EvhJVSaduA 7RttG6EHBTin6UU3M/+vcfJWqkg4O0YuZpQaconDa5Pd81jpUMeduzfRvS5i+PVS cehtHPWjCN15+sQ29q11yhP3v+sYh0DJEl2LWaBnDo2TlC1gHx70H5ZsAFLHChcd rXkl1tm6GV3UWVhFq0jQc1DP+IwbuL6jHI/wIjYx7itk9XECppyhhiuImOaLiIUH CBgAjwVHY1GUdTH97iPEQFF61v3sjpRLleLMZW7+9ZTt4pEDwMVHk9vKgVK5BUa6 lrKWtBHL3AtaXtxC9y8XGe3IYEBLAszHMUJfF1BR+D/niDRlztvoj72/3PPwtk2t tuUE9RGzpSXCQ1CX6vW7zS2ddVmQfJqcPX721k4OVpFNlMXkjZkm2Q/xwr5qq99v Up9BA+ITksthGYfGAY5bBV1LsjK1NtdNHQGpZe4l9bu4ONgUvmL8iBb/LnS6wKB1 HGcdHEmXvbx+Akl/fvTdG8RSvyoYuFJHkuYv0DMWiri8yN1q+C4= =osnP -----END PGP SIGNATURE-----

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2

iOS 14.2 and iPadOS 14.2 are now available and address the following issues. Apple is aware of reports that an exploit for this issue exists in the wild. Apple is aware of reports that an exploit for this issue exists in the wild. Apple is aware of reports that an exploit for this issue exists in the wild. CVE-2020-27918: an anonymous researcher

Safari We would like to acknowledge Gabriel Corona for their assistance.

Installation note:

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About. The version after applying this update will be "iOS 14.2 and iPadOS 14.2"

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202012-0760",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.2"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.2"
      },
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.11"
      },
      {
        "model": "icloud",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.5"
      },
      {
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0.1"
      },
      {
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.2"
      },
      {
        "model": "apple mac os x",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "tvos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": "7.1"
      },
      {
        "model": "itunes",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "ios",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "icloud",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": "(apple watch series 3  or later )"
      },
      {
        "model": "ipados",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-014238"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-27912"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.11",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-27912"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "159969"
      },
      {
        "db": "PACKETSTORM",
        "id": "160538"
      },
      {
        "db": "PACKETSTORM",
        "id": "159953"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-596"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2020-27912",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2020-27912",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-372023",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2020-27912",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-27912",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202011-596",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-372023",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-27912",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-372023"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-27912"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-014238"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-27912"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-596"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution. Apple watchOS is a smart watch operating system developed by Apple (Apple). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001\nCatalina, Security Update 2020-007 Mojave\n\nmacOS Big Sur 11.1, Security Update 2020-001 Catalina, Security\nUpdate 2020-007 Mojave addresses the following issues. Information\nabout the security content is also available at\nhttps://support.apple.com/HT212011. \n\nAMD\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2020-27914: Yu Wang of Didi Research America\nCVE-2020-27915: Yu Wang of Didi Research America\n\nApp Store\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: An application may be able to gain elevated privileges\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2020-27903: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nAppleGraphicsControl\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS\nBig Sur 11.0.1\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A validation issue was addressed with improved logic. \nCVE-2020-27941: shrek_wzw\n\nAppleMobileFileIntegrity\nAvailable for: macOS Big Sur 11.0.1\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: This issue was addressed with improved checks. \nCVE-2020-29621: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nAudio\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-27910: JunDong Xie and XingWei Lin of Ant Security Light-\nYear Lab\n\nAudio\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: A malicious application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9943: JunDong Xie of Ant Security Light-Year Lab\n\nAudio\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9944: JunDong Xie of Ant Security Light-Year Lab\n\nAudio\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2020-27916: JunDong Xie of Ant Security Light-Year Lab\n\nBluetooth\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: A remote attacker may be able to cause unexpected application\ntermination or heap corruption\nDescription: Multiple integer overflows were addressed with improved\ninput validation. \nCVE-2020-27906: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong\nSecurity Lab\n\nCoreAudio\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS\nBig Sur 11.0.1\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-27948: JunDong Xie of Ant Security Light-Year Lab\n\nCoreAudio\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-9960: JunDong Xie and XingWei Lin of Ant Security Light-Year\nLab\nCVE-2020-27908: JunDong Xie and XingWei Lin of Ant Security Light-\nYear Lab\n\nCoreAudio\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2020-10017: Francis working with Trend Micro Zero Day Initiative,\nJunDong Xie of Ant Security Light-Year Lab\n\nCoreText\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-27922: Mickey Jin of Trend Micro\n\nFontParser\nAvailable for: macOS Big Sur 11.0.1\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: An information disclosure issue was addressed with\nimproved state management. \nCVE-2020-27952: an anonymous researcher, Mickey Jin and Junzhi Lu of\nTrend Micro\n\nFontParser\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-9956: Mickey Jin and Junzhi Lu of Trend Micro Mobile\nSecurity Research Team working with Trend Micro\u2019s Zero Day Initiative\n\nFontParser\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS\nBig Sur 11.0.1\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nfont files. \nCVE-2020-27931: Apple\nCVE-2020-27943: Mateusz Jurczyk of Google Project Zero\nCVE-2020-27944: Mateusz Jurczyk of Google Project Zero\n\nFoundation\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: A local user may be able to read arbitrary files\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-10002: James Hutchins\n\nGraphics Drivers\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS\nBig Sur 11.0.1\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2020-27947: ABC Research s.r.o. working with Trend Micro Zero Day\nInitiative\n\nGraphics Drivers\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS\nBig Sur 11.0.1\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-29612: ABC Research s.r.o. working with Trend Micro Zero Day\nInitiative\n\nHomeKit\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: An attacker in a privileged network position may be able to\nunexpectedly alter application state\nDescription: This issue was addressed with improved setting\npropagation. \nCVE-2020-9978: Luyi Xing, Dongfang Zhao, and Xiaofeng Wang of Indiana\nUniversity Bloomington, Yan Jia of Xidian University and University\nof Chinese Academy of Sciences, and Bin Yuan of HuaZhong University\nof Science and Technology\n\nImage Processing\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2020-27919: Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Xingwei\nLin of Ant Security Light-Year Lab\n\nImageIO\nAvailable for: macOS Big Sur 11.0.1\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2020-29616: zhouat working with Trend Micro Zero Day Initiative\n\nImageIO\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS\nBig Sur 11.0.1\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-27924: Lei Sun\nCVE-2020-29618: XingWei Lin of Ant Security Light-Year Lab\n\nImageIO\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS\nBig Sur 11.0.1\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-29611: Ivan Fratric of Google Project Zero\n\nImageIO\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS\nBig Sur 11.0.1\nImpact: Processing a maliciously crafted image may lead to heap\ncorruption\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-29617: XingWei Lin of Ant Security Light-Year Lab\nCVE-2020-29619: XingWei Lin of Ant Security Light-Year Lab\n\nImageIO\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2020-27923: Lei Sun\n\nIntel Graphics Driver\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-10015: ABC Research s.r.o. working with Trend Micro Zero Day\nInitiative\nCVE-2020-27897: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. \nand Luyi Xing of Indiana University Bloomington\n\nIntel Graphics Driver\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2020-27907: ABC Research s.r.o. working with Trend Micro Zero Day\nInitiative\n\nKernel\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-9974: Tommy Muir (@Muirey03)\n\nKernel\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2020-10016: Alex Helie\n\nKernel\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \nCVE-2020-9967: Alex Plaskett (@alexjplaskett)\n\nKernel\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-9975: Tielei Wang of Pangu Lab\n\nKernel\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2020-27921: Linus Henze (pinauten.de)\n\nKernel\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS\nBig Sur 11.0.1\nImpact: A malicious application may cause unexpected changes in\nmemory belonging to processes traced by DTrace\nDescription: This issue was addressed with improved checks to prevent\nunauthorized actions. \nCVE-2020-27949: Steffen Klee (@_kleest) of TU Darmstadt, Secure\nMobile Networking Lab\n\nKernel\nAvailable for: macOS Big Sur 11.0.1\nImpact: A malicious application may be able to elevate privileges\nDescription: This issue was addressed with improved entitlements. \nCVE-2020-29620: Csaba Fitzl (@theevilbit) of Offensive Security\n\nlibxml2\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An integer overflow was addressed through improved input\nvalidation. \nCVE-2020-27911: found by OSS-Fuzz\n\nlibxml2\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-27926: found by OSS-Fuzz\n\nlibxpc\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2020-10014: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nLogging\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: A local attacker may be able to elevate their privileges\nDescription: A path handling issue was addressed with improved\nvalidation. \nCVE-2020-10010: Tommy Muir (@Muirey03)\n\nModel I/O\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-13524: Aleksandar Nikolic of Cisco Talos\n\nModel I/O\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-10004: Aleksandar Nikolic of Cisco Talos\n\nNSRemoteView\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-27901: Thijs Alkemade of Computest Research Division\n\nPower Management\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-10007: singi@theori working with Trend Micro Zero Day\nInitiative\n\nQuick Look\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: Processing a maliciously crafted document may lead to a cross\nsite scripting attack\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2020-10012: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu\nof Palo Alto Networks (paloaltonetworks.com)\n\nRuby\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: A remote attacker may be able to modify the file system\nDescription: A path handling issue was addressed with improved\nvalidation. \nCVE-2020-27896: an anonymous researcher\n\nSystem Preferences\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-15969: an anonymous researcher\n\nWi-Fi\nAvailable for: macOS Mojave 10.14.6, macOS Catalina 10.15.7\nImpact: An attacker may be able to bypass Managed Frame Protection\nDescription: A denial of service issue was addressed with improved\nstate handling. \nCVE-2020-27898: Stephan Marais of University of Johannesburg\n\nInstallation note:\n\nmacOS Big Sur 11.1, Security Update 2020-001 Catalina, Security\nUpdate 2020-007 Mojave may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl/YBj8ACgkQZcsbuWJ6\njjCVjw//QGrhMvU+nyuS1UwWs7rcqDJDNh0Zb7yUJali2Bdc9/l++i2pLFbmAwes\n7AYCag+T3h3aP7YJAN13zb8KBmUcmnWkWupfx8kEGqHxSXnQTXvaEI59RyCobOCj\nOVPtboPMH1d94+6dABMp9kiLAHoZezm3hdF8ShT2Hqgq2TB16wZsa/EvhJVSaduA\n7RttG6EHBTin6UU3M/+vcfJWqkg4O0YuZpQaconDa5Pd81jpUMeduzfRvS5i+PVS\ncehtHPWjCN15+sQ29q11yhP3v+sYh0DJEl2LWaBnDo2TlC1gHx70H5ZsAFLHChcd\nrXkl1tm6GV3UWVhFq0jQc1DP+IwbuL6jHI/wIjYx7itk9XECppyhhiuImOaLiIUH\nCBgAjwVHY1GUdTH97iPEQFF61v3sjpRLleLMZW7+9ZTt4pEDwMVHk9vKgVK5BUa6\nlrKWtBHL3AtaXtxC9y8XGe3IYEBLAszHMUJfF1BR+D/niDRlztvoj72/3PPwtk2t\ntuUE9RGzpSXCQ1CX6vW7zS2ddVmQfJqcPX721k4OVpFNlMXkjZkm2Q/xwr5qq99v\nUp9BA+ITksthGYfGAY5bBV1LsjK1NtdNHQGpZe4l9bu4ONgUvmL8iBb/LnS6wKB1\nHGcdHEmXvbx+Akl/fvTdG8RSvyoYuFJHkuYv0DMWiri8yN1q+C4=\n=osnP\n-----END PGP SIGNATURE-----\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2020-11-05-1 iOS 14.2 and iPadOS 14.2\n\niOS 14.2 and iPadOS 14.2 are now available and address the following\nissues. Apple is aware of reports that an exploit for this\nissue exists in the wild. Apple is aware of reports that an exploit for this issue\nexists in the wild. Apple is aware of reports that an exploit for\nthis issue exists in the wild. \nCVE-2020-27918: an anonymous researcher\n\nSafari\nWe would like to acknowledge Gabriel Corona for their assistance. \n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"iOS 14.2 and iPadOS 14.2\"",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-27912"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-014238"
      },
      {
        "db": "VULHUB",
        "id": "VHN-372023"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-27912"
      },
      {
        "db": "PACKETSTORM",
        "id": "159969"
      },
      {
        "db": "PACKETSTORM",
        "id": "160538"
      },
      {
        "db": "PACKETSTORM",
        "id": "159953"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-372023",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-372023"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-27912",
        "trust": 2.9
      },
      {
        "db": "PACKETSTORM",
        "id": "159953",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "160538",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU99462952",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU92370378",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95288122",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-014238",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-596",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4060",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3911",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4060.2",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "159969",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-372023",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-27912",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-372023"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-27912"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-014238"
      },
      {
        "db": "PACKETSTORM",
        "id": "159969"
      },
      {
        "db": "PACKETSTORM",
        "id": "160538"
      },
      {
        "db": "PACKETSTORM",
        "id": "159953"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-27912"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-596"
      }
    ]
  },
  "id": "VAR-202012-0760",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-372023"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:31:43.552000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT211935 Apple\u00a0 Security update",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht211928"
      },
      {
        "title": "Apple iCloud for Windows Repair measures for injecting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=135715"
      },
      {
        "title": "Apple: iOS 14.2 and iPadOS 14.2",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=8c27ebbc791f1c182e7dcb7772454cb7"
      },
      {
        "title": "Apple: macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=60a51a6d3f600c46241622f208f75bff"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-27912"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-014238"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-596"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.1
      },
      {
        "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-372023"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-014238"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-27912"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://support.apple.com/en-us/ht211933"
      },
      {
        "trust": 2.4,
        "url": "https://support.apple.com/en-us/ht211935"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht212011"
      },
      {
        "trust": 1.8,
        "url": "http://seclists.org/fulldisclosure/2020/dec/26"
      },
      {
        "trust": 1.8,
        "url": "http://seclists.org/fulldisclosure/2020/dec/32"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht211928"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht211929"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht211930"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht211931"
      },
      {
        "trust": 1.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27912"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu99462952/"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu92370378/"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu95288122/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3911/"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/kb/ht211928"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4060/"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/kb/ht211933"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/160538/apple-security-advisory-2020-12-14-3.html"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht212011"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159953/apple-security-advisory-2020-11-05-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-ios-14-multiple-vulnerabilities-33841"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-34108"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4060.2/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10002"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10017"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27916"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10010"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27911"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10016"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27910"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27918"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27909"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10003"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27917"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27927"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27905"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9974"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13524"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10004"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/787.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht211929"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht211930."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10014"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27903"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27897"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27907"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10015"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15969"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27901"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27896"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212011."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27898"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27914"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27908"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10009"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27915"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10012"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27906"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10007"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27926"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27925"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27902"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10011"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27930"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27932"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27950"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht211929."
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-372023"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-27912"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-014238"
      },
      {
        "db": "PACKETSTORM",
        "id": "159969"
      },
      {
        "db": "PACKETSTORM",
        "id": "160538"
      },
      {
        "db": "PACKETSTORM",
        "id": "159953"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-27912"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-596"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-372023"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-27912"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-014238"
      },
      {
        "db": "PACKETSTORM",
        "id": "159969"
      },
      {
        "db": "PACKETSTORM",
        "id": "160538"
      },
      {
        "db": "PACKETSTORM",
        "id": "159953"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-27912"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-596"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-12-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-372023"
      },
      {
        "date": "2020-12-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-27912"
      },
      {
        "date": "2021-08-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-014238"
      },
      {
        "date": "2020-11-09T18:59:25",
        "db": "PACKETSTORM",
        "id": "159969"
      },
      {
        "date": "2020-12-16T17:58:29",
        "db": "PACKETSTORM",
        "id": "160538"
      },
      {
        "date": "2020-11-09T18:10:20",
        "db": "PACKETSTORM",
        "id": "159953"
      },
      {
        "date": "2020-12-08T21:15:13.420000",
        "db": "NVD",
        "id": "CVE-2020-27912"
      },
      {
        "date": "2020-11-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202011-596"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-03-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-372023"
      },
      {
        "date": "2021-03-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-27912"
      },
      {
        "date": "2021-08-12T07:57:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-014238"
      },
      {
        "date": "2021-03-10T14:54:26.837000",
        "db": "NVD",
        "id": "CVE-2020-27912"
      },
      {
        "date": "2021-11-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202011-596"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-596"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural \u00a0Apple\u00a0 Out-of-bounds write vulnerabilities in the product",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-014238"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202011-596"
      }
    ],
    "trust": 0.6
  }
}

GSD-2020-27912

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2020-27912

Aliases

CVE-2020-27912

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-27912",
    "description": "An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution.",
    "id": "GSD-2020-27912"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-27912"
      ],
      "details": "An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution.",
      "id": "GSD-2020-27912",
      "modified": "2023-12-13T01:22:11.207412Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2020-27912",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "watchOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "7.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "iOS and iPadOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "14.2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "tvOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "14.2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "11.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "12.11"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "11.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Processing a maliciously crafted image may lead to arbitrary code execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/en-us/HT211931",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT211931"
          },
          {
            "name": "https://support.apple.com/en-us/HT211935",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT211935"
          },
          {
            "name": "https://support.apple.com/en-us/HT211928",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT211928"
          },
          {
            "name": "https://support.apple.com/en-us/HT211929",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT211929"
          },
          {
            "name": "https://support.apple.com/en-us/HT211930",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT211930"
          },
          {
            "name": "https://support.apple.com/en-us/HT211933",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT211933"
          },
          {
            "name": "https://support.apple.com/kb/HT212011",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT212011"
          },
          {
            "name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2020/Dec/32"
          },
          {
            "name": "20201215 APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2020/Dec/26"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.11",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2020-27912"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT211929",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT211929"
            },
            {
              "name": "https://support.apple.com/en-us/HT211928",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT211928"
            },
            {
              "name": "https://support.apple.com/en-us/HT211935",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT211935"
            },
            {
              "name": "https://support.apple.com/en-us/HT211931",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT211931"
            },
            {
              "name": "https://support.apple.com/en-us/HT211933",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT211933"
            },
            {
              "name": "https://support.apple.com/en-us/HT211930",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT211930"
            },
            {
              "name": "https://support.apple.com/kb/HT212011",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/kb/HT212011"
            },
            {
              "name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2020/Dec/32"
            },
            {
              "name": "20201215 APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2020/Dec/26"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-03-10T14:54Z",
      "publishedDate": "2020-12-08T21:15Z"
    }
  }
}

FKIE_CVE-2020-27912

Vulnerability from fkie_nvd - Published: 2020-12-08 21:15 - Updated: 2024-11-21 05:22

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
product-security@apple.com	http://seclists.org/fulldisclosure/2020/Dec/26	Mailing List, Third Party Advisory
product-security@apple.com	http://seclists.org/fulldisclosure/2020/Dec/32	Mailing List, Third Party Advisory
product-security@apple.com	https://support.apple.com/en-us/HT211928	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT211929	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT211930	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT211931	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT211933	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT211935	Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT212011	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2020/Dec/26	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2020/Dec/32	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT211928	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT211929	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT211930	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT211931	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT211933	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT211935	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT212011	Vendor Advisory

Impacted products

Vendor	Product	Version
apple	icloud	*
apple	itunes	*
apple	ipados	*
apple	iphone_os	*
apple	macos	*
apple	tvos	*
apple	watchos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "5AD2710B-E1DB-4D6C-9A0E-1EC033AEC709",
              "versionEndExcluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BB5256B0-7FBC-4A35-8E15-0C333EE0B366",
              "versionEndExcluding": "12.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8768B67A-43ED-4726-A99F-A0A57A9A2CEC",
              "versionEndExcluding": "14.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "468039C1-6A38-44D0-A0A1-294966117744",
              "versionEndExcluding": "14.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2EE75CC-3796-416A-9E58-64788BB89240",
              "versionEndExcluding": "11.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "25DF8721-B1E2-45AF-87FD-14AB02B5506A",
              "versionEndExcluding": "14.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "845B0F8C-2958-4BD2-9141-DCF894AFB953",
              "versionEndExcluding": "7.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution."
    },
    {
      "lang": "es",
      "value": "Se abord\u00f3 una escritura fuera de l\u00edmites con una comprobaci\u00f3n de entrada mejorada.\u0026#xa0;Este problema se corrigi\u00f3 en macOS Big Sur versi\u00f3n 11.0.1, watchOS versi\u00f3n 7.1, iOS versi\u00f3n 14.2 y iPadOS versi\u00f3n 14.2, iCloud para Windows versi\u00f3n 11.5, tvOS versi\u00f3n 14.2, iTunes versi\u00f3n 12.11 para Windows.\u0026#xa0;El procesamiento de una imagen dise\u00f1ada maliciosamente puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitraria"
    }
  ],
  "id": "CVE-2020-27912",
  "lastModified": "2024-11-21T05:22:02.350",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-08T21:15:13.420",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2020/Dec/26"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2020/Dec/32"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT211928"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT211929"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT211930"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT211931"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT211933"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT211935"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT212011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2020/Dec/26"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2020/Dec/32"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT211928"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT211929"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT211930"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT211931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT211933"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT211935"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT212011"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-27912 (GCVE-0-2020-27912)

Solution

Solution

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature