CVE-2020-27930
Apple Multiple Products Memory Corruption Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
YesDecision
Descriptions
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. Processing a maliciously crafted font may lead to arbitrary code execution.
Se abordó un problema de corrupción de la memoria con una comprobación de entrada mejorada. Este problema se corrigió en macOS Big Sur versión 11.0.1, watchOS versión 7.1, iOS versión 12.4.9, watchOS versión 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS versión 14.2 y iPadOS versión 14.2, watchOS versión 5.3.9, macOS Catalina versión 10.15.7 Supplemental Update, macOS Catalina versión 10.15.7 Update. El procesamiento de una fuente diseñada maliciosamente puede conllevar a una ejecución de código arbitraria
Apple Safari is susceptible to a remote code execution vulnerability via an undefined othersubr in Type 1 fonts handled by libType1Scaler.dylib on macOS and iOS.
Apple iOS, iPadOS, macOS, and watchOS FontParser contain a memory corruption vulnerability which may allow for code execution when processing maliciously crafted front.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-10-27 CVE Reserved
- 2020-11-09 CVE Published
- 2021-02-07 First Exploit
- 2021-11-03 Exploited in Wild
- 2022-05-03 KEV Due Date
- 2024-08-04 CVE Updated
- 2024-10-12 EPSS Updated
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (11)
URL | Tag | Source |
---|---|---|
http://packetstormsecurity.com/files/161294/Apple-Safari-Remote-Code-Execution.html | Third Party Advisory | |
http://seclists.org/fulldisclosure/2020/Dec/32 | Mailing List |
URL | Date | SRC |
---|---|---|
https://github.com/FunPhishing/Apple-Safari-Remote-Code-Execution-CVE-2020-27930 | 2021-02-07 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://support.apple.com/en-us/HT211928 | 2021-02-11 | |
https://support.apple.com/en-us/HT211929 | 2021-02-11 | |
https://support.apple.com/en-us/HT211931 | 2021-02-11 | |
https://support.apple.com/en-us/HT211940 | 2021-02-11 | |
https://support.apple.com/en-us/HT211944 | 2021-02-11 | |
https://support.apple.com/en-us/HT211945 | 2021-02-11 | |
https://support.apple.com/en-us/HT211946 | 2021-02-11 | |
https://support.apple.com/en-us/HT211947 | 2021-02-11 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apple Search vendor "Apple" | Ipados Search vendor "Apple" for product "Ipados" | < 14.2 Search vendor "Apple" for product "Ipados" and version " < 14.2" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | < 12.4.9 Search vendor "Apple" for product "Iphone Os" and version " < 12.4.9" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | >= 14.0 < 14.2 Search vendor "Apple" for product "Iphone Os" and version " >= 14.0 < 14.2" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | < 10.15.7 Search vendor "Apple" for product "Mac Os X" and version " < 10.15.7" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | >= 11.0 < 11.0.1 Search vendor "Apple" for product "Macos" and version " >= 11.0 < 11.0.1" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Watchos Search vendor "Apple" for product "Watchos" | < 5.3.9 Search vendor "Apple" for product "Watchos" and version " < 5.3.9" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Watchos Search vendor "Apple" for product "Watchos" | >= 6.0 < 6.2.9 Search vendor "Apple" for product "Watchos" and version " >= 6.0 < 6.2.9" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Watchos Search vendor "Apple" for product "Watchos" | >= 7.0 < 7.1 Search vendor "Apple" for product "Watchos" and version " >= 7.0 < 7.1" | - |
Affected
|