CVE-2020-27932
Apple Multiple Products Type Confusion Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
YesDecision
Descriptions
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to execute arbitrary code with kernel privileges.
Se abordó un problema de confusión de tipos con un manejo de estado mejorado. Este problema se corrigió en macOS Big Sur versión 11.0.1, watchOS versión 7.1, iOS versión 12.4.9, watchOS versión 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS versión 14.2 y iPadOS versión 14.2, watchOS versión 5.3.9, macOS Catalina versión 10.15.7 Supplemental Update, macOS Catalina versión 10.15.7 Update. Una aplicación maliciosa puede ser capaz de ejecutar código arbitrario con privilegios kernel
The XNU kernel suffers from a type confusion vulnerability in turnstiles.
Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-10-27 CVE Reserved
- 2020-11-09 CVE Published
- 2021-11-03 Exploited in Wild
- 2022-05-03 KEV Due Date
- 2023-08-24 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- First Exploit
CWE
- CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/161295/XNU-Kernel-Turnstiles-Type-Confusion.html | Third Party Advisory |
|
| http://seclists.org/fulldisclosure/2020/Dec/32 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.apple.com/en-us/HT211928 | 2021-02-11 | |
| https://support.apple.com/en-us/HT211929 | 2021-02-11 | |
| https://support.apple.com/en-us/HT211931 | 2021-02-11 | |
| https://support.apple.com/en-us/HT211940 | 2021-02-11 | |
| https://support.apple.com/en-us/HT211944 | 2021-02-11 | |
| https://support.apple.com/en-us/HT211945 | 2021-02-11 | |
| https://support.apple.com/en-us/HT211946 | 2021-02-11 | |
| https://support.apple.com/en-us/HT211947 | 2021-02-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Icloud Search vendor "Apple" for product "Icloud" | < 11.5 Search vendor "Apple" for product "Icloud" and version " < 11.5" | windows |
Affected
| ||||||
| Apple Search vendor "Apple" | Itunes Search vendor "Apple" for product "Itunes" | < 12.11 Search vendor "Apple" for product "Itunes" and version " < 12.11" | windows |
Affected
| ||||||
| Apple Search vendor "Apple" | Ipados Search vendor "Apple" for product "Ipados" | < 14.2 Search vendor "Apple" for product "Ipados" and version " < 14.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | < 12.4.9 Search vendor "Apple" for product "Iphone Os" and version " < 12.4.9" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | >= 14.0 < 14.2 Search vendor "Apple" for product "Iphone Os" and version " >= 14.0 < 14.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | < 10.15.7 Search vendor "Apple" for product "Mac Os X" and version " < 10.15.7" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | >= 11.0 < 11.0.1 Search vendor "Apple" for product "Macos" and version " >= 11.0 < 11.0.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Watchos Search vendor "Apple" for product "Watchos" | < 5.3.9 Search vendor "Apple" for product "Watchos" and version " < 5.3.9" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Watchos Search vendor "Apple" for product "Watchos" | >= 6.0 < 6.2.9 Search vendor "Apple" for product "Watchos" and version " >= 6.0 < 6.2.9" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Watchos Search vendor "Apple" for product "Watchos" | >= 7.0 < 7.1 Search vendor "Apple" for product "Watchos" and version " >= 7.0 < 7.1" | - |
Affected
| ||||||