CVE-2020-27950
Apple Multiple Products Memory Initialization Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
YesDecision
Descriptions
A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to disclose kernel memory.
Se abordó un problema de inicialización de la memoria. Este problema se corrigió en macOS Big Sur versión 11.0.1, watchOS versión 7.1, iOS versión 12.4.9, watchOS versión 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS versión 14.2 y iPadOS versión 14.2, watchOS versión 5.3.9, macOS Catalina versión 10.15.7 Supplemental Update, macOS Catalina versión 10.15.7 Update. Una aplicación maliciosa puede ser capaz de revelar la memoria del kernel
The XNU kernel suffers from a memory disclosure vulnerability in mach message trailers.
Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-10-27 CVE Reserved
- 2020-11-09 CVE Published
- 2020-12-01 First Exploit
- 2021-11-03 Exploited in Wild
- 2022-05-03 KEV Due Date
- 2024-08-04 CVE Updated
- 2024-11-14 EPSS Updated
CWE
- CWE-665: Improper Initialization
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/161296/XNU-Kernel-Mach-Message-Trailers-Memory-Disclosure.html | Third Party Advisory |
|
| http://seclists.org/fulldisclosure/2020/Dec/32 | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/synacktiv/CVE-2020-27950 | 2020-12-01 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.apple.com/en-us/HT211928 | 2021-02-11 | |
| https://support.apple.com/en-us/HT211929 | 2021-02-11 | |
| https://support.apple.com/en-us/HT211931 | 2021-02-11 | |
| https://support.apple.com/en-us/HT211940 | 2021-02-11 | |
| https://support.apple.com/en-us/HT211944 | 2021-02-11 | |
| https://support.apple.com/en-us/HT211945 | 2021-02-11 | |
| https://support.apple.com/en-us/HT211946 | 2021-02-11 | |
| https://support.apple.com/en-us/HT211947 | 2021-02-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Ipados Search vendor "Apple" for product "Ipados" | < 14.2 Search vendor "Apple" for product "Ipados" and version " < 14.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | < 12.4.9 Search vendor "Apple" for product "Iphone Os" and version " < 12.4.9" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | >= 14.0 < 14.2 Search vendor "Apple" for product "Iphone Os" and version " >= 14.0 < 14.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | < 10.15.7 Search vendor "Apple" for product "Macos" and version " < 10.15.7" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | >= 11.0 < 11.0.1 Search vendor "Apple" for product "Macos" and version " >= 11.0 < 11.0.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Watchos Search vendor "Apple" for product "Watchos" | < 5.3.9 Search vendor "Apple" for product "Watchos" and version " < 5.3.9" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Watchos Search vendor "Apple" for product "Watchos" | >= 6.0 < 6.2.9 Search vendor "Apple" for product "Watchos" and version " >= 6.0 < 6.2.9" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Watchos Search vendor "Apple" for product "Watchos" | >= 7.0 < 7.1 Search vendor "Apple" for product "Watchos" and version " >= 7.0 < 7.1" | - |
Affected
| ||||||