9.3

CVE-2020-27932

Warning

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to execute arbitrary code with kernel privileges.

Data is provided by the National Vulnerability Database (NVD)
AppleiCloud SwPlatformwindows Version < 11.5
AppleiTunes SwPlatformwindows Version < 12.11
AppleiPadOS Version < 14.2
AppleiPhone OS Version < 12.4.9
AppleiPhone OS Version >= 14.0 < 14.2
ApplemacOS X Version < 10.15.7
ApplemacOS Version >= 11.0 < 11.0.1
ApplewatchOS Version < 5.3.9
ApplewatchOS Version >= 6.0 < 6.2.9
ApplewatchOS Version >= 7.0 < 7.1

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apple Multiple Products Type Confusion Vulnerability

Vulnerability

Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges.

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.98% 0.828
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

http://seclists.org/fulldisclosure/2020/Dec/32
Third Party Advisory
Mailing List