Published: 02/04/2021 Updated: 09/01/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

This vulnerability allows remote malicious users to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AudioCodecs module. Crafted data in an MP4 file can trigger a write outside the bounds of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple mac os x
apple tvos
apple iphone os
apple watchos
apple ipados

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-12-14-3 macOS Big Sur 111, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave macOS Big Sur 111, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave addresses the following issues Information about the security content is also available at supp ...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 1101 macOS Big Sur 1101 addresses the following issues Information about the security content is also available at supportapplecom/HT211931 AMD Available for: Mac Pro (2013 and later), MacBook Air ( ...

CWE-125 https://support.apple.com/en-us/HT211929 https://support.apple.com/en-us/HT211928 https://support.apple.com/en-us/HT212011 https://support.apple.com/en-us/HT211931 https://support.apple.com/en-us/HT211930 https://nvd.nist.gov http://seclists.org/fulldisclosure/2020/Dec/26 https://www.zerodayinitiative.com/advisories/ZDI-21-375/

CVE-2020-27908

Vulnerability Summary

Vulnerability Trend

Mailing Lists

References

Vulmon Search

About

Products

Connect