Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2020-27932

Published: 08/12/2020 Updated: 11/02/2021
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 829
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Apple

Vulnerability Summary

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to execute arbitrary code with kernel privileges.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple icloud

apple itunes

apple ipados

apple iphone os

apple mac os x

apple macos

apple watchos

Mailing Lists

Full Disclosure: APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 1101 <!--X-Subject-Header-End-- ...
Full Disclosure: APPLE-SA-2020-11-05-2 iOS 12.4.9
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2020-11-05-2 iOS 1249 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Apple Product Security v ...

Recent Articles

Apple emits iOS, iPadOS, watchOS, macOS patches to fix three hijack-my-device flaws exploited in the wild
The Register • Thomas Claburn in San Francisco • 05 Nov 2020

Trio of bugs reported by Google Project Zero, plenty of other flaws addressed Here's a neat exploit to trick someone into inadvertently emailing their files to you from their Mac, iPhone via Safari

Apple on Thursday issued security updates for iOS, iPadOS, watchOS, and macOS that address three holes reported by Google's Project Zero bug hunters among exploitable flaws found by others. Installing the latest software for your iPhone, iPad and so on will address these programming blunders. The iPhone giant's security bulletins note that the three flaws discovered and reported by Project Zero – CVE-2020-27930 (remote-code execution), CVE-2020-27950 (kernel memory leak), and CVE-2020-27932 (k...

Read more...

References

CWE-843https://support.apple.com/en-us/HT211929https://support.apple.com/en-us/HT211928https://support.apple.com/en-us/HT211947https://support.apple.com/en-us/HT211946https://support.apple.com/en-us/HT211931https://support.apple.com/en-us/HT211945https://support.apple.com/en-us/HT211944https://support.apple.com/en-us/HT211940http://seclists.org/fulldisclosure/2020/Dec/32http://packetstormsecurity.com/files/161295/XNU-Kernel-Turnstiles-Type-Confusion.htmlhttps://nvd.nist.govhttps://www.theregister.co.uk/2020/11/05/apple_drops_patches_to_fix/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook