Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2020-9964

Published: 16/10/2020 Updated: 09/01/2023
CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 437
Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N
Subscribe to Iphone Os

Vulnerability Summary

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. A local user may be able to read kernel memory.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple iphone os

apple ipados

Mailing Lists

Full Disclosure: APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 140 and iPadOS 140 <!--X-Subject-Header-E ...
Full Disclosure: APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2020-09-16-1 iOS 140 and iPadOS 140 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Apple Prod ...

Github Repositories

https://github.com/zhuowei/LearningIOSurfaceAccelerator

Learning how to use IOSurfaceAccelerator

Learning IOSurfaceAccelerator's comm output API Currently crashes on macOS 13 beta 22A5266r with a (non-exploitable) null pointer dereference with ASE (Apple Scaling Engine???) enabled, since I don't know how to use ASEProcessing to generate a set of valid ASE inbound params This calls the userspace IOSurfaceAccelerator framework instead of calling the userclient di

https://github.com/Swordfish-Security/awesome-ios-security

iOS Security Awesome В данном репозитории собранны материалы по безопасности iOS-приложений, различные статьи, исследования, инструменты анализа и полезные библиотеки/инструменты для обеспечения безопасности прилож

https://github.com/0x36/oob_events

kernel exploit for Apple iOS 13.X

oob_events The exploit uses two distinct vulnerabilities which I independently discovered and reported to Apple, CVE-2020-27905 which is a race condition leads to OOB read/write via arbitrary 32-bit index,and CVE-2020-9964 which is a kernel information leak bug

https://github.com/annapustovaya/Mobix

Android Security Awesome В данном репозитории собранны материалы по безопасности Android-приложений, различные статьи, исследования, инструменты анализа и полезные библиотеки/инструменты для обеспечения безопасности п

References

CWE-665https://support.apple.com/HT211850http://seclists.org/fulldisclosure/2020/Nov/20https://nvd.nist.govhttps://github.com/zhuowei/LearningIOSurfaceAcceleratorhttp://seclists.org/fulldisclosure/2020/Nov/20
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-1183hard-codedCVE-2024-28254CVE-2023-43790buffer overflowbypassCVE-2024-32633CVE-2024-1874CVE-2024-23558
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook