{"vulnerability": "CVE-2020-2790", "sightings": [{"uuid": "654ee16f-8646-4996-a2b1-61f097aff164", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27900", "type": "seen", "source": "https://t.me/cibsecurity/17299", "content": "\u203c CVE-2020-27900 \u203c\n\nAn issue existed in the handling of snapshots. The issue was resolved with improved permissions logic. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to preview files it does not have access to.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T00:36:24.000000Z"}, {"uuid": "f3d05a3c-a976-4456-bf61-bb2de5a273f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27906", "type": "seen", "source": "https://t.me/cibsecurity/17298", "content": "\u203c CVE-2020-27906 \u203c\n\nMultiple integer overflows were addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1. A remote attacker may be able to cause unexpected application termination or heap corruption.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T00:36:23.000000Z"}, {"uuid": "47ed1008-7cae-4f1e-b971-ec998df74d43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27904", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/3318", "content": "BlackHat ASIA 2021:\nA tfp0 bug for macOS <=10.15.x (PoC for CVE-2020-27904)\nhttps://www.blackhat.com/asia-21/briefings/schedule/#the-price-of-compatibility-defeating-macos-kernel-using-extended-file-attributes-21799\n]-> PoC:\nhttps://github.com/pattern-f/xattr-oob-swap", "creation_timestamp": "2021-05-08T13:05:01.000000Z"}]}