var-202006-1623
Vulnerability from variot
A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause a denial of service. plural Apple The product has a flaw in input verification, which interferes with service operation. (DoS) Vulnerability exists.Service operation disrupted by a remote attacker (DoS) It may be put into a state. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple macOS Catalina is a dedicated operating system developed for Mac computers. Accounts is one of the user account components. A security vulnerability exists in the Accounts component of several Apple products. The following products and versions are affected: Apple macOS Catalina prior to 10.15.5; iOS prior to 13.5; iPadOS prior to 13.5; tvOS prior to 13.4.5; watchOS prior to 6.2.5. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software."
To check the current version of software, select "Settings -> General -> About." -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64
iQIcBAEDCAAGBQJezV7eAAoJEAc+Lhnt8tDNGUEQAIqcHvrOcVu90wELj4q9d2Z/ LwyOmEKZu0s5QO5d2XuusXQig7etS+hQg4y4IEBc6+FbeHQ6geksjn4CEs0y1hs2 cIQHtXqOes5QRZx4joMGqC6rsS2U+DoSxtsxyKDrzhWCBJdz18JXG/5AdLQn9Zo4 QvUVVwNX61QiFGlUd5lL9QZWrh+FBxgilex7H9YpCVSzcTN5xcbe48zVjhpU/UFn KKKRK15aTzGqhmJ1zhvYUVLal4tfWV52QzWNbUW2UlPGxFORNpYKXCmQILk8eQGj FqIIjGrVcGYPnCDKbMfh24rEilYMzhDrQNg06uokgilPAUXC937lI88+G56Ayl9n ABOK/i04ni1FrmGkwRf/VEW6WV7k3bpXi5UTUZZCplfk19PoH8MIk1wUZ8AzActr lxK5DeHPKAG5Pl3dzkqKT8lQ/9aSozken7yQNz7AIo5Ib1ik88er4uu/SjV5CRka e0t8tkoL8MLIpMqUUpt7j+HgqB/R8VBQ6lBK0Jds2NI84XWXRTHF7UeeVo/BYoTj gdUqhL1B3vdIizxSemmbx70wVoHLU//JONHLJNE6dfGdNWeKHcqKfzZPbXo/4Hq/ ZDNj/cDOJTmChYqvG/Qi7AHlKACWpYMNnRsa6hMt99z24hdvPg2LP4ANf7Gi6Sq6 CnECyJL8Va3625vOipPF =ceKY -----END PGP SIGNATURE-----
. CVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt
AppleMobileFileIntegrity Available for: Apple Watch Series 1 and later Impact: An application may be able to use arbitrary entitlements Description: This issue was addressed with improved checks. CVE-2020-9842: Linus Henze (pinauten.de)
Audio Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative
Audio Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative
CoreText Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted text message may lead to application denial of service Description: A validation issue was addressed with improved input sanitization. CVE-2020-9829: Aaron Perris (@aaronp613), an anonymous researcher, an anonymous researcher, Carlos S Tech, Sam Menzies of Sam’s Lounge, Sufiyan Gouri of Lovely Professional University, India, Suleman Hasan Rathor of Arabic-Classroom.com
FontParser Available for: Apple Watch Series 1 and later Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend Micro Zero Day Initiative
ImageIO Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-3878: Samuel Groß of Google Project Zero
ImageIO Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9789: Wenchao Li of VARAS@IIE CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab
Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab
Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to determine another application's memory layout Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2020-9797: an anonymous researcher
Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An integer overflow was addressed through improved input validation. CVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab
Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team
Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A memory corruption issue was addressed with improved state management. CVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab
Kernel Available for: Apple Watch Series 1 and later Impact: A local user may be able to read kernel memory Description: An information disclosure issue was addressed with improved state management. CVE-2020-9811: Tielei Wang of Pangu Lab CVE-2020-9812: Derrek (@derrekr6)
Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A logic issue existed resulting in memory corruption. CVE-2020-9813: Xinru Chi of Pangu Lab CVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab
Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to determine kernel memory layout Description: An information disclosure issue was addressed with improved state management. CVE-2020-9809: Benjamin Randazzo (@____benjamin)
Mail Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted mail message may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2020-9819: ZecOps.com
Mail Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9818: ZecOps.com
Python Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2020-9793
SQLite Available for: Apple Watch Series 1 and later Impact: A malicious application may cause a denial of service or potentially disclose memory contents Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9794
System Preferences Available for: Apple Watch Series 1 and later Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with improved state handling. CVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative
WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved restrictions. CVE-2020-9805: an anonymous researcher
WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A logic issue was addressed with improved restrictions. CVE-2020-9802: Samuel Groß of Google Project Zero
WebKit Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to cause arbitrary code execution Description: A logic issue was addressed with improved restrictions. CVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative
WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2020-9843: Ryan Pickren (ryanpickren.com)
WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2020-9803: Wen Xu of SSLab at Georgia Tech
WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2020-9806: Wen Xu of SSLab at Georgia Tech CVE-2020-9807: Wen Xu of SSLab at Georgia Tech
WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative
WebRTC Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An access issue was addressed with improved memory management. CVE-2019-20503: Natalie Silvanovich of Google Project Zero
zsh Available for: Apple Watch Series 1 and later Impact: A local attacker may be able to elevate their privileges Description: An authorization issue was addressed with improved state management. CVE-2019-20044: Sam Foxman
Additional recognition
CoreText We would like to acknowledge Jiska Classen (@naehrdine) and Dennis Heinze (@ttdennis) of Secure Mobile Networking Lab for their assistance.
ImageIO We would like to acknowledge Lei Sun for their assistance.
IOHIDFamily We would like to acknowledge Andy Davis of NCC Group for their assistance.
Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.
Safari We would like to acknowledge Luke Walker of Manchester Metropolitan University for their assistance.
WebKit We would like to acknowledge Aidan Dunlap of UT Austin for their assistance.
Installation note:
Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64
iQIcBAEDCAAGBQJezV7iAAoJEAc+Lhnt8tDNOiEP/10y27pTK/QbuSGW7HnZoJjg f2sHKU0JBCz7BjdgZHl6g+glsYPTojGGlIEa/r0ID9X74I41YS3cGvzmTQXcSdXV Xbs98UPjabCZOMiTW/LBxx25I78UptqhMhisrXnNXfu+lAYOxmJVQ0vbN9jd9za9 oKw1ydIi4aGfwPg8KOtMbxzE8wb8+SsRlHmXGh4qSmJ0o5BIvumdPMQRInM5Sdhp d/XWrgc7SPKervyfgvlylWE3KteDDSkk8d42wN4444pLQkVrKnaxGKHjWz01jcMF 1uB9ExsQbINGeR78wu8hD1wZke735shCwSyHHlSVf0iT/Ji3Zafy5dN79lMH5M8t x6ZmvDaPtNXGTaH41oTqsmyVoauy8ArWVMAuyi/ZdM6tM4J+7nEEAhrzvVOJ/0A2 nTdGZBDUeUmDLpcJwGw4h8MCYNqscHYNAPUJ2sLfyQhT6lC71yvJeKENwsK77hTC ZP+TFZbnbq7kETD/JknhGb8eC4DQ71NmlRNWpfKBId5bvXLRqiP/WHtwQk6XYCBN YNEOAUltQd4vKAI1ozjMh+RTI0EHNxTZCWJPawEkk2WhAytz+js+nJB4R9kp6N+k GghA5YOwLr/RveIzgm3fWEXOCR7b+7qxic+DPPULycnpdhDglbBWr4p8giQufnS2 2yHIY1iRg2jjw5hArbVE =9PNQ -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1623",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.4.5"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.5"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.5"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "6.2.5"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.5"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.4.5 \u672a\u6e80 (apple tv 4k)"
},
{
"model": "ipados",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.5.1 \u672a\u6e80 (ipad air 2 \u4ee5\u964d)"
},
{
"model": "ipados",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.5.1 \u672a\u6e80 (ipad mini 4 \u4ee5\u964d)"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "6.2.5 \u672a\u6e80 (apple watch series 1 \u4ee5\u964d)"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.4.5 \u672a\u6e80 (apple tv hd)"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.15.4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.5.1 \u672a\u6e80 (iphone 6s \u4ee5\u964d)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.5.1 \u672a\u6e80 (ipod touch \u7b2c 7 \u4e16\u4ee3)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006221"
},
{
"db": "NVD",
"id": "CVE-2020-9827"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:ipados",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:apple_tv",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:watchos",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006221"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "157883"
},
{
"db": "PACKETSTORM",
"id": "157879"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1329"
}
],
"trust": 0.8
},
"cve": "CVE-2020-9827",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-9827",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-006221",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-187952",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-9827",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-006221",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-9827",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006221",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-1329",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-187952",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187952"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006221"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1329"
},
{
"db": "NVD",
"id": "CVE-2020-9827"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause a denial of service. plural Apple The product has a flaw in input verification, which interferes with service operation. (DoS) Vulnerability exists.Service operation disrupted by a remote attacker (DoS) It may be put into a state. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple macOS Catalina is a dedicated operating system developed for Mac computers. Accounts is one of the user account components. A security vulnerability exists in the Accounts component of several Apple products. The following products and versions are affected: Apple macOS Catalina prior to 10.15.5; iOS prior to 13.5; iPadOS prior to 13.5; tvOS prior to 13.4.5; watchOS prior to 6.2.5. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e System -\u003e Software Update -\u003e Update Software.\"\n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About.\"\n-----BEGIN PGP SIGNATURE-----\nVersion: BCPG v1.64\n\niQIcBAEDCAAGBQJezV7eAAoJEAc+Lhnt8tDNGUEQAIqcHvrOcVu90wELj4q9d2Z/\nLwyOmEKZu0s5QO5d2XuusXQig7etS+hQg4y4IEBc6+FbeHQ6geksjn4CEs0y1hs2\ncIQHtXqOes5QRZx4joMGqC6rsS2U+DoSxtsxyKDrzhWCBJdz18JXG/5AdLQn9Zo4\nQvUVVwNX61QiFGlUd5lL9QZWrh+FBxgilex7H9YpCVSzcTN5xcbe48zVjhpU/UFn\nKKKRK15aTzGqhmJ1zhvYUVLal4tfWV52QzWNbUW2UlPGxFORNpYKXCmQILk8eQGj\nFqIIjGrVcGYPnCDKbMfh24rEilYMzhDrQNg06uokgilPAUXC937lI88+G56Ayl9n\nABOK/i04ni1FrmGkwRf/VEW6WV7k3bpXi5UTUZZCplfk19PoH8MIk1wUZ8AzActr\nlxK5DeHPKAG5Pl3dzkqKT8lQ/9aSozken7yQNz7AIo5Ib1ik88er4uu/SjV5CRka\ne0t8tkoL8MLIpMqUUpt7j+HgqB/R8VBQ6lBK0Jds2NI84XWXRTHF7UeeVo/BYoTj\ngdUqhL1B3vdIizxSemmbx70wVoHLU//JONHLJNE6dfGdNWeKHcqKfzZPbXo/4Hq/\nZDNj/cDOJTmChYqvG/Qi7AHlKACWpYMNnRsa6hMt99z24hdvPg2LP4ANf7Gi6Sq6\nCnECyJL8Va3625vOipPF\n=ceKY\n-----END PGP SIGNATURE-----\n\n\n\n. \nCVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt\n\nAppleMobileFileIntegrity\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to use arbitrary entitlements\nDescription: This issue was addressed with improved checks. \nCVE-2020-9842: Linus Henze (pinauten.de)\n\nAudio\nAvailable for: Apple Watch Series 1 and later\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero\nDay Initiative\n\nAudio\nAvailable for: Apple Watch Series 1 and later\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero\nDay Initiative\n\nCoreText\nAvailable for: Apple Watch Series 1 and later\nImpact: Processing a maliciously crafted text message may lead to\napplication denial of service\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2020-9829: Aaron Perris (@aaronp613), an anonymous researcher, an\nanonymous researcher, Carlos S Tech, Sam Menzies of Sam\u2019s Lounge,\nSufiyan Gouri of Lovely Professional University, India, Suleman Hasan\nRathor of Arabic-Classroom.com\n\nFontParser\nAvailable for: Apple Watch Series 1 and later\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend\nMicro Zero Day Initiative\n\nImageIO\nAvailable for: Apple Watch Series 1 and later\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-3878: Samuel Gro\u00df of Google Project Zero\n\nImageIO\nAvailable for: Apple Watch Series 1 and later\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9789: Wenchao Li of VARAS@IIE\nCVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nKernel\nAvailable for: Apple Watch Series 1 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab\n\nKernel\nAvailable for: Apple Watch Series 1 and later\nImpact: A malicious application may be able to determine another\napplication\u0027s memory layout\nDescription: An information disclosure issue was addressed by\nremoving the vulnerable code. \nCVE-2020-9797: an anonymous researcher\n\nKernel\nAvailable for: Apple Watch Series 1 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An integer overflow was addressed through improved input\nvalidation. \nCVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab\n\nKernel\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team\n\nKernel\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to cause unexpected system\ntermination or write kernel memory\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab\n\nKernel\nAvailable for: Apple Watch Series 1 and later\nImpact: A local user may be able to read kernel memory\nDescription: An information disclosure issue was addressed with\nimproved state management. \nCVE-2020-9811: Tielei Wang of Pangu Lab\nCVE-2020-9812: Derrek (@derrekr6)\n\nKernel\nAvailable for: Apple Watch Series 1 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A logic issue existed resulting in memory corruption. \nCVE-2020-9813: Xinru Chi of Pangu Lab\nCVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab\n\nKernel\nAvailable for: Apple Watch Series 1 and later\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An information disclosure issue was addressed with\nimproved state management. \nCVE-2020-9809: Benjamin Randazzo (@____benjamin)\n\nMail\nAvailable for: Apple Watch Series 1 and later\nImpact: Processing a maliciously crafted mail message may lead to\nheap corruption\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2020-9819: ZecOps.com\n\nMail\nAvailable for: Apple Watch Series 1 and later\nImpact: Processing a maliciously crafted mail message may lead to\nunexpected memory modification or application termination\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9818: ZecOps.com\n\nPython\nAvailable for: Apple Watch Series 1 and later\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2020-9793\n\nSQLite\nAvailable for: Apple Watch Series 1 and later\nImpact: A malicious application may cause a denial of service or\npotentially disclose memory contents\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9794\n\nSystem Preferences\nAvailable for: Apple Watch Series 1 and later\nImpact: An application may be able to gain elevated privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of\n@SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\nWebKit\nAvailable for: Apple Watch Series 1 and later\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-9805: an anonymous researcher\n\nWebKit\nAvailable for: Apple Watch Series 1 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-9802: Samuel Gro\u00df of Google Project Zero\n\nWebKit\nAvailable for: Apple Watch Series 1 and later\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of\n@SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\nWebKit\nAvailable for: Apple Watch Series 1 and later\nImpact: Processing maliciously crafted web content may lead to a\ncross site scripting attack\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2020-9843: Ryan Pickren (ryanpickren.com)\n\nWebKit\nAvailable for: Apple Watch Series 1 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2020-9803: Wen Xu of SSLab at Georgia Tech\n\nWebKit\nAvailable for: Apple Watch Series 1 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2020-9806: Wen Xu of SSLab at Georgia Tech\nCVE-2020-9807: Wen Xu of SSLab at Georgia Tech\n\nWebKit\nAvailable for: Apple Watch Series 1 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro\nZero Day Initiative\n\nWebRTC\nAvailable for: Apple Watch Series 1 and later\nImpact: Processing maliciously crafted web content may result in the\ndisclosure of process memory\nDescription: An access issue was addressed with improved memory\nmanagement. \nCVE-2019-20503: Natalie Silvanovich of Google Project Zero\n\nzsh\nAvailable for: Apple Watch Series 1 and later\nImpact: A local attacker may be able to elevate their privileges\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2019-20044: Sam Foxman\n\nAdditional recognition\n\nCoreText\nWe would like to acknowledge Jiska Classen (@naehrdine) and Dennis\nHeinze (@ttdennis) of Secure Mobile Networking Lab for their\nassistance. \n\nImageIO\nWe would like to acknowledge Lei Sun for their assistance. \n\nIOHIDFamily\nWe would like to acknowledge Andy Davis of NCC Group for their\nassistance. \n\nKernel\nWe would like to acknowledge Brandon Azad of Google Project Zero for\ntheir assistance. \n\nSafari\nWe would like to acknowledge Luke Walker of Manchester Metropolitan\nUniversity for their assistance. \n\nWebKit\nWe would like to acknowledge Aidan Dunlap of UT Austin for their\nassistance. \n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n-----BEGIN PGP SIGNATURE-----\nVersion: BCPG v1.64\n\niQIcBAEDCAAGBQJezV7iAAoJEAc+Lhnt8tDNOiEP/10y27pTK/QbuSGW7HnZoJjg\nf2sHKU0JBCz7BjdgZHl6g+glsYPTojGGlIEa/r0ID9X74I41YS3cGvzmTQXcSdXV\nXbs98UPjabCZOMiTW/LBxx25I78UptqhMhisrXnNXfu+lAYOxmJVQ0vbN9jd9za9\noKw1ydIi4aGfwPg8KOtMbxzE8wb8+SsRlHmXGh4qSmJ0o5BIvumdPMQRInM5Sdhp\nd/XWrgc7SPKervyfgvlylWE3KteDDSkk8d42wN4444pLQkVrKnaxGKHjWz01jcMF\n1uB9ExsQbINGeR78wu8hD1wZke735shCwSyHHlSVf0iT/Ji3Zafy5dN79lMH5M8t\nx6ZmvDaPtNXGTaH41oTqsmyVoauy8ArWVMAuyi/ZdM6tM4J+7nEEAhrzvVOJ/0A2\nnTdGZBDUeUmDLpcJwGw4h8MCYNqscHYNAPUJ2sLfyQhT6lC71yvJeKENwsK77hTC\nZP+TFZbnbq7kETD/JknhGb8eC4DQ71NmlRNWpfKBId5bvXLRqiP/WHtwQk6XYCBN\nYNEOAUltQd4vKAI1ozjMh+RTI0EHNxTZCWJPawEkk2WhAytz+js+nJB4R9kp6N+k\nGghA5YOwLr/RveIzgm3fWEXOCR7b+7qxic+DPPULycnpdhDglbBWr4p8giQufnS2\n2yHIY1iRg2jjw5hArbVE\n=9PNQ\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9827"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006221"
},
{
"db": "VULHUB",
"id": "VHN-187952"
},
{
"db": "PACKETSTORM",
"id": "157883"
},
{
"db": "PACKETSTORM",
"id": "157879"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-9827",
"trust": 2.7
},
{
"db": "JVN",
"id": "JVNVU98042162",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006221",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1329",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157883",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "48615",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1861",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-30752",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-187952",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157879",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187952"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006221"
},
{
"db": "PACKETSTORM",
"id": "157883"
},
{
"db": "PACKETSTORM",
"id": "157879"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1329"
},
{
"db": "NVD",
"id": "CVE-2020-9827"
}
]
},
"id": "VAR-202006-1623",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-187952"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:20:24.790000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT211168",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT211168"
},
{
"title": "HT211170",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT211170"
},
{
"title": "HT211171",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT211171"
},
{
"title": "HT211175",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT211175"
},
{
"title": "HT211170",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT211170"
},
{
"title": "HT211171",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT211171"
},
{
"title": "HT211175",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT211175"
},
{
"title": "HT211168",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT211168"
},
{
"title": "Multiple Apple product Accounts Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119895"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006221"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1329"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9827"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.apple.com/ht211168"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht211170"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht211171"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht211175"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9827"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9827"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu98042162/index.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/kb/ht211168"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1861/"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht211170"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48615"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-32343"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht211168"
},
{
"trust": 0.6,
"url": "https://support.apple.com/kb/ht211170"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157883/apple-security-advisory-2020-05-26-4.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9807"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9809"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9806"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9813"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9795"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9814"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9811"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9802"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9797"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9791"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9808"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20503"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9790"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9821"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9800"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9816"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9789"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20044"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3878"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9805"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9803"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9815"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9793"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9794"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9812"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9829"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9837"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9819"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9818"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187952"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006221"
},
{
"db": "PACKETSTORM",
"id": "157883"
},
{
"db": "PACKETSTORM",
"id": "157879"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1329"
},
{
"db": "NVD",
"id": "CVE-2020-9827"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-187952"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006221"
},
{
"db": "PACKETSTORM",
"id": "157883"
},
{
"db": "PACKETSTORM",
"id": "157879"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1329"
},
{
"db": "NVD",
"id": "CVE-2020-9827"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-187952"
},
{
"date": "2020-07-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006221"
},
{
"date": "2020-05-29T19:07:47",
"db": "PACKETSTORM",
"id": "157883"
},
{
"date": "2020-05-29T19:05:25",
"db": "PACKETSTORM",
"id": "157879"
},
{
"date": "2020-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1329"
},
{
"date": "2020-06-09T17:15:13.940000",
"db": "NVD",
"id": "CVE-2020-9827"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-187952"
},
{
"date": "2020-07-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006221"
},
{
"date": "2021-11-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1329"
},
{
"date": "2024-11-21T05:41:21.487000",
"db": "NVD",
"id": "CVE-2020-9827"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1329"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Service operation interruption in the product (DoS) Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006221"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1329"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.