var-202010-1286
Vulnerability from variot
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the AudioToolbox library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the AudioToolbox framework. Crafted data in a CAF file can trigger a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. A security vulnerability exists in the Clang component of Apple macOS Catalina versions prior to 10.15.6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra
macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra are now available and address the following:
Audio Available for: macOS Catalina 10.15.5 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9884: Yu Zhou(@yuzhou6666) of 小鸡帮 working with Trend Micro Zero Day Initiative CVE-2020-9889: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab
Audio Available for: macOS Catalina 10.15.5 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9888: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab CVE-2020-9890: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab CVE-2020-9891: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab
Clang Available for: macOS Catalina 10.15.5 Impact: Clang may generate machine code that does not correctly enforce pointer authentication codes Description: A logic issue was addressed with improved validation. CVE-2020-9870: Samuel Groß of Google Project Zero
CoreAudio Available for: macOS High Sierra 10.13.6 Impact: A buffer overflow may result in arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2020-9866: Yu Zhou of 小鸡帮 and Jundong Xie of Ant-financial Light- Year Security Lab
CoreFoundation Available for: macOS Catalina 10.15.5 Impact: A local user may be able to view sensitive user information Description: An issue existed in the handling of environment variables. CVE-2020-9934: an anonymous researcher
Crash Reporter Available for: macOS Catalina 10.15.5 Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud
Grpahics Drivers Available for: macOS Catalina 10.15.5 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9799: ABC Research s.r.o.
Heimdal Available for: macOS Catalina 10.15.5 Impact: A local user may be able to leak sensitive user information Description: This issue was addressed with improved data protection. CVE-2020-9936: Mickey Jin of Trend Micro
Kernel Available for: macOS Catalina 10.15.5 Impact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel Description: A routing issue was addressed with improved restrictions. CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall
Mail Available for: macOS Catalina 10.15.5 Impact: A remote attacker can cause a limited out-of-bounds write, resulting in a denial of service Description: An input validation issue was addressed. CVE-2019-19906
Messages Available for: macOS Catalina 10.15.5 Impact: A user that is removed from an iMessage group could rejoin the group Description: An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. CVE-2020-9885: an anonymous researcher, Suryansh Mansharamani, of WWP High School North (medium.com/@suryanshmansha)
Model I/O Available for: macOS Catalina 10.15.5 Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2020-9878: Holger Fuhrmannek of Deutsche Telekom Security
Security Available for: macOS Catalina 10.15.5 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved restrictions. CVE-2020-9864: Alexander Holodny
Vim Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed with improved checks. CVE-2019-20807: Guilherme de Almeida Suckevicz
Wi-Fi Available for: macOS Catalina 10.15.5 Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn)
Additional recognition
USB Audio We would like to acknowledge Andy Davis of NCC Group for their assistance.
Installation note:
macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl8PNx0ACgkQBz4uGe3y 0M3aXhAAm0hhJpdR0h7uhbtT6LkOuBAYbn0ivAbaB2wzEgZJNXBi9pwd/eL+I1tZ FsYG2Ux0P7VOXClepKzM/yi2Y9w9JZt/u5jSpps7n4/6k4JpcBT74IBF8A4iUvfQ DZcd58rTYf7PuO28ZW9FcYVhgMrN1oPheg0yr+ZaM+0wJrBfPg5STX9AwtPw5P4B aDMYGqv6EQLRiI/cj18/BnLD9kuYq2/fvO/AVjTzAGWVWmY0jpEaaHoeEgSbocNd qVpobhb8K8aK3PjfocK62hSH9DF0yBQYVsnX+bRmTDqzkWK4FXN6fG2ObiI+9ytq wJ6RPT9N5rkIsru8iqaYW6vo5eS61tCAxSgsOsWsm9+KAaBLOnrLzago3kQbtnTG SQBDDSW5w1iI/+kypdCCE67I67psSxPfrDdPU2wG3arQjnE4xm7S4eOE+9cBlKY+ bsNpFcYgShyZ6GnaJ1yVbZgR2zK97xbKYp8xbEOICeCchO1vF31hlDxsMl09UV1U eYJ3sOqBUxDpUj2vjpP9pB4ocSlHdAENL/5dyWUPlx8wjpnodRX2HsPHonjTqM4y kgwJjHI26LZWU4icKIPvl8875ksw/sCmKpVZlbF0IRPvd58ITt5rSvUTQulKqVs6 ML/l/uIf4shjBmNz0xdQlzsdctxdnPh1ge1kNfH34X4JgPWVWaM= =GCJp -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-1286",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.6"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "6.2.8"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.6"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.4.8"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.6"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.15.5"
},
{
"model": "macos",
"scope": null,
"trust": 0.7,
"vendor": "apple",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-908"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009937"
},
{
"db": "NVD",
"id": "CVE-2020-9884"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009937"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yu Zhou(@yuzhou6666) of \\xe5\\xb0\\x8f\\xe9\\xb8\\xa1\\xe5\\xb8\\xae",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-908"
}
],
"trust": 0.7
},
"cve": "CVE-2020-9884",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-9884",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-009937",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-188009",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-9884",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009937",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-9884",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-9884",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-009937",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2020-9884",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-1072",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-188009",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-9884",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-908"
},
{
"db": "VULHUB",
"id": "VHN-188009"
},
{
"db": "VULMON",
"id": "CVE-2020-9884"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009937"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1072"
},
{
"db": "NVD",
"id": "CVE-2020-9884"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the AudioToolbox library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the AudioToolbox framework. Crafted data in a CAF file can trigger a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. A security vulnerability exists in the Clang component of Apple macOS Catalina versions prior to 10.15.6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update\n2020-004 Mojave, Security Update 2020-004 High Sierra\n\nmacOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security\nUpdate 2020-004 High Sierra are now available and address the\nfollowing:\n\nAudio\nAvailable for: macOS Catalina 10.15.5\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9884: Yu Zhou(@yuzhou6666) of \u5c0f\u9e21\u5e2e working with Trend Micro\nZero Day Initiative\nCVE-2020-9889: JunDong Xie and XingWei Li of Ant-financial Light-Year\nSecurity Lab\n\nAudio\nAvailable for: macOS Catalina 10.15.5\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9888: JunDong Xie and XingWei Li of Ant-financial Light-Year\nSecurity Lab\nCVE-2020-9890: JunDong Xie and XingWei Li of Ant-financial Light-Year\nSecurity Lab\nCVE-2020-9891: JunDong Xie and XingWei Li of Ant-financial Light-Year\nSecurity Lab\n\nClang\nAvailable for: macOS Catalina 10.15.5\nImpact: Clang may generate machine code that does not correctly\nenforce pointer authentication codes\nDescription: A logic issue was addressed with improved validation. \nCVE-2020-9870: Samuel Gro\u00df of Google Project Zero\n\nCoreAudio\nAvailable for: macOS High Sierra 10.13.6\nImpact: A buffer overflow may result in arbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2020-9866: Yu Zhou of \u5c0f\u9e21\u5e2e and Jundong Xie of Ant-financial Light-\nYear Security Lab\n\nCoreFoundation\nAvailable for: macOS Catalina 10.15.5\nImpact: A local user may be able to view sensitive user information\nDescription: An issue existed in the handling of environment\nvariables. \nCVE-2020-9934: an anonymous researcher\n\nCrash Reporter\nAvailable for: macOS Catalina 10.15.5\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: A memory corruption issue was addressed by removing the\nvulnerable code. \nCVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360\nBugCloud\n\nGrpahics Drivers\nAvailable for: macOS Catalina 10.15.5\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9799: ABC Research s.r.o. \n\nHeimdal\nAvailable for: macOS Catalina 10.15.5\nImpact: A local user may be able to leak sensitive user information\nDescription: This issue was addressed with improved data protection. \nCVE-2020-9936: Mickey Jin of Trend Micro\n\nKernel\nAvailable for: macOS Catalina 10.15.5\nImpact: An attacker in a privileged network position may be able to\ninject into active connections within a VPN tunnel\nDescription: A routing issue was addressed with improved\nrestrictions. \nCVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. \nCrandall\n\nMail\nAvailable for: macOS Catalina 10.15.5\nImpact: A remote attacker can cause a limited out-of-bounds write,\nresulting in a denial of service\nDescription: An input validation issue was addressed. \nCVE-2019-19906\n\nMessages\nAvailable for: macOS Catalina 10.15.5\nImpact: A user that is removed from an iMessage group could rejoin\nthe group\nDescription: An issue existed in the handling of iMessage tapbacks. \nThe issue was resolved with additional verification. \nCVE-2020-9885: an anonymous researcher, Suryansh Mansharamani, of WWP\nHigh School North (medium.com/@suryanshmansha)\n\nModel I/O\nAvailable for: macOS Catalina 10.15.5\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2020-9878: Holger Fuhrmannek of Deutsche Telekom Security\n\nSecurity\nAvailable for: macOS Catalina 10.15.5\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-9864: Alexander Holodny\n\nVim\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: This issue was addressed with improved checks. \nCVE-2019-20807: Guilherme de Almeida Suckevicz\n\nWi-Fi\nAvailable for: macOS Catalina 10.15.5\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud\n(bugcloud.360.cn)\n\nAdditional recognition\n\nUSB Audio\nWe would like to acknowledge Andy Davis of NCC Group for their\nassistance. \n\nInstallation note:\n\nmacOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security\nUpdate 2020-004 High Sierra may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl8PNx0ACgkQBz4uGe3y\n0M3aXhAAm0hhJpdR0h7uhbtT6LkOuBAYbn0ivAbaB2wzEgZJNXBi9pwd/eL+I1tZ\nFsYG2Ux0P7VOXClepKzM/yi2Y9w9JZt/u5jSpps7n4/6k4JpcBT74IBF8A4iUvfQ\nDZcd58rTYf7PuO28ZW9FcYVhgMrN1oPheg0yr+ZaM+0wJrBfPg5STX9AwtPw5P4B\naDMYGqv6EQLRiI/cj18/BnLD9kuYq2/fvO/AVjTzAGWVWmY0jpEaaHoeEgSbocNd\nqVpobhb8K8aK3PjfocK62hSH9DF0yBQYVsnX+bRmTDqzkWK4FXN6fG2ObiI+9ytq\nwJ6RPT9N5rkIsru8iqaYW6vo5eS61tCAxSgsOsWsm9+KAaBLOnrLzago3kQbtnTG\nSQBDDSW5w1iI/+kypdCCE67I67psSxPfrDdPU2wG3arQjnE4xm7S4eOE+9cBlKY+\nbsNpFcYgShyZ6GnaJ1yVbZgR2zK97xbKYp8xbEOICeCchO1vF31hlDxsMl09UV1U\neYJ3sOqBUxDpUj2vjpP9pB4ocSlHdAENL/5dyWUPlx8wjpnodRX2HsPHonjTqM4y\nkgwJjHI26LZWU4icKIPvl8875ksw/sCmKpVZlbF0IRPvd58ITt5rSvUTQulKqVs6\nML/l/uIf4shjBmNz0xdQlzsdctxdnPh1ge1kNfH34X4JgPWVWaM=\n=GCJp\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9884"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009937"
},
{
"db": "ZDI",
"id": "ZDI-20-908"
},
{
"db": "VULHUB",
"id": "VHN-188009"
},
{
"db": "VULMON",
"id": "CVE-2020-9884"
},
{
"db": "PACKETSTORM",
"id": "158457"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-9884",
"trust": 3.4
},
{
"db": "ZDI",
"id": "ZDI-20-908",
"trust": 1.3
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009937",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10653",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1072",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158457",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2430",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "49977",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-57850",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-188009",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-9884",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-908"
},
{
"db": "VULHUB",
"id": "VHN-188009"
},
{
"db": "VULMON",
"id": "CVE-2020-9884"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009937"
},
{
"db": "PACKETSTORM",
"id": "158457"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1072"
},
{
"db": "NVD",
"id": "CVE-2020-9884"
}
]
},
"id": "VAR-202010-1286",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-188009"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:24:36.007000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT211289",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT211289"
},
{
"title": "HT211289",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT211289"
},
{
"title": "Apple has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://support.apple.com/en-gb/HT211289"
},
{
"title": "Apple macOS Catalina Clang Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124556"
},
{
"title": "Apple: macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=aa30f53f014f01d7a0510a965599d2a9"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-908"
},
{
"db": "VULMON",
"id": "CVE-2020-9884"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009937"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1072"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-188009"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009937"
},
{
"db": "NVD",
"id": "CVE-2020-9884"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://support.apple.com/ht211289"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9884"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9884"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu#94090210/index.html"
},
{
"trust": 0.7,
"url": "https://support.apple.com/en-gb/ht211289"
},
{
"trust": 0.6,
"url": "https://support.apple.com/kb/ht211289"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158457/apple-security-advisory-2020-07-15-2.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/49977"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht211291"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-908/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2430/"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht211290"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/185420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9878"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9799"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9913"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9864"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9866"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9934"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9888"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14899"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9885"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9891"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9870"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20807"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9936"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9890"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9865"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-908"
},
{
"db": "VULHUB",
"id": "VHN-188009"
},
{
"db": "VULMON",
"id": "CVE-2020-9884"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009937"
},
{
"db": "PACKETSTORM",
"id": "158457"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1072"
},
{
"db": "NVD",
"id": "CVE-2020-9884"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-20-908"
},
{
"db": "VULHUB",
"id": "VHN-188009"
},
{
"db": "VULMON",
"id": "CVE-2020-9884"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009937"
},
{
"db": "PACKETSTORM",
"id": "158457"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1072"
},
{
"db": "NVD",
"id": "CVE-2020-9884"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-21T00:00:00",
"db": "ZDI",
"id": "ZDI-20-908"
},
{
"date": "2020-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-188009"
},
{
"date": "2020-10-16T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9884"
},
{
"date": "2020-12-11T07:15:37",
"db": "JVNDB",
"id": "JVNDB-2020-009937"
},
{
"date": "2020-07-17T19:23:49",
"db": "PACKETSTORM",
"id": "158457"
},
{
"date": "2020-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1072"
},
{
"date": "2020-10-16T17:15:15.840000",
"db": "NVD",
"id": "CVE-2020-9884"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-21T00:00:00",
"db": "ZDI",
"id": "ZDI-20-908"
},
{
"date": "2023-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-188009"
},
{
"date": "2020-10-20T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9884"
},
{
"date": "2020-12-11T07:15:37",
"db": "JVNDB",
"id": "JVNDB-2020-009937"
},
{
"date": "2021-11-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1072"
},
{
"date": "2024-11-21T05:41:28.137000",
"db": "NVD",
"id": "CVE-2020-9884"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1072"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Out-of-bounds write vulnerabilities in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009937"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1072"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.