Vulnerability in Apple Ios And Ipados
CVE-2020-27930
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 an…
EPSS: 0.439 (97.6th percentile) — read the EPSS interpretation.
Affected products
- Apple Ios And Ipados — versions unspecified
- Apple Macos — versions unspecified
- Apple Watchos — versions unspecified
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply updates per vendor instructions.
Public proof-of-concept exploits
References
- support.apple.com/en-us/HT211931 (x_refsource_MISC)
- support.apple.com/en-us/HT211928 (x_refsource_MISC)
- support.apple.com/en-us/HT211929 (x_refsource_MISC)
- support.apple.com/en-us/HT211940 (x_refsource_MISC)
- support.apple.com/en-us/HT211944 (x_refsource_MISC)
- support.apple.com/en-us/HT211945 (x_refsource_MISC)
- support.apple.com/en-us/HT211946 (x_refsource_MISC)
- support.apple.com/en-us/HT211947 (x_refsource_MISC)
- 20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1 (mailing-list, x_refsource_FULLDISC)
- packetstormsecurity.com/files/161294/Apple-Safari-Remote-Code-Execution.html (x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-27930?
- CVE-2020-27930 is a vulnerability in Apple Ios And Ipados. Published 2020-12-08.
- Is CVE-2020-27930 known to be exploited?
- Yes. CVE-2020-27930 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2021-11-03), indicating it is being actively exploited. 8 public proof-of-concept repositories are indexed.