Vulnerability in Apple Ios And Ipados
CVE-2020-27950
A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3…
EPSS: 0.438 (97.6th percentile) — read the EPSS interpretation.
Affected products
- Apple Ios And Ipados — versions unspecified
- Apple Macos — versions unspecified
- Apple Watchos — versions unspecified
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply updates per vendor instructions.
Public proof-of-concept exploits
References
- support.apple.com/en-us/HT211931 (x_refsource_MISC)
- support.apple.com/en-us/HT211928 (x_refsource_MISC)
- support.apple.com/en-us/HT211929 (x_refsource_MISC)
- support.apple.com/en-us/HT211940 (x_refsource_MISC)
- support.apple.com/en-us/HT211944 (x_refsource_MISC)
- support.apple.com/en-us/HT211945 (x_refsource_MISC)
- support.apple.com/en-us/HT211946 (x_refsource_MISC)
- support.apple.com/en-us/HT211947 (x_refsource_MISC)
- 20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1 (mailing-list, x_refsource_FULLDISC)
- packetstormsecurity.com/files/161296/XNU-Kernel-Mach-Message-Trailers-Memory-Di… (x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-27950?
- CVE-2020-27950 is a vulnerability in Apple Ios And Ipados. Published 2020-12-08.
- Is CVE-2020-27950 known to be exploited?
- Yes. CVE-2020-27950 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2021-11-03), indicating it is being actively exploited. 13 public proof-of-concept repositories are indexed.