Sign-up

ID

VAR-202002-1160


CVE

CVE-2020-3834


TITLE

watchOS Memory Corruption Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-002281

DESCRIPTION

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges. Apple watchOS is a smart watch operating system developed by Apple (Apple). Kernel is one of the kernel components. A memory corruption vulnerability exists in the Kernel component of Apple watchOS versions prior to 6.1.2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-1-28-3 watchOS 6.1.2 watchOS 6.1.2 is now available and addresses the following: AnnotationKit Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-3877: an anonymous researcher working with Trend Micro's Zero Day Initiative Audio Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-3857: Zhuo Liang of Qihoo 360 Vulcan Team ImageIO Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-3870 CVE-2020-3878: Samuel Groß of Google Project Zero IOAcceleratorFamily Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-3837: Brandon Azad of Google Project Zero Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2020-3875: Brandon Azad of Google Project Zero Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to determine kernel memory layout Description: An access issue was addressed with improved memory management. CVE-2020-3836: Brandon Azad of Google Project Zero Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-3842: Ned Williamson working with Google Project Zero Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2020-3834: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc, Luyi Xing of Indiana University Bloomington Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2020-3860: Proteas of Qihoo 360 Nirvan Team Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A type confusion issue was addressed with improved memory handling. CVE-2020-3853: Brandon Azad of Google Project Zero libxpc Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted string may lead to heap corruption Description: A memory corruption issue was addressed with improved input validation. CVE-2020-3856: Ian Beer of Google Project Zero libxpc Available for: Apple Watch Series 1 and later Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-3829: Ian Beer of Google Project Zero wifivelocityd Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with system privileges Description: The issue was addressed with improved permissions logic. CVE-2020-3838: Dayton Pidhirney (@_watbulb) Additional recognition IOSurface We would like to acknowledge Liang Chen (@chenliang0817) for their assistance. Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl4whoIACgkQBz4uGe3y 0M2stQ/+OuyWKYzmyoukbioqc52unZuM9BR/7DSPTXV3V2DZiOnbB9g/GjSXfZ6B MwgIrhKfXW3krfSQFgeQVeAeoZWSYNpp3+C+gmc1o1sJwuFOIljiLGLAZGYh18u+ /eLLKFPQEmTn7JxQyIltCmVba3RHK0/ejmM9Ixrxz7LfwDlYJAJpfUnv7othupHx 17VvkPb4FRIiwpi1XF3iqDAtm6KXe8PJth5HaLpvLFUFo+AqEIF1UdK6iB4Sn6GO Qm5xmuJHLZvz6Bbz211LcWmyR5qFtp/FsIDIR9kX8g1DnaUY4/7atF5CAwA4hiz5 dW+2hYwG7XLg2b0i+MMatEOrT90CAfb1gMK2WdAbPOfVkuCDAM4GAGI1EkCYPUhP /nxw9EVPlfSkxqcIRgw4dg3T3Sij29UAoh8R11I+Q4rkWZU6t8QDohZ8Nwo1W3DZ XCa5sRmoXw5oKgQTby+aDd2Bk5IeLWThOJy0sx42BlMAhynh008PJZmFIQLXwgiI 5Scf2BMc8SxO1TwuyTyOoOx3Y82PfFw1Pw7dgoNlXcMZa/nzSUEzg7zJhKr3JGs+ tusuHY5pFE5ATTVifBPREyPc79KhaLF4BjlH58VYaPw09jyC0cb8C61foGsR1BjT Ua+Wg313tcHsC4gUUFn9dtLzJcgx+7GlDglpAPGIxd7OOeotvD8= =ZxyW -----END PGP SIGNATURE-----

Trust: 1.8

sources: NVD: CVE-2020-3834 // JVNDB: JVNDB-2020-002281 // VULHUB: VHN-181959 // PACKETSTORM: 156129

AFFECTED PRODUCTS

vendor:applemodel:watchosscope:ltversion:6.1.2

Trust: 1.0

vendor:applemodel:watchosscope:eqversion:6.1.2

Trust: 0.8

vendor:applemodel:watchosscope:eqversion:5.1

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:5.1.1

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:6.1

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:5.3

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:5.1.2

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:5.1.3

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:1.0

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:5.2.1

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:1.0.1

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:5.2

Trust: 0.6

sources: JVNDB: JVNDB-2020-002281 // CNNVD: CNNVD-202001-1439 // NVD: CVE-2020-3834

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3834
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-002281
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202001-1439
value: HIGH

Trust: 0.6

VULHUB: VHN-181959
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3834
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002281
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181959
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3834
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002281
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181959 // JVNDB: JVNDB-2020-002281 // CNNVD: CNNVD-202001-1439 // NVD: CVE-2020-3834

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-181959 // JVNDB: JVNDB-2020-002281 // NVD: CVE-2020-3834

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202001-1439

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202001-1439

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002281

PATCH
title:HT210921url:https://support.apple.com/en-us/HT210921
Trust: 0.8
title:HT210921url:https://support.apple.com/ja-jp/HT210921
Trust: 0.8
title:Apple watchOS Kernel Fix for component buffer error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110888
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-002281 // 
            
            
            
            CNNVD: CNNVD-202001-1439

EXTERNAL IDS
db:NVDid:CVE-2020-3834
Trust: 2.6
db:JVNid:JVNVU95678717
Trust: 0.8
db:JVNDBid:JVNDB-2020-002281
Trust: 0.8
db:CNNVDid:CNNVD-202001-1439
Trust: 0.7
db:PACKETSTORMid:156129
Trust: 0.7
db:AUSCERTid:ESB-2020.0354
Trust: 0.6
db:VULHUBid:VHN-181959
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181959 // 
            
            
            
            JVNDB: JVNDB-2020-002281 // 
            
            
            
            PACKETSTORM: 156129 // 
            
            
            
            CNNVD: CNNVD-202001-1439 // 
            
            
            
            NVD: CVE-2020-3834

REFERENCES
url:https://support.apple.com/ht210921
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3834
Trust: 1.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3834
Trust: 0.8
url:https://jvn.jp/vu/jvnvu95678717/
Trust: 0.8
url:https://support.apple.com/en-us/ht210921
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.0354/
Trust: 0.6
url:https://packetstormsecurity.com/files/156129/apple-security-advisory-2020-1-28-3.html
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-3842
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3837
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3853
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3875
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3877
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3857
Trust: 0.1
url:https://support.apple.com/kb/ht204641
Trust: 0.1
url:https://support.apple.com/kb/ht201222
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3870
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3838
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3878
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3836
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3856
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3872
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3860
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3829
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181959 // 
            
            
            
            JVNDB: JVNDB-2020-002281 // 
            
            
            
            PACKETSTORM: 156129 // 
            
            
            
            CNNVD: CNNVD-202001-1439 // 
            
            
            
            NVD: CVE-2020-3834

CREDITS
Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc,Apple, Luyi Xing of Indiana University Bloomington
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202001-1439

SOURCES
db:VULHUBid:VHN-181959
db:JVNDBid:JVNDB-2020-002281
db:PACKETSTORMid:156129
db:CNNVDid:CNNVD-202001-1439
db:NVDid:CVE-2020-3834

LAST UPDATE DATE
2024-11-23T21:16:43.947000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181959date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2020-002281date:2020-03-11T00:00:00
db:CNNVDid:CNNVD-202001-1439date:2020-03-09T00:00:00
db:NVDid:CVE-2020-3834date:2024-11-21T05:31:48.527

SOURCES RELEASE DATE
db:VULHUBid:VHN-181959date:2020-02-27T00:00:00
db:JVNDBid:JVNDB-2020-002281date:2020-03-11T00:00:00
db:PACKETSTORMid:156129date:2020-01-29T17:17:18
db:CNNVDid:CNNVD-202001-1439date:2020-01-31T00:00:00
db:NVDid:CVE-2020-3834date:2020-02-27T21:15:16.427