Sign-up

ID

VAR-202002-1190


CVE

CVE-2020-3877


TITLE

macOS Catalina and watchOS Out-of-bounds read vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-002297

DESCRIPTION

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3, watchOS 6.1.2. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple Messages. User interaction is required to exploit this vulnerability in that the target must open the Messages application.The specific flaw exists within the HandwritingProvider module in the Messages application. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Both Apple watchOS and Apple macOS Catalina are products of Apple Inc. in the United States. Apple macOS Catalina is a dedicated operating system developed for Mac computers. A buffer error vulnerability exists in the AnnotationKit component in Apple watchOS versions prior to 6.1.2 and macOS Catalina versions prior to 10.15.3. CVE-2020-3877: an anonymous researcher working with Trend Micro's Zero Day Initiative Audio Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-3857: Zhuo Liang of Qihoo 360 Vulcan Team ImageIO Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-3870 CVE-2020-3878: Samuel Groß of Google Project Zero IOAcceleratorFamily Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-3837: Brandon Azad of Google Project Zero Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2020-3875: Brandon Azad of Google Project Zero Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to determine kernel memory layout Description: An access issue was addressed with improved memory management. CVE-2020-3836: Brandon Azad of Google Project Zero Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-3872: Haakon Garseg Mørk of Cognite and Cim Stordal of Cognite Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-3842: Ned Williamson working with Google Project Zero Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2020-3834: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc, Luyi Xing of Indiana University Bloomington Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2020-3860: Proteas of Qihoo 360 Nirvan Team Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A type confusion issue was addressed with improved memory handling. CVE-2020-3853: Brandon Azad of Google Project Zero libxpc Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted string may lead to heap corruption Description: A memory corruption issue was addressed with improved input validation. CVE-2020-3856: Ian Beer of Google Project Zero libxpc Available for: Apple Watch Series 1 and later Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-3829: Ian Beer of Google Project Zero wifivelocityd Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with system privileges Description: The issue was addressed with improved permissions logic. CVE-2020-3838: Dayton Pidhirney (@_watbulb) Additional recognition IOSurface We would like to acknowledge Liang Chen (@chenliang0817) for their assistance. Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl4whoIACgkQBz4uGe3y 0M2stQ/+OuyWKYzmyoukbioqc52unZuM9BR/7DSPTXV3V2DZiOnbB9g/GjSXfZ6B MwgIrhKfXW3krfSQFgeQVeAeoZWSYNpp3+C+gmc1o1sJwuFOIljiLGLAZGYh18u+ /eLLKFPQEmTn7JxQyIltCmVba3RHK0/ejmM9Ixrxz7LfwDlYJAJpfUnv7othupHx 17VvkPb4FRIiwpi1XF3iqDAtm6KXe8PJth5HaLpvLFUFo+AqEIF1UdK6iB4Sn6GO Qm5xmuJHLZvz6Bbz211LcWmyR5qFtp/FsIDIR9kX8g1DnaUY4/7atF5CAwA4hiz5 dW+2hYwG7XLg2b0i+MMatEOrT90CAfb1gMK2WdAbPOfVkuCDAM4GAGI1EkCYPUhP /nxw9EVPlfSkxqcIRgw4dg3T3Sij29UAoh8R11I+Q4rkWZU6t8QDohZ8Nwo1W3DZ XCa5sRmoXw5oKgQTby+aDd2Bk5IeLWThOJy0sx42BlMAhynh008PJZmFIQLXwgiI 5Scf2BMc8SxO1TwuyTyOoOx3Y82PfFw1Pw7dgoNlXcMZa/nzSUEzg7zJhKr3JGs+ tusuHY5pFE5ATTVifBPREyPc79KhaLF4BjlH58VYaPw09jyC0cb8C61foGsR1BjT Ua+Wg313tcHsC4gUUFn9dtLzJcgx+7GlDglpAPGIxd7OOeotvD8= =ZxyW -----END PGP SIGNATURE-----

Trust: 2.43

sources: NVD: CVE-2020-3877 // JVNDB: JVNDB-2020-002297 // ZDI: ZDI-20-216 // VULHUB: VHN-182002 // PACKETSTORM: 156129

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.15.3

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:6.1.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.2

Trust: 0.8

vendor:applemodel:watchosscope:eqversion:6.1.2

Trust: 0.8

vendor:applemodel:messagescope: - version: -

Trust: 0.7

vendor:applemodel:mac os xscope:eqversion:10.10.1

Trust: 0.6

vendor:applemodel:watchosscope:eqversion:2.2

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.9.2

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.10.0

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.9.3

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.9.1

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.9.4

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.9.5

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.9

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.10.2

Trust: 0.6

sources: ZDI: ZDI-20-216 // JVNDB: JVNDB-2020-002297 // CNNVD: CNNVD-202001-1441 // NVD: CVE-2020-3877

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3877
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-002297
value: HIGH

Trust: 0.8

ZDI: CVE-2020-3877
value: HIGH

Trust: 0.7

CNNVD: CNNVD-202001-1441
value: HIGH

Trust: 0.6

VULHUB: VHN-182002
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3877
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002297
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-182002
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3877
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002297
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2020-3877
baseSeverity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-216 // VULHUB: VHN-182002 // JVNDB: JVNDB-2020-002297 // CNNVD: CNNVD-202001-1441 // NVD: CVE-2020-3877

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.9

sources: VULHUB: VHN-182002 // JVNDB: JVNDB-2020-002297 // NVD: CVE-2020-3877

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-1441

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202001-1441

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002297

PATCH
title:HT210919url:https://support.apple.com/en-us/HT210919
Trust: 1.5
title:HT210921url:https://support.apple.com/en-us/HT210921
Trust: 0.8
title:HT210921url:https://support.apple.com/ja-jp/HT210921
Trust: 0.8
title:HT210919url:https://support.apple.com/ja-jp/HT210919
Trust: 0.8
title:Apple watchOS  and macOS Catalina AnnotationKit Fix for component buffer error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=109534
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-216 // 
            
            
            
            JVNDB: JVNDB-2020-002297 // 
            
            
            
            CNNVD: CNNVD-202001-1441

EXTERNAL IDS
db:NVDid:CVE-2020-3877
Trust: 3.3
db:ZDIid:ZDI-20-216
Trust: 1.3
db:JVNid:JVNVU95678717
Trust: 0.8
db:JVNDBid:JVNDB-2020-002297
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-9383
Trust: 0.7
db:CNNVDid:CNNVD-202001-1441
Trust: 0.7
db:PACKETSTORMid:156129
Trust: 0.7
db:AUSCERTid:ESB-2020.0354
Trust: 0.6
db:CNVDid:CNVD-2020-04830
Trust: 0.1
db:VULHUBid:VHN-182002
Trust: 0.1
sources:
            
            
            ZDI: ZDI-20-216 // 
            
            
            
            VULHUB: VHN-182002 // 
            
            
            
            JVNDB: JVNDB-2020-002297 // 
            
            
            
            PACKETSTORM: 156129 // 
            
            
            
            CNNVD: CNNVD-202001-1441 // 
            
            
            
            NVD: CVE-2020-3877

REFERENCES
url:https://support.apple.com/ht210919
Trust: 1.7
url:https://support.apple.com/ht210921
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3877
Trust: 1.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3877
Trust: 0.8
url:https://jvn.jp/vu/jvnvu95678717/
Trust: 0.8
url:https://support.apple.com/en-us/ht210919
Trust: 0.7
url:https://support.apple.com/en-us/ht210921
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.0354/
Trust: 0.6
url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-31449
Trust: 0.6
url:https://packetstormsecurity.com/files/156129/apple-security-advisory-2020-1-28-3.html
Trust: 0.6
url:https://www.zerodayinitiative.com/advisories/zdi-20-216/
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-3842
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3837
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3853
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3875
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3857
Trust: 0.1
url:https://support.apple.com/kb/ht204641
Trust: 0.1
url:https://support.apple.com/kb/ht201222
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3870
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3838
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3878
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3834
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3836
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3856
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3872
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3860
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2020-3829
Trust: 0.1
sources:
            
            
            ZDI: ZDI-20-216 // 
            
            
            
            VULHUB: VHN-182002 // 
            
            
            
            JVNDB: JVNDB-2020-002297 // 
            
            
            
            PACKETSTORM: 156129 // 
            
            
            
            CNNVD: CNNVD-202001-1441 // 
            
            
            
            NVD: CVE-2020-3877

CREDITS
Anonymous
Trust: 0.7
sources:
            
            
            ZDI: ZDI-20-216

SOURCES
db:ZDIid:ZDI-20-216
db:VULHUBid:VHN-182002
db:JVNDBid:JVNDB-2020-002297
db:PACKETSTORMid:156129
db:CNNVDid:CNNVD-202001-1441
db:NVDid:CVE-2020-3877

LAST UPDATE DATE
2024-11-23T21:05:20.111000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-20-216date:2020-02-11T00:00:00
db:VULHUBid:VHN-182002date:2020-03-02T00:00:00
db:JVNDBid:JVNDB-2020-002297date:2020-03-11T00:00:00
db:CNNVDid:CNNVD-202001-1441date:2020-03-09T00:00:00
db:NVDid:CVE-2020-3877date:2024-11-21T05:31:52.947

SOURCES RELEASE DATE
db:ZDIid:ZDI-20-216date:2020-02-11T00:00:00
db:VULHUBid:VHN-182002date:2020-02-27T00:00:00
db:JVNDBid:JVNDB-2020-002297date:2020-03-11T00:00:00
db:PACKETSTORMid:156129date:2020-01-29T17:17:18
db:CNNVDid:CNNVD-202001-1441date:2020-01-31T00:00:00
db:NVDid:CVE-2020-3877date:2020-02-27T21:15:18.787