Details of VAR-202006-1617

ID

VAR-202006-1617

CVE

CVE-2020-9821

TITLE

plural Apple Product Corruption Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-006287

DESCRIPTION

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges. iPadOS , iOS , Apple Mac OS X Multiple Apple products have an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple macOS Catalina is a dedicated operating system developed for Mac computers. Kernel is one of the kernel components. Kernel components in several Apple products have security vulnerabilities. The following products and versions are affected: Apple macOS Catalina prior to 10.15.5; iOS prior to 13.5; iPadOS prior to 13.5; tvOS prior to 13.4.5; watchOS prior to 6.2.5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-05-26-3 macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra are now available and address the following: Accounts Available for: macOS Catalina 10.15.4 Impact: A remote attacker may be able to cause a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt AirDrop Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A remote attacker may be able to cause a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2020-9826: Dor Hadad of Palo Alto Networks AppleMobileFileIntegrity Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4 Impact: An application may be able to use arbitrary entitlements Description: This issue was addressed with improved checks. CVE-2020-9842: Linus Henze (pinauten.de) AppleUSBNetworking Available for: macOS Catalina 10.15.4 Impact: Inserting a USB device that sends invalid messages may cause a kernel panic Description: A logic issue was addressed with improved restrictions. CVE-2020-9804: Andy Davis of NCC Group Audio Available for: macOS Catalina 10.15.4 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative Audio Available for: macOS Catalina 10.15.4 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative Bluetooth Available for: macOS Catalina 10.15.4 Impact: A malicious application may be able to determine kernel memory layout Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9831: Yu Wang of Didi Research America Calendar Available for: macOS Catalina 10.15.4 Impact: Importing a maliciously crafted calendar invitation may exfiltrate user information Description: This issue was addressed with improved checks. CVE-2020-3882: Andy Grant of NCC Group CVMS Available for: macOS Catalina 10.15.4 Impact: An application may be able to gain elevated privileges Description: This issue was addressed with improved checks. CVE-2020-9856: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative DiskArbitration Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to break out of its sandbox Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9847: Zhuo Liang of Qihoo 360 Vulcan Team Find My Available for: macOS Catalina 10.15.4 Impact: A local attacker may be able to elevate their privileges Description: A validation issue existed in the handling of symlinks. CVE-2020-9855: Zhongcheng Li(CK01) of Topsec Alpha Team FontParser Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend Micro Zero Day Initiative ImageIO Available for: macOS Catalina 10.15.4 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-3878: Samuel Groß of Google Project Zero ImageIO Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9789: Wenchao Li of VARAS@IIE CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab Intel Graphics Driver Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9822: ABC Research s.r.o IPSec Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4 Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to determine another application's memory layout Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A memory corruption issue was addressed with improved state management. CVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A local user may be able to read kernel memory Description: An information disclosure issue was addressed with improved state management. CVE-2020-9813: Xinru Chi of Pangu Lab CVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to determine kernel memory layout Description: An information disclosure issue was addressed with improved state management. CVE-2020-9809: Benjamin Randazzo (@____benjamin) ksh Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A local user may be able to execute arbitrary shell commands Description: An issue existed in the handling of environment variables. CVE-2019-14868 NSURL Available for: macOS Mojave 10.14.6 Impact: A malicious website may be able to exfiltrate autofilled data in Safari Description: An issue existed in the parsing of URLs. CVE-2020-9857: Dlive of Tencent Security Xuanwu Lab PackageKit Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to gain root privileges Description: A permissions issue existed. CVE-2020-9817: Andy Grant of NCC Group PackageKit Available for: macOS Catalina 10.15.4 Impact: A malicious application may be able to modify protected parts of the file system Description: An access issue was addressed with improved access restrictions. CVE-2020-9851: Linus Henze (pinauten.de) Python Available for: macOS Catalina 10.15.4 Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2020-9793 Sandbox Available for: macOS Catalina 10.15.4 Impact: A malicious application may be able to bypass Privacy preferences Description: An access issue was addressed with additional sandbox restrictions. CVE-2020-9825: Sreejith Krishnan R (@skr0x1C0) Security Available for: macOS Catalina 10.15.4 Impact: A file may be incorrectly rendered to execute JavaScript Description: A validation issue was addressed with improved input sanitization. CVE-2020-9788: Wojciech Reguła of SecuRing (https://wojciechregula.blog) SIP Available for: macOS Catalina 10.15.4 Impact: A non-privileged user may be able to modify restricted network settings Description: A logic issue was addressed with improved restrictions. CVE-2020-9824: Csaba Fitzl (@theevilbit) of Offensive Security SQLite Available for: macOS Catalina 10.15.4 Impact: A malicious application may cause a denial of service or potentially disclose memory contents Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9794 System Preferences Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with improved state handling. CVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative USB Audio Available for: macOS Catalina 10.15.4 Impact: A USB device may be able to cause a denial of service Description: A validation issue was addressed with improved input sanitization. CVE-2020-9792: Andy Davis of NCC Group Wi-Fi Available for: macOS Catalina 10.15.4 Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A double free issue was addressed with improved memory management. CVE-2020-9844: Ian Beer of Google Project Zero Wi-Fi Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2020-9830: Tielei Wang of Pangu Lab Wi-Fi Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2020-9834: Yu Wang of Didi Research America Wi-Fi Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A local user may be able to read kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-9833: Yu Wang of Didi Research America Wi-Fi Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to determine kernel memory layout Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9832: Yu Wang of Didi Research America WindowServer Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: An integer overflow was addressed through improved input validation. CVE-2020-9841: ABC Research s.r.o. working with Trend Micro Zero Day Initiative zsh Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A local attacker may be able to elevate their privileges Description: An authorization issue was addressed with improved state management. CVE-2019-20044: Sam Foxman Additional recognition CoreBluetooth We would like to acknowledge Maximilian von Tschitschnitz of Technical University Munich and Ludwig Peuckert of Technical University Munich for their assistance. CoreText We would like to acknowledge Jiska Classen (@naehrdine) and Dennis Heinze (@ttdennis) of Secure Mobile Networking Lab for their assistance. Endpoint Security We would like to acknowledge an anonymous researcher for their assistance. ImageIO We would like to acknowledge Lei Sun for their assistance. IOHIDFamily We would like to acknowledge Andy Davis of NCC Group for their assistance. IPSec We would like to acknowledge Thijs Alkemade of Computest for their assistance. Login Window We would like to acknowledge Jon Morby and an anonymous researcher for their assistance. Sandbox We would like to acknowledge Jason L Lang of Optum for their assistance. Spotlight We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. Installation note: macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64 iQIcBAEDCAAGBQJezZcfAAoJEAc+Lhnt8tDNIQYP/0YN+/T85WC7RJjAlRrUDduD ZO0e76d2C1jNgZWsYmXnrEPwfRYAEPLcKgb/SxAlwlRNFqex9CNu2sD1aA3GZBIO MaektARuncqh06rl8BjbakS4HQs675vUEjoJS9H2d0pq2dSEIjOtH1agJwtGIeNS wHBFlUnQzI42hurYeq7fxRdiByf+Z3mKEBt6wlVtaWjqcMfG9sroj9H58RLiqSNm VNfU4eZNPrG49kbTf4IC2JvvKg18hrUZqIcjbV/56+kPBl4+USIxh/5ECJHV/cDD BEe64M2I1LiY0lq6neoOeHvBiiIvUq9EUW2PBnfcbo3V1D35mm6td+WnO3Buqo6f EEkjfIwtq7fI10ZPYYjiUayrQyfqmM3x14JcxDsHzlerT6NNRTg3g2ls0seQK9Lt 8IDbkrseOR0JFukR1njC+cAk4RbDFue5cUJK6Js1nGvFwLN0kHFIhh9jFKgccgH7 bKSLDAdB+kSxBOshDDmYyNS+KRzXEWIsBU8ZbNAbRDANWqm4lcPffKWcG7zIdiMQ JLUclRURf35AoFmJ0F1BZSRzFuHr1Dvh23SjNK7H9i/mD05+rY6esh5ZKco+6Yqe pW/EOXEAs/J06xUytABH3SkFmQSzlIPuFrXa8qAskHhFp/E8yLehyefoY+AZJjal sLrLBIOxQCTskSFoExP8 =2eah -----END PGP SIGNATURE----- . Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64 iQIcBAEDCAAGBQJezV7iAAoJEAc+Lhnt8tDNOiEP/10y27pTK/QbuSGW7HnZoJjg f2sHKU0JBCz7BjdgZHl6g+glsYPTojGGlIEa/r0ID9X74I41YS3cGvzmTQXcSdXV Xbs98UPjabCZOMiTW/LBxx25I78UptqhMhisrXnNXfu+lAYOxmJVQ0vbN9jd9za9 oKw1ydIi4aGfwPg8KOtMbxzE8wb8+SsRlHmXGh4qSmJ0o5BIvumdPMQRInM5Sdhp d/XWrgc7SPKervyfgvlylWE3KteDDSkk8d42wN4444pLQkVrKnaxGKHjWz01jcMF 1uB9ExsQbINGeR78wu8hD1wZke735shCwSyHHlSVf0iT/Ji3Zafy5dN79lMH5M8t x6ZmvDaPtNXGTaH41oTqsmyVoauy8ArWVMAuyi/ZdM6tM4J+7nEEAhrzvVOJ/0A2 nTdGZBDUeUmDLpcJwGw4h8MCYNqscHYNAPUJ2sLfyQhT6lC71yvJeKENwsK77hTC ZP+TFZbnbq7kETD/JknhGb8eC4DQ71NmlRNWpfKBId5bvXLRqiP/WHtwQk6XYCBN YNEOAUltQd4vKAI1ozjMh+RTI0EHNxTZCWJPawEkk2WhAytz+js+nJB4R9kp6N+k GghA5YOwLr/RveIzgm3fWEXOCR7b+7qxic+DPPULycnpdhDglbBWr4p8giQufnS2 2yHIY1iRg2jjw5hArbVE =9PNQ -----END PGP SIGNATURE-----

Trust: 2.7

sources: NVD: CVE-2020-9821 // JVNDB: JVNDB-2020-006287 // JVNDB: JVNDB-2020-018305 // VULHUB: VHN-187946 // PACKETSTORM: 157883 // PACKETSTORM: 157877 // PACKETSTORM: 157879

AFFECTED PRODUCTS

vendor:	apple	model:	tvos	scope:	lt	version:	13.4.5	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	13.5	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	13.5	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	6.2.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.5	Trust: 1.0
vendor:	apple	model:	tvos	scope:	eq	version:	13.4.5 未満 (apple tv 4k)	Trust: 0.8
vendor:	apple	model:	ipados	scope:	eq	version:	13.5 未満 (ipad air 2 以降)	Trust: 0.8
vendor:	apple	model:	ipados	scope:	eq	version:	13.5 未満 (ipad mini 4 以降)	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.6	Trust: 0.8
vendor:	apple	model:	ios	scope:	eq	version:	13.5 未満 (ipod touch 第 7 世代)	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.14.6	Trust: 0.8
vendor:	apple	model:	watchos	scope:	eq	version:	6.2.5 未満 (apple watch series 1 以降)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	eq	version:	13.4.5 未満 (apple tv hd)	Trust: 0.8
vendor:	apple	model:	ios	scope:	eq	version:	13.5 未満 (iphone 6s 以降)	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.4	Trust: 0.8
vendor:	アップル	model:	ipados	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	apple mac os x	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	tvos	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	watchos	scope:	eq	version:	6.2.5	Trust: 0.8

sources: JVNDB: JVNDB-2020-006287 // JVNDB: JVNDB-2020-018305 // NVD: CVE-2020-9821

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9821
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-006287
value:	HIGH
Trust: 0.8
NVD:	CVE-2020-9821
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202005-1293
value:	HIGH
Trust: 0.6
VULHUB:	VHN-187946
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-9821
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
NVD:	JVNDB-2020-006287
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-187946
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9821
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-006287
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
NVD:	CVE-2020-9821
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-187946 // JVNDB: JVNDB-2020-006287 // JVNDB: JVNDB-2020-018305 // CNNVD: CNNVD-202005-1293 // NVD: CVE-2020-9821

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-119	Trust: 0.9
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-187946 // JVNDB: JVNDB-2020-006287 // JVNDB: JVNDB-2020-018305 // NVD: CVE-2020-9821

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202005-1293

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202005-1293

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006287

PATCH

title:	HT211168	url:	https://support.apple.com/en-us/HT211168	Trust: 1.6
title:	HT211170	url:	https://support.apple.com/en-us/HT211170	Trust: 0.8
title:	HT211171	url:	https://support.apple.com/en-us/HT211171	Trust: 0.8
title:	HT211175	url:	https://support.apple.com/en-us/HT211175	Trust: 0.8
title:	HT211170	url:	https://support.apple.com/ja-jp/HT211170	Trust: 0.8
title:	HT211171	url:	https://support.apple.com/ja-jp/HT211171	Trust: 0.8
title:	HT211175	url:	https://support.apple.com/ja-jp/HT211175	Trust: 0.8
title:	HT211168	url:	https://support.apple.com/ja-jp/HT211168	Trust: 0.8
title:	Multiple Apple product Kernel Fix for component buffer error vulnerability	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=121260	Trust: 0.6

sources: JVNDB: JVNDB-2020-006287 // JVNDB: JVNDB-2020-018305 // CNNVD: CNNVD-202005-1293

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9821	Trust: 4.4
db:	JVN	id:	JVNVU98042162	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-006287	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-018305	Trust: 0.8
db:	CNNVD	id:	CNNVD-202005-1293	Trust: 0.7
db:	PACKETSTORM	id:	157883	Trust: 0.7
db:	NSFOCUS	id:	48549	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1861	Trust: 0.6
db:	VULHUB	id:	VHN-187946	Trust: 0.1
db:	PACKETSTORM	id:	157877	Trust: 0.1
db:	PACKETSTORM	id:	157879	Trust: 0.1

sources: VULHUB: VHN-187946 // JVNDB: JVNDB-2020-006287 // JVNDB: JVNDB-2020-018305 // PACKETSTORM: 157883 // PACKETSTORM: 157877 // PACKETSTORM: 157879 // CNNVD: CNNVD-202005-1293 // NVD: CVE-2020-9821

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-9821	Trust: 2.5
url:	https://support.apple.com/ht211168	Trust: 1.7
url:	https://support.apple.com/ht211170	Trust: 1.7
url:	https://support.apple.com/ht211171	Trust: 1.7
url:	https://support.apple.com/ht211175	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9821	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu98042162/index.html	Trust: 0.8
url:	https://support.apple.com/kb/ht211168	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1861/	Trust: 0.6
url:	https://support.apple.com/en-us/ht211170	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/48549	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-32343	Trust: 0.6
url:	https://support.apple.com/en-us/ht211168	Trust: 0.6
url:	https://support.apple.com/kb/ht211170	Trust: 0.6
url:	https://packetstormsecurity.com/files/157883/apple-security-advisory-2020-05-26-4.html	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9809	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9813	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9795	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9814	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9811	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9797	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9791	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9808	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9790	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9816	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9789	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20044	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3878	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9815	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9793	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9794	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9812	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9807	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9806	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9827	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9802	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20503	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9800	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9805	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9803	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9829	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9837	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9822	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9804	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9826	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14868	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9792	Trust: 0.1
url:	https://support.apple.com/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3882	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9824	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9817	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9788	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9825	Trust: 0.1
url:	https://wojciechregula.blog)	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9819	Trust: 0.1
url:	https://support.apple.com/kb/ht204641	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9818	Trust: 0.1

CREDITS

Apple

Trust: 0.9

sources: PACKETSTORM: 157883 // PACKETSTORM: 157877 // PACKETSTORM: 157879 // CNNVD: CNNVD-202005-1293

SOURCES

db:	VULHUB	id:	VHN-187946
db:	JVNDB	id:	JVNDB-2020-006287
db:	JVNDB	id:	JVNDB-2020-018305
db:	PACKETSTORM	id:	157883
db:	PACKETSTORM	id:	157877
db:	PACKETSTORM	id:	157879
db:	CNNVD	id:	CNNVD-202005-1293
db:	NVD	id:	CVE-2020-9821

LAST UPDATE DATE

2024-11-23T19:49:30.941000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-187946	date:	2023-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-006287	date:	2020-07-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-018305	date:	2024-07-19T00:55:00
db:	CNNVD	id:	CNNVD-202005-1293	date:	2023-01-10T00:00:00
db:	NVD	id:	CVE-2020-9821	date:	2024-11-21T05:41:20.820

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-187946	date:	2020-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-006287	date:	2020-07-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-018305	date:	2024-07-19T00:00:00
db:	PACKETSTORM	id:	157883	date:	2020-05-29T19:07:47
db:	PACKETSTORM	id:	157877	date:	2020-05-29T19:04:22
db:	PACKETSTORM	id:	157879	date:	2020-05-29T19:05:25
db:	CNNVD	id:	CNNVD-202005-1293	date:	2020-05-26T00:00:00
db:	NVD	id:	CVE-2020-9821	date:	2020-06-09T17:15:13.533