Details of VAR-202006-1633

ID

VAR-202006-1633

CVE

CVE-2020-9839

TITLE

plural Apple Product Race Condition Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-006162

DESCRIPTION

A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges. plural Apple The product is vulnerable to race conditions due to flawed state handling.Elevated privileges may be obtained through the application. This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of file permisions. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the root. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple macOS Catalina is a dedicated operating system developed for Mac computers. System Preferences is one of the System Preferences components. A race condition issue exists in the System Preferences component in several Apple products. An attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected: Apple iOS prior to 13.5; iPadOS prior to 13.5; macOS Catalina prior to 10.15.5; tvOS prior to 13.4.5; watchOS prior to 6.2.5

Trust: 2.34

sources: NVD: CVE-2020-9839 // JVNDB: JVNDB-2020-006162 // ZDI: ZDI-20-681 // VULHUB: VHN-187964

AFFECTED PRODUCTS

vendor:	apple	model:	tvos	scope:	lt	version:	13.4.5	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	13.5	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	13.5	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	6.2.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.5	Trust: 1.0
vendor:	apple	model:	tvos	scope:	eq	version:	13.4.5 未満 (apple tv 4k)	Trust: 0.8
vendor:	apple	model:	ipados	scope:	eq	version:	13.5 未満 (ipad air 2 以降)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	eq	version:	6.2.5 未満 (apple watch series 1 以降 )	Trust: 0.8
vendor:	apple	model:	ipados	scope:	eq	version:	13.5 未満 (ipad mini 4 以降)	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.6	Trust: 0.8
vendor:	apple	model:	ios	scope:	eq	version:	13.5 未満 (ipod touch 第 7 世代)	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.14.6	Trust: 0.8
vendor:	apple	model:	tvos	scope:	eq	version:	13.4.5 未満 (apple tv hd)	Trust: 0.8
vendor:	apple	model:	ios	scope:	eq	version:	13.5 未満 (iphone 6s 以降)	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.4	Trust: 0.8
vendor:	apple	model:	macos	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-20-681 // JVNDB: JVNDB-2020-006162 // NVD: CVE-2020-9839

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9839
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-006162
value:	HIGH
Trust: 0.8
ZDI:	CVE-2020-9839
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-202005-1272
value:	HIGH
Trust: 0.6
VULHUB:	VHN-187964
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-9839
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-006162
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-187964
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9839
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.0
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-006162
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2020-9839
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-20-681 // VULHUB: VHN-187964 // JVNDB: JVNDB-2020-006162 // CNNVD: CNNVD-202005-1272 // NVD: CVE-2020-9839

PROBLEMTYPE DATA

problemtype:

CWE-362

Trust: 1.9

sources: VULHUB: VHN-187964 // JVNDB: JVNDB-2020-006162 // NVD: CVE-2020-9839

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202005-1272

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-202005-1272

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006162

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-187964

PATCH

title:	HT211168	url:	https://support.apple.com/en-us/HT211168	Trust: 0.8
title:	HT211170	url:	https://support.apple.com/en-us/HT211170	Trust: 0.8
title:	HT211171	url:	https://support.apple.com/en-us/HT211171	Trust: 0.8
title:	HT211175	url:	https://support.apple.com/en-us/HT211175	Trust: 0.8
title:	HT211170	url:	https://support.apple.com/ja-jp/HT211170	Trust: 0.8
title:	HT211171	url:	https://support.apple.com/ja-jp/HT211171	Trust: 0.8
title:	HT211175	url:	https://support.apple.com/ja-jp/HT211175	Trust: 0.8
title:	HT211168	url:	https://support.apple.com/ja-jp/HT211168	Trust: 0.8
title:	-	url:	https://support.apple.com/en-gb/HT211170	Trust: 0.7
title:	Multiple Apple product System Preferences Repair measures for component race condition problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121022	Trust: 0.6

sources: ZDI: ZDI-20-681 // JVNDB: JVNDB-2020-006162 // CNNVD: CNNVD-202005-1272

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9839	Trust: 3.2
db:	ZDI	id:	ZDI-20-681	Trust: 1.3
db:	JVN	id:	JVNVU98042162	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-006162	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-10777	Trust: 0.7
db:	PACKETSTORM	id:	159084	Trust: 0.7
db:	CNNVD	id:	CNNVD-202005-1272	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.1861	Trust: 0.6
db:	NSFOCUS	id:	48675	Trust: 0.6
db:	CXSECURITY	id:	WLB-2020090042	Trust: 0.6
db:	CNVD	id:	CNVD-2020-52144	Trust: 0.1
db:	VULHUB	id:	VHN-187964	Trust: 0.1

sources: ZDI: ZDI-20-681 // VULHUB: VHN-187964 // JVNDB: JVNDB-2020-006162 // CNNVD: CNNVD-202005-1272 // NVD: CVE-2020-9839

REFERENCES

url:	https://support.apple.com/ht211168	Trust: 1.7
url:	https://support.apple.com/ht211170	Trust: 1.7
url:	https://support.apple.com/ht211171	Trust: 1.7
url:	https://support.apple.com/ht211175	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9839	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9839	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu98042162/index.html	Trust: 0.8
url:	https://support.apple.com/en-gb/ht211170	Trust: 0.7
url:	https://cxsecurity.com/issue/wlb-2020090042	Trust: 0.6
url:	https://support.apple.com/kb/ht211168	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1861/	Trust: 0.6
url:	https://support.apple.com/en-us/ht211170	Trust: 0.6
url:	https://support.apple.com/en-us/ht211175	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-32343	Trust: 0.6
url:	https://support.apple.com/kb/ht211170	Trust: 0.6
url:	https://www.zerodayinitiative.com/advisories/zdi-20-681/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/48675	Trust: 0.6
url:	https://packetstormsecurity.com/files/159084/macos-cfprefsd-arbitrary-file-write-local-privilege-escalation.html	Trust: 0.6

sources: ZDI: ZDI-20-681 // VULHUB: VHN-187964 // JVNDB: JVNDB-2020-006162 // CNNVD: CNNVD-202005-1272 // NVD: CVE-2020-9839

CREDITS

@jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech

Trust: 0.7

sources: ZDI: ZDI-20-681

SOURCES

db:	ZDI	id:	ZDI-20-681
db:	VULHUB	id:	VHN-187964
db:	JVNDB	id:	JVNDB-2020-006162
db:	CNNVD	id:	CNNVD-202005-1272
db:	NVD	id:	CVE-2020-9839

LAST UPDATE DATE

2024-11-23T19:49:42.661000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-681	date:	2020-05-28T00:00:00
db:	VULHUB	id:	VHN-187964	date:	2023-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-006162	date:	2020-07-02T00:00:00
db:	CNNVD	id:	CNNVD-202005-1272	date:	2021-11-03T00:00:00
db:	NVD	id:	CVE-2020-9839	date:	2024-11-21T05:41:22.693

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-20-681	date:	2020-05-28T00:00:00
db:	VULHUB	id:	VHN-187964	date:	2020-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-006162	date:	2020-07-02T00:00:00
db:	CNNVD	id:	CNNVD-202005-1272	date:	2020-05-26T00:00:00
db:	NVD	id:	CVE-2020-9839	date:	2020-06-09T17:15:14.643