Sign-up

ID

VAR-202010-1498


CVE

CVE-2020-9990


TITLE

Apple macOS process_token_SetFence Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability

Trust: 1.4

sources: ZDI: ZDI-20-1260 // ZDI: ZDI-20-1259

DESCRIPTION

A race condition was addressed with additional validation. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges. This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the AppleIntelKBLGraphics kernel extension. The issue results from the lack of proper locking when performing operations on an object. Apple OS X is a set of dedicated operating systems developed by Apple for Mac computers. Apple macOS could allow a local authenticated malicious user to gain elevated privileges on the system, caused by a time-of-check time-of-use race condition in the AppleIntelKBLGraphics kernel extension

Trust: 2.34

sources: NVD: CVE-2020-9990 // ZDI: ZDI-20-1260 // ZDI: ZDI-20-1259 // VULHUB: VHN-188115 // VULMON: CVE-2020-9990

AFFECTED PRODUCTS

vendor:applemodel:macosscope: - version: -

Trust: 1.4

vendor:applemodel:mac os xscope:ltversion:10.5.6

Trust: 1.0

sources: ZDI: ZDI-20-1260 // ZDI: ZDI-20-1259 // NVD: CVE-2020-9990

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2020-9990
value: HIGH

Trust: 1.4

nvd@nist.gov: CVE-2020-9990
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202010-1247
value: HIGH

Trust: 0.6

VULHUB: VHN-188115
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-9990
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9990
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-188115
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ZDI: CVE-2020-9990
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.1
impactScore: 6.0
version: 3.0

Trust: 1.4

nvd@nist.gov: CVE-2020-9990
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.1
impactScore: 6.0
version: 3.1

Trust: 1.0

sources: ZDI: ZDI-20-1260 // ZDI: ZDI-20-1259 // VULHUB: VHN-188115 // VULMON: CVE-2020-9990 // CNNVD: CNNVD-202010-1247 // NVD: CVE-2020-9990

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.1

problemtype:CWE-367

Trust: 0.1

sources: VULHUB: VHN-188115 // NVD: CVE-2020-9990

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202010-1247

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-202010-1247

PATCH

title:Apple has issued an update to correct this vulnerability.url:https://support.apple.com/en-us/HT211289

Trust: 1.4

title:Apple OS X Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131850

Trust: 0.6

sources: ZDI: ZDI-20-1260 // ZDI: ZDI-20-1259 // CNNVD: CNNVD-202010-1247

EXTERNAL IDS

db:NVDid:CVE-2020-9990

Trust: 3.2

db:ZDI_CANid:ZDI-CAN-10924

Trust: 0.7

db:ZDIid:ZDI-20-1260

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-10823

Trust: 0.7

db:ZDIid:ZDI-20-1259

Trust: 0.7

db:CNNVDid:CNNVD-202010-1247

Trust: 0.7

db:NSFOCUSid:50123

Trust: 0.6

db:VULHUBid:VHN-188115

Trust: 0.1

db:VULMONid:CVE-2020-9990

Trust: 0.1

sources: ZDI: ZDI-20-1260 // ZDI: ZDI-20-1259 // VULHUB: VHN-188115 // VULMON: CVE-2020-9990 // CNNVD: CNNVD-202010-1247 // NVD: CVE-2020-9990

REFERENCES

url:https://support.apple.com/en-us/ht211289

Trust: 2.0

url:https://support.apple.com/kb/ht211289

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-9990

Trust: 0.6

url:http://www.nsfocus.net/vulndb/50123

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/367.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/189989

Trust: 0.1

sources: ZDI: ZDI-20-1260 // ZDI: ZDI-20-1259 // VULHUB: VHN-188115 // VULMON: CVE-2020-9990 // CNNVD: CNNVD-202010-1247 // NVD: CVE-2020-9990

CREDITS

ABC Research s.r.l.

Trust: 0.7

sources: ZDI: ZDI-20-1260

SOURCES

db:ZDIid:ZDI-20-1260
db:ZDIid:ZDI-20-1259
db:VULHUBid:VHN-188115
db:VULMONid:CVE-2020-9990
db:CNNVDid:CNNVD-202010-1247
db:NVDid:CVE-2020-9990

LAST UPDATE DATE

2024-11-23T22:29:27.071000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-20-1260date:2020-10-19T00:00:00
db:ZDIid:ZDI-20-1259date:2020-10-19T00:00:00
db:VULHUBid:VHN-188115date:2022-05-03T00:00:00
db:VULMONid:CVE-2020-9990date:2020-10-30T00:00:00
db:CNNVDid:CNNVD-202010-1247date:2022-05-05T00:00:00
db:NVDid:CVE-2020-9990date:2024-11-21T05:41:39.303

SOURCES RELEASE DATE

db:ZDIid:ZDI-20-1260date:2020-10-19T00:00:00
db:ZDIid:ZDI-20-1259date:2020-10-19T00:00:00
db:VULHUBid:VHN-188115date:2020-10-22T00:00:00
db:VULMONid:CVE-2020-9990date:2020-10-22T00:00:00
db:CNNVDid:CNNVD-202010-1247date:2020-10-22T00:00:00
db:NVDid:CVE-2020-9990date:2020-10-22T19:15:15.963