Details of VAR-202012-1504

ID

VAR-202012-1504

CVE

CVE-2020-9987

TITLE

Safari User Interface Mismatch Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-014230

DESCRIPTION

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 14.0. Visiting a malicious website may lead to address bar spoofing. Safari Exists in a user interface mismatch vulnerability due to poor state management.malicious Web It is possible to spoof the address bar through a visit to the site. Apple Safari is a web browser of Apple (Apple), the default browser included with Mac OS X and iOS operating systems. There is a security vulnerability in versions of Apple Safari prior to 14.0. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-11-13-5 Additional information for APPLE-SA-2020-09-16-3 Safari 14.0 Safari 14.0 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT211845. Safari Available for: macOS Catalina and macOS Mojave, and included in macOS Big Sur Impact: Visiting a malicious website may lead to address bar spoofing Description: The issue was addressed with improved UI handling. CVE-2020-9993: Masato Sugiyama (@smasato) of University of Tsukuba, Piotr Duszynski Entry added November 12, 2020 Safari Available for: macOS Catalina and macOS Mojave, and included in macOS Big Sur Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2020-9987: Rafay Baloch (cybercitadel.com) of Cyber Citadel Entry added November 12, 2020 WebKit Available for: macOS Catalina and macOS Mojave Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2020-9948: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative WebKit Available for: macOS Catalina and macOS Mojave, and included in macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9947: cc working with Trend Micro Zero Day Initiative CVE-2020-9950: cc working with Trend Micro Zero Day Initiative CVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos Entry updated November 12, 2020 WebKit Available for: macOS Catalina and macOS Mojave Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2020-9952: Ryan Pickren (ryanpickren.com) WebKit Available for: macOS Catalina and macOS Mojave Impact: Processing maliciously crafted web content may lead to code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9983: zhunki Additional recognition Safari We would like to acknowledge @PaulosYibelo of Limehats, Ryan Pickren (ryanpickren.com) for their assistance. Entry added November 12, 2020 Safari Reader We would like to acknowledge Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance. Entry added November 12, 2020 WebKit We would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan Pickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance. Entry added November 12, 2020 Installation note: Safari 14.0 may be obtained from the Mac App Store. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+uxmkACgkQZcsbuWJ6 jjC10xAApnFTMOYmt4Y5o7KF5E6OBizR9toCIxwAxr8nRX5/UfPC3aIKv7DFYTP/ JrAlUMM8soZAuytc1dQPXpMgsM71OctsSM92Z06oEVeiN9w1lZ/Bonh8F2R0Sm2Y upMFk6aHHWt++JfhbYQULNZx9zrT885dmyynLTk5kHB8TRnIqUmtzcpeYWkGkT78 TdMn9w9atcbSbi0Yqybmy+CE3qvm96C8TIQTMj2Qlp04AU0ZAtogZfTwJvPV8LIx sqHaGRO2hcTchxcWn50edjANOOBK+16QdcqoTKKVZY95RjIFvksD/lAZqMlNIlNR X5pXr2NfkPRQwMcyAW4YKEJ165TohV/6eiYKJr70BbigWWwfNWhjJiT4drAnd9ii uO6NI85hLLeF6me28L2RPxO7XuVnu5MXzLzgKR0dprsyoF0yxEcJ6rX56bduggli lZ+eziUH5ReUw0E3RtIC5u0NSOPjsYuErH0qH0nCTUU6dRNI7u1ZKq44eyGjrdvg vfNoci5yMnqsp+8D/yjZc2zQZCSEXgMpuNNac1Unv1JFPrypG/N5a2qmqDWi+P/x Pcbv1TzDS0XwXuwXMgTflj6MY38gbAIpZlZNEyjvxx9r7MUBYEeEW1KMoTtghiaa kL7XmKJEGZib++TAP4+jZ/6tWjhijdmkx5S+85vi7TV8NbHpn4o= =EiFD -----END PGP SIGNATURE-----

Trust: 1.8

sources: NVD: CVE-2020-9987 // JVNDB: JVNDB-2020-014230 // VULHUB: VHN-188112 // PACKETSTORM: 160063

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	lt	version:	14.0	Trust: 1.0
vendor:	アップル	model:	safari	scope:	lt	version:	(macos mojave)	Trust: 0.8
vendor:	アップル	model:	safari	scope:	lt	version:	(macos big sur)	Trust: 0.8
vendor:	アップル	model:	safari	scope:	eq	version:	14.0	Trust: 0.8
vendor:	アップル	model:	safari	scope:	lt	version:	(macos catalina)	Trust: 0.8
vendor:	アップル	model:	safari	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-014230 // NVD: CVE-2020-9987

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9987
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-9987
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202011-1411
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-188112
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-9987
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-188112
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9987
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2020-9987
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-188112 // JVNDB: JVNDB-2020-014230 // CNNVD: CNNVD-202011-1411 // NVD: CVE-2020-9987

PROBLEMTYPE DATA

problemtype:	CWE-1021	Trust: 1.0
problemtype:	Inappropriate restrictions on rendered user interface layers or frames (CWE-1021) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-014230 // NVD: CVE-2020-9987

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-1411

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-1411

PATCH

title:	HT211845 Apple Security update	url:	https://support.apple.com/en-us/HT211845	Trust: 0.8
title:	Apple Safari Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=136272	Trust: 0.6
title:	Threatpost	url:	https://threatpost.com/mobile-browser-bugs-safari-opera-malware/160326/	Trust: 0.1

sources: VULMON: CVE-2020-9987 // JVNDB: JVNDB-2020-014230 // CNNVD: CNNVD-202011-1411

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9987	Trust: 2.7
db:	PACKETSTORM	id:	160063	Trust: 0.8
db:	JVN	id:	JVNVU92546061	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-014230	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.3184.2	Trust: 0.6
db:	CNNVD	id:	CNNVD-202011-1411	Trust: 0.6
db:	VULHUB	id:	VHN-188112	Trust: 0.1
db:	VULMON	id:	CVE-2020-9987	Trust: 0.1

sources: VULHUB: VHN-188112 // VULMON: CVE-2020-9987 // JVNDB: JVNDB-2020-014230 // PACKETSTORM: 160063 // CNNVD: CNNVD-202011-1411 // NVD: CVE-2020-9987

REFERENCES

url:	https://support.apple.com/en-us/ht211845	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9987	Trust: 1.5
url:	http://jvn.jp/vu/jvnvu92546061/index.html	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.3184.2/	Trust: 0.6
url:	https://packetstormsecurity.com/files/160063/apple-security-advisory-2020-11-13-5.html	Trust: 0.6
url:	https://threatpost.com/mobile-browser-bugs-safari-opera-malware/160326/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9948	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9983	Trust: 0.1
url:	https://support.apple.com/ht211845.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9947	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9993	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9950	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9952	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9951	Trust: 0.1

sources: VULHUB: VHN-188112 // VULMON: CVE-2020-9987 // JVNDB: JVNDB-2020-014230 // PACKETSTORM: 160063 // CNNVD: CNNVD-202011-1411 // NVD: CVE-2020-9987

CREDITS

Apple

Trust: 0.7

sources: PACKETSTORM: 160063 // CNNVD: CNNVD-202011-1411

SOURCES

db:	VULHUB	id:	VHN-188112
db:	VULMON	id:	CVE-2020-9987
db:	JVNDB	id:	JVNDB-2020-014230
db:	PACKETSTORM	id:	160063
db:	CNNVD	id:	CNNVD-202011-1411
db:	NVD	id:	CVE-2020-9987

LAST UPDATE DATE

2024-11-23T21:11:49.823000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-188112	date:	2020-12-09T00:00:00
db:	VULMON	id:	CVE-2020-9987	date:	2020-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-014230	date:	2021-08-12T05:23:00
db:	CNNVD	id:	CNNVD-202011-1411	date:	2020-12-16T00:00:00
db:	NVD	id:	CVE-2020-9987	date:	2024-11-21T05:41:38.990

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-188112	date:	2020-12-08T00:00:00
db:	VULMON	id:	CVE-2020-9987	date:	2020-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2020-014230	date:	2021-08-12T00:00:00
db:	PACKETSTORM	id:	160063	date:	2020-11-13T23:33:33
db:	CNNVD	id:	CNNVD-202011-1411	date:	2020-11-13T00:00:00
db:	NVD	id:	CVE-2020-9987	date:	2020-12-08T20:15:17.840