VDB
CVE-2020-27950
CVE-2020-27950
PUBLISHED
KEV
CVSS 7.099999904632568 HIGH
A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to disclose kernel memory.
EPSS 43.76% · 97.6th percentile
Risk Scores
CVSS 2.0
7.099999904632568
EPSS Score
43.76%
97.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | iOS and iPadOS | * |
| apple | macos | 11.0, 0 |
| apple | watchos | 0, 6.0, 7.0 |
| Apple | macOS | *, unspecified, unspecified |
| apple | ipados | 0 |
| apple | iphone_os | 14.0, 0 |
| Apple | watchOS | unspecified |
Exploit Intelligence
- A Bash script for Kali Linux that exploits an iOS WebKit vulnerability (CVE-2020-27950) using Metasploit and ngrok. Automates payload delivery with a public URL via ngrok, checks for required tools, handles errors, and provides an easy way to crash browsers for educational purposes only. (github-poc-repo)
- A Bash script for Kali Linux that exploits an iOS WebKit vulnerability (CVE-2020-27950) using Metasploit and ngrok. Automates payload delivery with a public URL via ngrok, checks for required tools, handles errors, and provides an easy way to crash browsers for educational purposes only. (github-poc-repo)
- A Bash script for Kali Linux that exploits an iOS WebKit vulnerability (CVE-2020-27950) using Metasploit and ngrok. Automates payload delivery with a public URL via ngrok, checks for required tools, handles errors, and provides an easy way to crash browsers for educational purposes only. (github-poc-repo)
- A Bash script for Kali Linux that exploits an iOS WebKit vulnerability (CVE-2020-27950) using Metasploit and ngrok. Automates payload delivery with a public URL via ngrok, checks for required tools, handles errors, and provides an easy way to crash browsers for educational purposes only. (github-poc-repo)
- A Bash script for Kali Linux that exploits an iOS WebKit vulnerability (CVE-2020-27950) using Metasploit and ngrok. Automates payload delivery with a public URL via ngrok, checks for required tools, handles errors, and provides an easy way to crash browsers for educational purposes only. (github-poc-repo)
- A Bash script for Kali Linux that exploits an iOS WebKit vulnerability (CVE-2020-27950) using Metasploit and ngrok. Automates payload delivery with a public URL via ngrok, checks for required tools, handles errors, and provides an easy way to crash browsers for educational purposes only. (github-poc-repo)
- A Bash script for Kali Linux that exploits an iOS WebKit vulnerability (CVE-2020-27950) using Metasploit and ngrok. Automates payload delivery with a public URL via ngrok, checks for required tools, handles errors, and provides an easy way to crash browsers for educational purposes only. (github-poc-repo)
- A Bash script for Kali Linux that exploits an iOS WebKit vulnerability (CVE-2020-27950) using Metasploit and ngrok. Automates payload delivery with a public URL via ngrok, checks for required tools, handles errors, and provides an easy way to crash browsers for educational purposes only. (github-poc)
- A Bash script for Kali Linux that exploits an iOS WebKit vulnerability (CVE-2020-27950) using Metasploit and ngrok. Automates payload delivery with a public URL via ngrok, checks for required tools, handles errors, and provides an easy way to crash browsers for educational purposes only. (github-poc)
- A Bash script for Kali Linux that exploits an iOS WebKit vulnerability (CVE-2020-27950) using Metasploit and ngrok. Automates payload delivery with a public URL via ngrok, checks for required tools, handles errors, and provides an easy way to crash browsers for educational purposes only. (github-poc)
…and 47 more exploits
Timeline
- Nov 5, 2020 PoC Published
- Nov 6, 2020 PoC Published
- Nov 8, 2020 PoC Published
- Nov 13, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Nov 3, 2021 CISA KEV Added
- Nov 8, 2021 PoC Published
- Nov 20, 2021 PoC Published
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- May 1, 2022 EPSS Score
References
- https://support.apple.com/en-us/HT211946 url
- https://support.apple.com/en-us/HT211947 url
- https://support.apple.com/en-us/HT211940 url
- https://support.apple.com/en-us/HT211944 url
- https://support.apple.com/en-us/HT211945 url
- https://support.apple.com/en-us/HT211929 url
- https://support.apple.com/en-us/HT211931 url
- https://support.apple.com/en-us/HT211928 url
- 20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1 mailing-list
- http://packetstormsecurity.com/files/161296/XNU-Kernel-Mach-Message-Trailers-Memory-Disclosure.html url
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-27950 url
- https://nvd.nist.gov/vuln/detail/CVE-2020-27950 advisory
- https://support.apple.com/fr-fr/HT211934 advisory
- https://support.apple.com/fr-fr/HT211946 advisory
- https://support.apple.com/fr-fr/HT211931 advisory
- https://support.apple.com/fr-fr/HT211945 advisory
- https://support.apple.com/fr-fr/HT211930 advisory
- https://support.apple.com/fr-fr/HT211947 advisory
- https://support.apple.com/fr-fr/HT211944 advisory
- https://support.apple.com/fr-fr/HT211929 advisory
…and 2 more