CVE-2020-27930
published 2020-12-08CVE-2020-27930: A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9…
PriorityP182high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
22.18%
97.4th percentile
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. Processing a maliciously crafted font may lead to arbitrary code execution.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_14.2_and_ipados | — | — |
| apple | ios_and_ipados | >= unspecified < 14.2 | 14.2 |
| apple | ipados | < 14.2 | 14.2 |
| apple | iphone_os | < 12.4.9 | 12.4.9 |
| apple | iphone_os | >= 14.0 < 14.2 | 14.2 |
| apple | mac_os_x | < 10.15.7 | 10.15.7 |
| apple | macos | >= 11.0 < 11.0.1 | 11.0.1 |
| apple | macos | >= unspecified < 11.0 | 11.0 |
| apple | macos | >= unspecified < 12.4 | 12.4 |
| apple | macos | >= unspecified < 6.2 | 6.2 |
| apple | macos | >= unspecified < 5.3 | 5.3 |
| apple | macos | >= unspecified < 2020 | 2020 |
| apple | macos | >= unspecified < 10.15 | 10.15 |
| apple | watchos | < 5.3.9 | 5.3.9 |
| apple | watchos | >= 6.0 < 6.2.9 | 6.2.9 |
| apple | watchos | >= 7.0 < 7.1 | 7.1 |
| apple | watchos | >= unspecified < 7.1 | 7.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerable component is FontParser; monitor for maliciously crafted font files being processed by FontParser on Apple platforms (iOS, iPadOS, macOS, watchOS) ↗
- →CVE-2020-27930 is confirmed exploited in the wild; treat any unpatched Apple device processing untrusted font files as high-priority detection target ↗
- →Affected component is FontParser; focus memory-corruption and code-execution detections on FontParser processing paths across iOS, iPadOS, macOS, and watchOS ↗
- ·Exploit exists in the wild targeting iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later; scope of in-the-wild exploitation confirmed at time of patch release ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vulncheck8.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pcwp-p8jm-7xc7: A memory corruption issue was addressed with improved input validation
ghsa_unreviewed·2022-05-24
CVE-2020-27930 [HIGH] CWE-20 GHSA-pcwp-p8jm-7xc7: A memory corruption issue was addressed with improved input validation
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. Processing a maliciously crafted font may lead to arbitrary code execution.
Project0
In-the-Wild Series: October 2020 0-day discovery - Project Zero
project_zero·2021-03-01·CVSS 9.6
CVE-2020-15999 [CRITICAL] In-the-Wild Series: October 2020 0-day discovery - Project Zero
Posted by Maddie Stone, Project Zero
In October 2020, Google Project Zero discovered seven 0-day exploits being actively used in-the-wild. These exploits were delivered via "watering hole" attacks in a handful of websites pointing to two exploit servers that hosted exploit chains for Android, Windows, and iOS devices. These attacks appear to be the next iteration of the campaign discovered in February 2020 and documented in this blog post series.
In this post we are summarizing the exploit chains we discovered in October 2020. We have already published the details of the seven 0-day vulnerabilities exploited in our root cause analysis (RCA) posts. This post aims to provide the context around these exploits.What happened
In October 2020, we discovered that the actor from the Feb
Project0
Déjà vu-lnerability - Project Zero
project_zero·2021-02-01
CVE-2014-9665 Déjà vu-lnerability - Project Zero
A Year in Review of 0-days Exploited In-The-Wild in 2020
Posted by Maddie Stone, Project Zero
2020 was a year full of 0-day exploits. Many of the Internet’s most popular browsers had their moment in the spotlight. Memory corruption is still the name of the game and how the vast majority of detected 0-days are getting in. While we tried new methods of 0-day detection with modest success, 2020 showed us that there is still a long way to go in detecting these 0-day exploits in-the-wild. But what may be the most notable fact is that 25% of the 0-days detected in 2020 are closely related to previously publicly disclosed vulnerabilities. In other words, 1 out of every 4 detected 0-day exploits could potentially have been avoided if a more thorough investigation and patching effort were explor
VulnCheck
Apple Multiple Products Memory Corruption Vulnerability
vulncheck·2020·CVSS 8.8
CVE-2020-27930 [HIGH] CWE-787 Apple Multiple Products Memory Corruption Vulnerability
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, and watchOS FontParser contain a memory corruption vulnerability which may allow for code execution when processing maliciously crafted front.
Affected: Apple Multiple Products
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2020/CVE-2020-16009.html; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Exploit PoC: https://vulncheck.com/xdb/ba050b6e89d5
Remediation Due: 2022-05-03
Project0
Project Zero RCA: CVE-2020-27950: XNU Kernel Memory Disclosure in Mach Message Trailers
project_zero·CVSS 5.5
CVE-2020-27950 [MEDIUM] Project Zero RCA: CVE-2020-27950: XNU Kernel Memory Disclosure in Mach Message Trailers
# CVE-2020-27950: XNU Kernel Memory Disclosure in Mach Message Trailers
*Ian Beer, Project Zero (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2021-02-04)*
## The Basics
**Disclosure or Patch Date:** 5 November 2020
**Product:** Apple iOS
**Advisory:** https://support.apple.com/en-us/HT211929
**Affected Versions:** iOS 14.1 and previous
**First Patched Version:** iOS 14.2
**Issue/Bug Report:** https://bugs.chromium.org/p/project-zero/issues/detail?id=2108
**Patch CL:** N/A
**Bug-Introducing CL:** N/A
**Reporter(s):** Ian Beer of Google Project Zero
## The Code
**Proof-of-concept:** https://bugs.chromium.org/p/project-zero/issues/detail?id=2108
**Exploit sample:** N/A
**Did you have access to the exploit sample when doing the analy
Project0
Project Zero RCA: CVE-2020-27932: iOS Kernel privesc with turnstiles
project_zero·CVSS 7.8
CVE-2020-27932 [HIGH] Project Zero RCA: CVE-2020-27932: iOS Kernel privesc with turnstiles
# CVE-2020-27932: iOS Kernel privesc with turnstiles
*Ian Beer, Project Zero (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2021-02-04)*
## The Basics
**Disclosure or Patch Date:** 5 November 2020
**Product:** Apple iOS
**Advisory:** https://support.apple.com/en-us/HT211929
**Affected Versions:** iOS 14.1 and previous
**First Patched Version:** iOS 14.2
**Issue/Bug Report:** https://bugs.chromium.org/p/project-zero/issues/detail?id=2107
**Patch CL:** N/A
**Bug-Introducing CL:** N/A
**Reporter(s):** Ian Beer of Google Project Zero
## The Code
**Proof-of-concept:** https://bugs.chromium.org/p/project-zero/issues/detail?id=2107
**Exploit sample:** N/A
**Did you have access to the exploit sample when doing the analysis?** Yes
## The
Project0
Project Zero RCA: CVE-2020-16009: Chrome Turbofan Type Confusion after Map Deprecation
project_zero·CVSS 8.8
CVE-2020-16009 [HIGH] Project Zero RCA: CVE-2020-16009: Chrome Turbofan Type Confusion after Map Deprecation
# CVE-2020-16009: Chrome Turbofan Type Confusion after Map Deprecation
*Samuel Groß, Project Zero (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2021-02-04)*
## The Basics
**Disclosure or Patch Date:** 2 November 2020
**Product:** Google Chrome
**Advisory:** https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html
**Affected Versions:** 86.0.4240.111 and previous
**First Patched Version:** 86.0.4240.183
**Issue/Bug Report:**
* Project Zero: https://bugs.chromium.org/p/project-zero/issues/detail?id=2106
* Chromium: https://bugs.chromium.org/p/chromium/issues/detail?id=1143772
**Patch CL:** https://chromium.googlesource.com/v8/v8.git/+/3ba21a17ce2f26b015cc29adc473812247472776
**Bug-Introducing CL:** N/A
**Re
Project0
Project Zero RCA: CVE-2020-27930: Safari RCE in Type 1 fonts handled by libType1Scaler.dylib
project_zero·CVSS 7.8
CVE-2020-27930 [HIGH] Project Zero RCA: CVE-2020-27930: Safari RCE in Type 1 fonts handled by libType1Scaler.dylib
# CVE-2020-27930: Safari RCE in Type 1 fonts handled by libType1Scaler.dylib
*Mateusz Jurczyk and Sergei Glazunov, Project Zero (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2021-02-04)*
## The Basics
**Disclosure or Patch Date:** 5 November 2020
**Product:** Apple Safari
**Advisory:** https://support.apple.com/en-us/HT211929
**Affected Versions:** iOS 14.1 and previous, macOS 10.15.6 and previous
**First Patched Version:** iOS 14.2 and macOS 10.15.7
**Issue/Bug Report:** https://bugs.chromium.org/p/project-zero/issues/detail?id=2105
**Patch CL:** N/A
**Bug-Introducing CL:** N/A
**Reporter(s):** Mateusz Jurczyk & Sergei Glazunov of Google Project Zero
## The Code
**Proof-of-concept:** https://bugs.chromium.org/p/project-zero/issues
CISA
Apple Multiple Products Memory Corruption Vulnerability
cisa·2021-11-03·CVSS 7.8
CVE-2020-27930 [HIGH] CWE-787 Apple Multiple Products Memory Corruption Vulnerability
Vulnerability: Apple Multiple Products Memory Corruption Vulnerability
Affected: Apple Multiple Products
Apple iOS, iPadOS, macOS, and watchOS FontParser contain a memory corruption vulnerability which may allow for code execution when processing maliciously crafted front.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-27930
Remediation Due Date: 2022-05-03
Apple
CVE-2020-27930: iOS 14.2 and iPadOS 14.2
vendor_apple·2020-11-05·CVSS 7.8
CVE-2020-27930 [HIGH] CVE-2020-27930: iOS 14.2 and iPadOS 14.2
Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2
Product: iOS 14.2 and iPadOS
Version: 14.2
CVE: CVE-2020-27930
Component: FontParser
Impact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild.
Description: A memory corruption issue was addressed with improved input validation.
No detection rules found.
No public exploits indexed.
http://packetstormsecurity.com/files/161294/Apple-Safari-Remote-Code-Execution.htmlhttp://seclists.org/fulldisclosure/2020/Dec/32https://support.apple.com/en-us/HT211928https://support.apple.com/en-us/HT211929https://support.apple.com/en-us/HT211931https://support.apple.com/en-us/HT211940https://support.apple.com/en-us/HT211944https://support.apple.com/en-us/HT211945https://support.apple.com/en-us/HT211946https://support.apple.com/en-us/HT211947http://packetstormsecurity.com/files/161294/Apple-Safari-Remote-Code-Execution.htmlhttp://seclists.org/fulldisclosure/2020/Dec/32https://support.apple.com/en-us/HT211928https://support.apple.com/en-us/HT211929https://support.apple.com/en-us/HT211931https://support.apple.com/en-us/HT211940https://support.apple.com/en-us/HT211944https://support.apple.com/en-us/HT211945https://support.apple.com/en-us/HT211946https://support.apple.com/en-us/HT211947https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-27930
2020-12-08
Published
2021-11-03
Added to CISA KEV
Exploited in the wild