cbcvebase.
CVE-2020-27930
published 2020-12-08

CVE-2020-27930: A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9…

PriorityP182high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
22.18%
97.4th percentile
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. Processing a maliciously crafted font may lead to arbitrary code execution.

Affected

17 ranges
VendorProductVersion rangeFixed in
appleios_14.2_and_ipados
appleios_and_ipados>= unspecified < 14.214.2
appleipados< 14.214.2
appleiphone_os< 12.4.912.4.9
appleiphone_os>= 14.0 < 14.214.2
applemac_os_x< 10.15.710.15.7
applemacos>= 11.0 < 11.0.111.0.1
applemacos>= unspecified < 11.011.0
applemacos>= unspecified < 12.412.4
applemacos>= unspecified < 6.26.2
applemacos>= unspecified < 5.35.3
applemacos>= unspecified < 20202020
applemacos>= unspecified < 10.1510.15
applewatchos< 5.3.95.3.9
applewatchos>= 6.0 < 6.2.96.2.9
applewatchos>= 7.0 < 7.17.1
applewatchos>= unspecified < 7.17.1

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerable component is FontParser; monitor for maliciously crafted font files being processed by FontParser on Apple platforms (iOS, iPadOS, macOS, watchOS)
  • CVE-2020-27930 is confirmed exploited in the wild; treat any unpatched Apple device processing untrusted font files as high-priority detection target
  • Affected component is FontParser; focus memory-corruption and code-execution detections on FontParser processing paths across iOS, iPadOS, macOS, and watchOS
  • ·Exploit exists in the wild targeting iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later; scope of in-the-wild exploitation confirmed at time of patch release

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vulncheck8.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.