⚠ Actively exploited
Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2020-27932Type Confusion in Apple IOS AND Ipados

CWE-843Type Confusion12 documents7 sources
Severity
7.8HIGHNVD
VulnCheck8.8
EPSS
15.7%
top 5.27%
CISA KEV
KEV
Added 2021-11-03
Due 2022-05-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
8
Apple IOS AND IpadosApple MacosApple Watchos+5 more
Timeline
PublishedDec 8
KEV addedNov 3
KEV dueMay 3
Latest updateMay 24
CISA Required Action: Apply updates per vendor instructions.

Description

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to execute arbitrary code with kernel privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages10 packages

CVEListV5apple/macosunspecified11.0+5
NVDapple/macos11.011.0.1
CVEListV5apple/watchosunspecified7.1
NVDapple/watchos6.06.2.9+2
NVDapple/mac_os_x< 10.15.7

🔴Vulnerability Details

9
GHSA
GHSA-f3wv-rx3x-v6fh: A type confusion issue was addressed with improved state handling2022-05-24
Project0
The More You Know, The More You Know You Don’t Know - Project Zero2022-04-01
Project0
In-the-Wild Series: October 2020 0-day discovery - Project Zero2021-03-01
CVEList
CVE-2020-27932: A type confusion issue was addressed with improved state handling2020-12-08
VulnCheck
Apple Multiple Products Type Confusion Vulnerability2020

📋Vendor Advisories

2
CISA
Apple Multiple Products Type Confusion Vulnerability2021-11-03
Apple
CVE-2020-27932: iOS 14.2 and iPadOS 14.22020-11-05
CVE-2020-27932 — Type Confusion in Apple IOS AND Ipados | cvebase