CVE-2020-27950
published 2020-12-08CVE-2020-27950: A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High…
PriorityP277medium5.5CVSS 3.1
AVLACLPRNUIRSUCHINAN
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
16.52%
96.6th percentile
A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to disclose kernel memory.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_14.2_and_ipados | — | — |
| apple | ios_and_ipados | >= unspecified < 14.2 | 14.2 |
| apple | ipados | < 14.2 | 14.2 |
| apple | iphone_os | < 12.4.9 | 12.4.9 |
| apple | iphone_os | >= 14.0 < 14.2 | 14.2 |
| apple | macos | < 10.15.7 | 10.15.7 |
| apple | macos | >= 11.0 < 11.0.1 | 11.0.1 |
| apple | macos | >= unspecified < 11.0 | 11.0 |
| apple | macos | >= unspecified < 12.4 | 12.4 |
| apple | macos | >= unspecified < 6.2 | 6.2 |
| apple | macos | >= unspecified < 5.3 | 5.3 |
| apple | macos | >= unspecified < 2020 | 2020 |
| apple | macos | >= unspecified < 10.15 | 10.15 |
| apple | watchos | < 5.3.9 | 5.3.9 |
| apple | watchos | >= 6.0 < 6.2.9 | 6.2.9 |
| apple | watchos | >= 7.0 < 7.1 | 7.1 |
| apple | watchos | >= unspecified < 7.1 | 7.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is in the Kernel component; monitor for malicious applications attempting to disclose kernel memory on Apple platforms (iOS, iPadOS, macOS, watchOS) ↗
- →CVE-2020-27950 is a known exploited vulnerability (KEV); treat any unpatched Apple device running affected OS versions as high-priority for detection and response ↗
- ·Exploit confirmed in the wild by Apple at time of patch release; no public PoC or specific exploit artifact details are provided in the available sources ↗
- ·The vulnerability is a memory initialization issue in the Kernel component; no specific syscall, memory address, or exploit technique is disclosed in available sources, limiting precise behavioral detection rules ↗
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.07.1HIGHAV:N/AC:M/Au:N/C:C/I:N/A:N
vulncheck8.8HIGH
cisa5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-76v6-7m6g-p6v4: A memory initialization issue was addressed
ghsa_unreviewed·2022-05-24
CVE-2020-27950 [HIGH] CWE-665 GHSA-76v6-7m6g-p6v4: A memory initialization issue was addressed
A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to disclose kernel memory.
Project0
The More You Know, The More You Know You Don’t Know - Project Zero
project_zero·2022-04-01
CVE-2016-4654 The More You Know, The More You Know You Don’t Know - Project Zero
A Year in Review of 0-days Used In-the-Wild in 2021
Posted by Maddie Stone, Google Project Zero
This is our third annual year in review of 0-days exploited in-the-wild [2020, 2019]. Each year we’ve looked back at all of the detected and disclosed in-the-wild 0-days as a group and synthesized what we think the trends and takeaways are. The goal of this report is not to detail each individual exploit, but instead to analyze the exploits from the year as a group, looking for trends, gaps, lessons learned, successes, etc. If you’re interested in the analysis of individual exploits, please check out our root cause analysis repository.
We perform and share this analysis in order to make 0-day hard. We want it to be more costly, more resource intensive, and overall more difficult for
Project0
In-the-Wild Series: October 2020 0-day discovery - Project Zero
project_zero·2021-03-01·CVSS 9.6
CVE-2020-15999 [CRITICAL] In-the-Wild Series: October 2020 0-day discovery - Project Zero
Posted by Maddie Stone, Project Zero
In October 2020, Google Project Zero discovered seven 0-day exploits being actively used in-the-wild. These exploits were delivered via "watering hole" attacks in a handful of websites pointing to two exploit servers that hosted exploit chains for Android, Windows, and iOS devices. These attacks appear to be the next iteration of the campaign discovered in February 2020 and documented in this blog post series.
In this post we are summarizing the exploit chains we discovered in October 2020. We have already published the details of the seven 0-day vulnerabilities exploited in our root cause analysis (RCA) posts. This post aims to provide the context around these exploits.What happened
In October 2020, we discovered that the actor from the Feb
VulnCheck
Apple Multiple Products Memory Initialization Vulnerability
vulncheck·2020·CVSS 8.8
CVE-2020-27950 [HIGH] CWE-665 Apple Multiple Products Memory Initialization Vulnerability
Apple Multiple Products Memory Initialization Vulnerability
Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory.
Affected: Apple Multiple Products
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2020/CVE-2020-16009.html; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit/
Exploit PoC: https://vulncheck.com/xdb/3f008773d321; https://vulncheck.com/xdb/30d794c9b6ce; https://vulncheck.com
Project0
Project Zero RCA: CVE-2020-27950: XNU Kernel Memory Disclosure in Mach Message Trailers
project_zero·CVSS 5.5
CVE-2020-27950 [MEDIUM] Project Zero RCA: CVE-2020-27950: XNU Kernel Memory Disclosure in Mach Message Trailers
# CVE-2020-27950: XNU Kernel Memory Disclosure in Mach Message Trailers
*Ian Beer, Project Zero (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2021-02-04)*
## The Basics
**Disclosure or Patch Date:** 5 November 2020
**Product:** Apple iOS
**Advisory:** https://support.apple.com/en-us/HT211929
**Affected Versions:** iOS 14.1 and previous
**First Patched Version:** iOS 14.2
**Issue/Bug Report:** https://bugs.chromium.org/p/project-zero/issues/detail?id=2108
**Patch CL:** N/A
**Bug-Introducing CL:** N/A
**Reporter(s):** Ian Beer of Google Project Zero
## The Code
**Proof-of-concept:** https://bugs.chromium.org/p/project-zero/issues/detail?id=2108
**Exploit sample:** N/A
**Did you have access to the exploit sample when doing the analy
Project0
Project Zero RCA: CVE-2020-27932: iOS Kernel privesc with turnstiles
project_zero·CVSS 7.8
CVE-2020-27932 [HIGH] Project Zero RCA: CVE-2020-27932: iOS Kernel privesc with turnstiles
# CVE-2020-27932: iOS Kernel privesc with turnstiles
*Ian Beer, Project Zero (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2021-02-04)*
## The Basics
**Disclosure or Patch Date:** 5 November 2020
**Product:** Apple iOS
**Advisory:** https://support.apple.com/en-us/HT211929
**Affected Versions:** iOS 14.1 and previous
**First Patched Version:** iOS 14.2
**Issue/Bug Report:** https://bugs.chromium.org/p/project-zero/issues/detail?id=2107
**Patch CL:** N/A
**Bug-Introducing CL:** N/A
**Reporter(s):** Ian Beer of Google Project Zero
## The Code
**Proof-of-concept:** https://bugs.chromium.org/p/project-zero/issues/detail?id=2107
**Exploit sample:** N/A
**Did you have access to the exploit sample when doing the analysis?** Yes
## The
Project0
Project Zero RCA: CVE-2020-16009: Chrome Turbofan Type Confusion after Map Deprecation
project_zero·CVSS 8.8
CVE-2020-16009 [HIGH] Project Zero RCA: CVE-2020-16009: Chrome Turbofan Type Confusion after Map Deprecation
# CVE-2020-16009: Chrome Turbofan Type Confusion after Map Deprecation
*Samuel Groß, Project Zero (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2021-02-04)*
## The Basics
**Disclosure or Patch Date:** 2 November 2020
**Product:** Google Chrome
**Advisory:** https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html
**Affected Versions:** 86.0.4240.111 and previous
**First Patched Version:** 86.0.4240.183
**Issue/Bug Report:**
* Project Zero: https://bugs.chromium.org/p/project-zero/issues/detail?id=2106
* Chromium: https://bugs.chromium.org/p/chromium/issues/detail?id=1143772
**Patch CL:** https://chromium.googlesource.com/v8/v8.git/+/3ba21a17ce2f26b015cc29adc473812247472776
**Bug-Introducing CL:** N/A
**Re
Project0
Project Zero RCA: CVE-2020-27930: Safari RCE in Type 1 fonts handled by libType1Scaler.dylib
project_zero·CVSS 7.8
CVE-2020-27930 [HIGH] Project Zero RCA: CVE-2020-27930: Safari RCE in Type 1 fonts handled by libType1Scaler.dylib
# CVE-2020-27930: Safari RCE in Type 1 fonts handled by libType1Scaler.dylib
*Mateusz Jurczyk and Sergei Glazunov, Project Zero (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2021-02-04)*
## The Basics
**Disclosure or Patch Date:** 5 November 2020
**Product:** Apple Safari
**Advisory:** https://support.apple.com/en-us/HT211929
**Affected Versions:** iOS 14.1 and previous, macOS 10.15.6 and previous
**First Patched Version:** iOS 14.2 and macOS 10.15.7
**Issue/Bug Report:** https://bugs.chromium.org/p/project-zero/issues/detail?id=2105
**Patch CL:** N/A
**Bug-Introducing CL:** N/A
**Reporter(s):** Mateusz Jurczyk & Sergei Glazunov of Google Project Zero
## The Code
**Proof-of-concept:** https://bugs.chromium.org/p/project-zero/issues
CISA
Apple Multiple Products Memory Initialization Vulnerability
cisa·2021-11-03·CVSS 5.5
CVE-2020-27950 [MEDIUM] CWE-665 Apple Multiple Products Memory Initialization Vulnerability
Vulnerability: Apple Multiple Products Memory Initialization Vulnerability
Affected: Apple Multiple Products
Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-27950
Remediation Due Date: 2022-05-03
Apple
CVE-2020-27950: iOS 14.2 and iPadOS 14.2
vendor_apple·2020-11-05·CVSS 5.5
CVE-2020-27950 [MEDIUM] CVE-2020-27950: iOS 14.2 and iPadOS 14.2
Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2
Product: iOS 14.2 and iPadOS
Version: 14.2
CVE: CVE-2020-27950
Component: Kernel
Impact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild.
Description: A memory initialization issue was addressed.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/161296/XNU-Kernel-Mach-Message-Trailers-Memory-Disclosure.htmlhttp://seclists.org/fulldisclosure/2020/Dec/32https://support.apple.com/en-us/HT211928https://support.apple.com/en-us/HT211929https://support.apple.com/en-us/HT211931https://support.apple.com/en-us/HT211940https://support.apple.com/en-us/HT211944https://support.apple.com/en-us/HT211945https://support.apple.com/en-us/HT211946https://support.apple.com/en-us/HT211947http://packetstormsecurity.com/files/161296/XNU-Kernel-Mach-Message-Trailers-Memory-Disclosure.htmlhttp://seclists.org/fulldisclosure/2020/Dec/32https://support.apple.com/en-us/HT211928https://support.apple.com/en-us/HT211929https://support.apple.com/en-us/HT211931https://support.apple.com/en-us/HT211940https://support.apple.com/en-us/HT211944https://support.apple.com/en-us/HT211945https://support.apple.com/en-us/HT211946https://support.apple.com/en-us/HT211947https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-27950
2020-12-08
Published
2021-11-03
Added to CISA KEV
Exploited in the wild