cbcvebase.
CVE-2020-27950
published 2020-12-08

CVE-2020-27950: A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High…

PriorityP277medium5.5CVSS 3.1
AVLACLPRNUIRSUCHINAN
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
16.52%
96.6th percentile
A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to disclose kernel memory.

Affected

17 ranges
VendorProductVersion rangeFixed in
appleios_14.2_and_ipados
appleios_and_ipados>= unspecified < 14.214.2
appleipados< 14.214.2
appleiphone_os< 12.4.912.4.9
appleiphone_os>= 14.0 < 14.214.2
applemacos< 10.15.710.15.7
applemacos>= 11.0 < 11.0.111.0.1
applemacos>= unspecified < 11.011.0
applemacos>= unspecified < 12.412.4
applemacos>= unspecified < 6.26.2
applemacos>= unspecified < 5.35.3
applemacos>= unspecified < 20202020
applemacos>= unspecified < 10.1510.15
applewatchos< 5.3.95.3.9
applewatchos>= 6.0 < 6.2.96.2.9
applewatchos>= 7.0 < 7.17.1
applewatchos>= unspecified < 7.17.1

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is in the Kernel component; monitor for malicious applications attempting to disclose kernel memory on Apple platforms (iOS, iPadOS, macOS, watchOS)
  • CVE-2020-27950 is a known exploited vulnerability (KEV); treat any unpatched Apple device running affected OS versions as high-priority for detection and response
  • ·Exploit confirmed in the wild by Apple at time of patch release; no public PoC or specific exploit artifact details are provided in the available sources
  • ·The vulnerability is a memory initialization issue in the Kernel component; no specific syscall, memory address, or exploit technique is disclosed in available sources, limiting precise behavioral detection rules

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.07.1HIGHAV:N/AC:M/Au:N/C:C/I:N/A:N
vulncheck8.8HIGH
cisa5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.