CVE-2020-9981 — Use After Free in Apple Macos

CWE-416 — Use After Free6 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.4%

top 39.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Apple Tvos Apple Watchos +5 more

Timeline

PublishedDec 8

Latest updateMay 24

Description

A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted file may lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages10 packages

▶CVEListV5apple/tvosunspecified — 14.0

▶NVDapple/tvos< 14.0

▶CVEListV5apple/macosunspecified — 10.15+3

▶NVDapple/icloud< 11.5

▶NVDapple/ipados< 14.0

🔴Vulnerability Details

GHSA

GHSA-6c7m-3c93-428j: A use after free issue was addressed with improved memory management↗2022-05-24

▶

CVEList

CVE-2020-9981: A use after free issue was addressed with improved memory management↗2020-12-08

▶

📋Vendor Advisories

Apple

CVE-2020-9981: tvOS 14.0↗2020-09-16

▶

Apple

CVE-2020-9981: iTunes 12.10.9 for Windows↗2020-09-16

▶

Apple

CVE-2020-9981: watchOS 7.0↗2020-09-16

▶