CVEブラウザに戻る

CVE-2020-27932

Known Exploited (CISA KEV)HIGH

7.8

CVSS Severity Score

EPSS Score49.5490%

EPSS Percentile85.99th

Published2020年12月8日

Last Modified2025年10月27日

Vulnerability Description

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to execute arbitrary code with kernel privileges.

Affected Platforms (CPE)

📦

Apple

Icloud

< 11.5

📦

Apple

Itunes

< 12.11

💻

Apple

Ipados

< 14.2

💻

Apple

Iphone Os

< 12.4.9

💻

Apple

Iphone Os

>= 14.0 and < 14.2

💻

Apple

Mac Os X

< 10.15.7

💻

Apple

Macos

>= 11.0 and < 11.0.1

💻

Apple

Watchos

< 5.3.9

💻

Apple

Watchos

>= 6.0 and < 6.2.9

💻

Apple

Watchos

>= 7.0 and < 7.1

References & Advisories

🔗 http://packetstormsecurity.com/files/161295/XNU-Kernel-Turnstiles-Type-Confusion.html

🔗 http://seclists.org/fulldisclosure/2020/Dec/32

🔗 https://support.apple.com/en-us/HT211928

🔗 https://support.apple.com/en-us/HT211929

🔗 https://support.apple.com/en-us/HT211931

🔗 https://support.apple.com/en-us/HT211940

🔗 https://support.apple.com/en-us/HT211944

🔗 https://support.apple.com/en-us/HT211945

関連する脆弱性情報

CVE-2019-86009.8

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvO...

CVE-2019-87509.8

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 6.1, iCloud for Wi...

CVE-2018-41479.8

In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory c...

CVE-2019-87469.8

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud fo...