返回 CVE 浏览器

CVE-2020-27930

Known Exploited (CISA KEV)HIGH

7.8

CVSS Severity Score

EPSS Score96.7780%

EPSS Percentile92.89th

Published2020年12月8日

Last Modified2025年10月27日

Vulnerability Description

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. Processing a maliciously crafted font may lead to arbitrary code execution.

Affected Platforms (CPE)

💻

Apple

Ipados

< 14.2

💻

Apple

Iphone Os

< 12.4.9

💻

Apple

Iphone Os

>= 14.0 and < 14.2

💻

Apple

Mac Os X

< 10.15.7

💻

Apple

Macos

>= 11.0 and < 11.0.1

💻

Apple

Watchos

< 5.3.9

💻

Apple

Watchos

>= 6.0 and < 6.2.9

💻

Apple

Watchos

>= 7.0 and < 7.1

References & Advisories

🔗 http://packetstormsecurity.com/files/161294/Apple-Safari-Remote-Code-Execution.html

🔗 http://seclists.org/fulldisclosure/2020/Dec/32

🔗 https://support.apple.com/en-us/HT211928

🔗 https://support.apple.com/en-us/HT211929

🔗 https://support.apple.com/en-us/HT211931

🔗 https://support.apple.com/en-us/HT211940

🔗 https://support.apple.com/en-us/HT211944

🔗 https://support.apple.com/en-us/HT211945

相关漏洞威胁

CVE-2019-877910.0

A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions...

CVE-2020-39109.8

A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10....

CVE-2020-39099.8

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10....

CVE-2020-39119.8

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10....