CVE-2020-27932
| CVE Published | 2020-12-08 |
|---|---|
| Related CWE(s) | CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') |
| Related Vendor(s) | apple |
| Related Product(s) | mac_os_x, ipados, iphone_os, macos, icloud, watchos, itunes |
| Exploitation Reported (CISA KEV) | 2021-11-03 |
| CVSS 3 Base Score | 7.8 (HIGH) |
| CVSS 3 Attack Complexity | LOW |
| CVSS 3 Attack Vector | LOCAL |
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to execute arbitrary code with kernel privileges.
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph