PT-2020-16874 · Apple · Apple Macos+3

Liu Long

Published

2020-12-14

Updated

2021-04-08

CVE-2020-27947

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions macOS versions prior to 11.1 Security Update versions prior to 2020-001 on Catalina Security Update versions prior to 2020-007 on Mojave

Description A memory corruption issue was addressed with improved input validation, allowing an application to potentially execute arbitrary code with kernel privileges. The issue is related to an Out-Of-Bounds Write Privilege Escalation Vulnerability in the Apple macOS process token AVCDecode.

Recommendations For macOS versions prior to 11.1, update to macOS Big Sur 11.1 or later. For Catalina, apply Security Update 2020-001 or later. For Mojave, apply Security Update 2020-007 or later.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2020-27947

ZDI-21-377

Affected Products

Big Sur

Catalina

Apple Macos

Mojave

PT-2020-16874 · Apple · Apple Macos+3

CVE-2020-27947

Weakness Enumeration

Related Identifiers

Affected Products

References · 6