PT-2020-16876 · Apple · Dtrace+2

Kleest

Published

2020-12-14

Updated

2021-04-08

CVE-2020-27949

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions macOS Big Sur versions prior to 11.1 Security Update 2020-001 Catalina (affected versions not specified) Security Update 2020-007 Mojave (affected versions not specified)

Description The issue allows a malicious application to cause unexpected changes in memory belonging to processes traced by DTrace. This is due to insufficient checks that can be exploited to perform unauthorized actions.

Recommendations For macOS Big Sur, update to version 11.1 or later. For Security Update 2020-001 Catalina, apply the security update. For Security Update 2020-007 Mojave, apply the security update. As a temporary workaround, consider restricting the use of DTrace until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-27949

Affected Products

Dtrace

Apple Macos

Macos Big Sur

PT-2020-16876 · Apple · Dtrace+2

CVE-2020-27949

Related Identifiers

Affected Products

References · 7