{ "id": "CVE-2020-10016", "sourceIdentifier": "product-security@apple.com", "published": "2020-12-08T20:15:14.073", "lastModified": "2024-11-21T04:54:39.573", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. An application may be able to execute arbitrary code with kernel privileges." }, { "lang": "es", "value": "Se abord\u00f3 un problema de corrupci\u00f3n de la memoria con una administraci\u00f3n de estado mejorada. Este problema se corrigi\u00f3 en macOS Big Sur versi\u00f3n 11.0.1, iOS versi\u00f3n 14.2 y iPadOS versi\u00f3n 14.2, tvOS versi\u00f3n 14.2, watchOS versi\u00f3n 7.1. Una aplicaci\u00f3n puede ejecutar c\u00f3digo arbitrario con privilegios de kernel" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "baseScore": 9.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE" }, "baseSeverity": "HIGH", "exploitabilityScore": 8.6, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-787" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionEndExcluding": "14.2", "matchCriteriaId": "8768B67A-43ED-4726-A99F-A0A57A9A2CEC" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding": "14.2", "matchCriteriaId": "468039C1-6A38-44D0-A0A1-294966117744" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.14.0", "versionEndExcluding": "10.14.6", "matchCriteriaId": "3E76BECE-0843-4B9F-90DE-7690764701B0" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.15", "versionEndExcluding": "10.15.7", "matchCriteriaId": "DB8A73F8-3074-4B32-B9F6-343B6B1988C5" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*", "matchCriteriaId": "CFE26ECC-A2C2-4501-9950-510DE0E1BD86" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*", "matchCriteriaId": "26108BEF-0847-4AB0-BD98-35344DFA7835" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*", "matchCriteriaId": "A369D48B-6A0A-47AE-9513-D5E2E6F30931" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*", "matchCriteriaId": "510F8317-94DA-498E-927A-83D5F41AF54A" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*", "matchCriteriaId": "0D5D1970-6D2A-42CA-A203-42023D71730D" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*", "matchCriteriaId": "C68AE52B-5139-40A4-AE9A-E752DBF07D1B" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*", "matchCriteriaId": "0FD3467D-7679-479F-9C0B-A93F7CD0929D" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*", "matchCriteriaId": "D4C6098E-EDBD-4A85-8282-B2E9D9333872" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*", "matchCriteriaId": "518BB47B-DD76-4E8C-9F10-7EBC1E146191" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*", "matchCriteriaId": "63940A55-D851-46EB-9668-D82BEFC1FE95" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*", "matchCriteriaId": "68C7A97A-3801-44FA-96CA-10298FA39883" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*", "matchCriteriaId": "6D69914D-46C7-4A0E-A075-C863C1692D33" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*", "matchCriteriaId": "2C88BD98-46F5-447F-963A-FB9B167E31BE" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*", "matchCriteriaId": "C7A0615B-D958-4BBF-B53F-AA839A0FE845" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*", "matchCriteriaId": "F12CC8B5-C1EB-419E-8496-B9A3864656AD" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.0", "versionEndExcluding": "11.1", "matchCriteriaId": "65DA669D-2EF4-43FE-91C5-982BB4377178" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "versionEndExcluding": "14.2", "matchCriteriaId": "25DF8721-B1E2-45AF-87FD-14AB02B5506A" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.1", "matchCriteriaId": "845B0F8C-2958-4BD2-9141-DCF894AFB953" } ] } ] } ], "references": [ { "url": "http://seclists.org/fulldisclosure/2020/Dec/26", "source": "product-security@apple.com", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://seclists.org/fulldisclosure/2020/Dec/32", "source": "product-security@apple.com", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://support.apple.com/en-us/HT211928", "source": "product-security@apple.com", "tags": [ "Release Notes", "Vendor Advisory" ] }, { "url": "https://support.apple.com/en-us/HT211929", "source": "product-security@apple.com", "tags": [ "Release Notes", "Vendor Advisory" ] }, { "url": "https://support.apple.com/en-us/HT211930", "source": "product-security@apple.com", "tags": [ "Release Notes", "Vendor Advisory" ] }, { "url": "https://support.apple.com/en-us/HT211931", "source": "product-security@apple.com", "tags": [ "Release Notes", "Vendor Advisory" ] }, { "url": "https://support.apple.com/kb/HT212011", "source": "product-security@apple.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://seclists.org/fulldisclosure/2020/Dec/26", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://seclists.org/fulldisclosure/2020/Dec/32", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://support.apple.com/en-us/HT211928", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ] }, { "url": "https://support.apple.com/en-us/HT211929", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ] }, { "url": "https://support.apple.com/en-us/HT211930", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ] }, { "url": "https://support.apple.com/en-us/HT211931", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes", "Vendor Advisory" ] }, { "url": "https://support.apple.com/kb/HT212011", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] } ] }