Vulnerability Name: CVE-2020-10016 (CCN-191314) Assigned: 2020-11-05 Published: 2020-11-05 Updated: 2022-04-26 Summary: A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. An application may be able to execute arbitrary code with kernel privileges. CVSS v3 Severity: 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-787 Vulnerability Consequences: Gain Privileges References: Source: MITRECVE-2020-10016 20201215 APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave 20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1 apple-ios-cve202010016-priv-esc(191314) About the security content of watchOS 7.1 https://support.apple.com/en-us/HT211928 About the security content of iOS 14.2 and iPadOS 14.2 https://support.apple.com/en-us/HT211929 https://support.apple.com/en-us/HT211930 About the security content of macOS Big Sur 11.0.1 https://support.apple.com/en-us/HT211931 About the security content of macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave https://support.apple.com/kb/HT212011 Vulnerable Configuration: Configuration 1 :cpe:/o:apple:ipados:*:*:*:*:*:*:*:* (Version < 14.2)OR cpe:/o:apple:iphone_os:*:*:*:*:*:*:*:* (Version < 14.2) OR cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version >= 10.14.0 and < 10.14.6) OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version >= 10.15 and < 10.15.7) OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:* OR cpe:/o:apple:macos:*:*:*:*:*:*:*:* (Version >= 11.0 and < 11.1) OR cpe:/o:apple:tvos:*:*:*:*:*:*:*:* (Version < 14.2) OR cpe:/o:apple:watchos:*:*:*:*:*:*:*:* (Version < 7.1) Configuration CCN 1 :cpe:/o:apple:ios:14.1:*:*:*:*:*:*:* OR cpe:/o:apple:ipados:14.1:*:*:*:*:*:*:* OR cpe:/o:apple:watchos:7.0:*:*:*:*:*:*:* BACK
apple ipados *
apple iphone os *
apple mac os x *
apple mac os x 10.14.6 security_update_2019-001
apple mac os x 10.14.6 security_update_2019-002
apple mac os x 10.14.6 security_update_2019-004
apple mac os x 10.14.6 security_update_2019-005
apple mac os x 10.14.6 security_update_2019-006
apple mac os x 10.14.6 security_update_2019-007
apple mac os x 10.14.6 security_update_2020-001
apple mac os x 10.14.6 security_update_2020-002
apple mac os x 10.14.6 security_update_2020-003
apple mac os x 10.14.6 security_update_2020-004
apple mac os x 10.14.6 security_update_2020-005
apple mac os x 10.14.6 security_update_2020-006
apple mac os x 10.14.6 supplemental_update
apple mac os x 10.14.6 supplemental_update_2
apple mac os x *
apple mac os x 10.15.7 security_update_2020
apple macos *
apple tvos *
apple watchos *
apple ios 14.1
apple ipados 14.1
apple watchos 7.0
Denotes that component is vulnerable