Vulnerability Name: CVE-2020-9943 (CCN-191602) Assigned: 2020-11-12 Published: 2020-11-12 Updated: 2022-06-02 Summary: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A malicious application may be able to read restricted memory. CVSS v3 Severity: 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): None
5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:N/A:N Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-125 Vulnerability Consequences: Obtain Information References: Source: MITRECVE-2020-9943 20201215 APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave 20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1 apple-macos-cve20209943-info-disc(191602) https://support.apple.com/en-us/HT211843 https://support.apple.com/en-us/HT211844 https://support.apple.com/en-us/HT211850 About the security content of macOS Big Sur 11.0.1 https://support.apple.com/en-us/HT211931 About the security content of macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave https://support.apple.com/kb/HT212011 Vulnerable Configuration: Configuration 1 :cpe:/o:apple:iphone_os:*:*:*:*:*:*:*:* (Version < 14.0)OR cpe:/o:apple:watchos:*:*:*:*:*:*:*:* (Version < 7.0) OR cpe:/o:apple:tvos:*:*:*:*:*:*:*:* (Version < 14.0) OR cpe:/o:apple:ipados:*:*:*:*:*:*:*:* (Version < 14.0) OR cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version < 11.0.1) OR cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version >= 10.15 and < 10.15.7) OR cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version >= 10.14 and < 10.14.6) OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:* Configuration CCN 1 :cpe:/o:apple:macos_big_sur:11.0.0:*:*:*:*:*:*:* BACK
apple iphone os *
apple watchos *
apple tvos *
apple ipados *
apple mac os x *
apple mac os x *
apple mac os x *
apple mac os x 10.14.6 security_update_2020-001
apple mac os x 10.14.6 security_update_2020-002
apple mac os x 10.14.6 security_update_2020-003
apple mac os x 10.14.6 -
apple mac os x 10.14.6 security_update_2019-001
apple mac os x 10.14.6 security_update_2019-002
apple mac os x 10.14.6 security_update_2019-004
apple mac os x 10.14.6 security_update_2019-005
apple mac os x 10.14.6 security_update_2019-006
apple mac os x 10.14.6 security_update_2020-004
apple mac os x 10.14.6 security_update_2020-005
apple mac os x 10.14.6 security_update_2020-006
apple mac os x 10.15.7 -
apple mac os x 10.15.7 security_update_2020
apple macos big sur 11.0.0
Denotes that component is vulnerable