Vulnerability Name: CVE-2020-9944 (CCN-191604) Assigned: 2020-11-12 Published: 2020-11-12 Updated: 2022-06-02 Summary: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to read restricted memory. CVSS v3 Severity: 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): None
5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:N/A:N Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-125 Vulnerability Consequences: Obtain Information References: Source: MITRECVE-2020-9944 20201215 APPLE-SA-2020-12-14-3 macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave 20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1 apple-macos-cve20209944-info-disc(191604) https://support.apple.com/en-us/HT211843 https://support.apple.com/en-us/HT211844 https://support.apple.com/en-us/HT211850 About the security content of macOS Big Sur 11.0.1 https://support.apple.com/en-us/HT211931 About the security content of macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave https://support.apple.com/kb/HT212011 Vulnerable Configuration: Configuration 1 :cpe:/o:apple:iphone_os:*:*:*:*:*:*:*:* (Version < 14.0)OR cpe:/o:apple:watchos:*:*:*:*:*:*:*:* (Version < 7.0) OR cpe:/o:apple:tvos:*:*:*:*:*:*:*:* (Version < 14.0) OR cpe:/o:apple:ipados:*:*:*:*:*:*:*:* (Version < 14.0) OR cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version >= 10.15 and < 10.15.7) OR cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version >= 10.14 and < 10.14.6) OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version < 11.1) Configuration CCN 1 :cpe:/o:apple:macos_big_sur:11.0.0:*:*:*:*:*:*:* BACK
apple iphone os *
apple watchos *
apple tvos *
apple ipados *
apple mac os x *
apple mac os x *
apple mac os x 10.14.6 security_update_2020-001
apple mac os x 10.14.6 security_update_2020-002
apple mac os x 10.14.6 security_update_2020-003
apple mac os x 10.14.6 security_update_2020-004
apple mac os x 10.14.6 -
apple mac os x 10.14.6 security_update_2019-001
apple mac os x 10.14.6 security_update_2019-002
apple mac os x 10.14.6 security_update_2019-004
apple mac os x 10.14.6 security_update_2019-005
apple mac os x 10.14.6 security_update_2019-006
apple mac os x 10.14.6 security_update_2020-005
apple mac os x 10.14.6 security_update_2020-006
apple mac os x 10.15.7 -
apple mac os x 10.15.7 security_update_2020
apple mac os x *
apple macos big sur 11.0.0
Denotes that component is vulnerable