Sign-up

ID

VAR-202006-1646


CVE

CVE-2020-9859


TITLE

plural Apple Product memory consumption vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-006180

DESCRIPTION

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple macOS Catalina is a dedicated operating system developed for Mac computers. Kernel is one of the kernel components. Kernel components in several Apple products have security vulnerabilities. The following products and versions are affected: Apple macOS Catalina prior to 10.15.5; tvOS prior to 13.4.6; watchOS prior to 6.2.6; iOS prior to 13.5.1; iPadOS prior to 13.5.1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-06-01-1 iOS 13.5.1 and iPadOS 13.5.1 iOS 13.5.1 and iPadOS 13.5.1 are now available and address the following: Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory consumption issue was addressed with improved memory handling. CVE-2020-9859: unc0ver Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 13.5.1 and iPadOS 13.5.1". -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64 iQIcBAEDCAAGBQJe1SzuAAoJEAc+Lhnt8tDNfgUQALNdUFDUuhhF2Zj7jjnx1E1m TNmYZj4OdHcJE9aGKBF4HcUrt5oAYWuyTiBsWYh7tk0Tgfur2QqnoiOGkFW5BfNq NW68jk6JZJwvWp+XSogRLDFMdfUKbSa16JJU2OtQLuRZ7AJsmaU4VT9vXFwv/t22 mXCgb7Uo1I0Ya0z3uJGxluwCi3XNgdu//i9Gcfm5MW6Vu14uaQ3JzYoApskOXQDC aTT/9qW1zJTv18u/qIhQQBj4N1TDY/NUMY8ZJrBAJTXqrHkOuV9jNPkcSeM+68Br 9ExmGm1lBoaX+gIDOvVHb+Br70fsuecFBYN5C/W35R51puyV3mqY3WPV7pPVVA/P Yh8PynmjcmCwFS0Ly9MAHqG/48QdusPIus0G08vRXqWrLUDArHLb9out/UOk6F8q JNtKYI1N7slsRvpPi357mHJ8XIz9aUxGdab3v/oUahTFEMDTo174DsWUcMMoPRFp kcnePBv8dOzOO/YKA7mKmvd0ASA4TvSH6E3moqovzihs7ZR+eGEl1sXIG+E1oNWL tjfSlrVAoNdjBNb3O10JTnS9YepIDszPnY9boOFKKmoMp38E6qcVU9zI8QC1UDg/ stmqoq761w1naa+qQXEvWrvDTKwTFUS2IJMEtGa6CHjGKaZL46h4Y87V2Cb/ZXJM db4SzQ1YvI6gUVn20QzV =JYpD -----END PGP SIGNATURE----- . Alternatively, on your watch, select "My Watch > General > About"

Trust: 2.16

sources: NVD: CVE-2020-9859 // JVNDB: JVNDB-2020-006180 // VULHUB: VHN-187984 // VULMON: CVE-2020-9859 // PACKETSTORM: 157912 // PACKETSTORM: 157910 // PACKETSTORM: 157911 // PACKETSTORM: 157913

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:13.5.1

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:6.2.6

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:13.4.6

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:13.5.1

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.5

Trust: 1.0

vendor:applemodel:ipadosscope:eqversion:13.5.1 未満 (ipad air 2 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:13.5.1 未満 (iphone 6s 以降)

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:13.5.1 未満 (ipad mini 4 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:13.5.1 未満 (ipod touch 第 7 世代)

Trust: 0.8

sources: JVNDB: JVNDB-2020-006180 // NVD: CVE-2020-9859

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9859
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-006180
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202006-058
value: HIGH

Trust: 0.6

VULHUB: VHN-187984
value: HIGH

Trust: 0.1

VULMON: CVE-2020-9859
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-9859
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-006180
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-187984
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9859
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006180
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-187984 // VULMON: CVE-2020-9859 // JVNDB: JVNDB-2020-006180 // CNNVD: CNNVD-202006-058 // NVD: CVE-2020-9859

PROBLEMTYPE DATA

problemtype:CWE-415

Trust: 1.1

problemtype:CWE-400

Trust: 0.9

sources: VULHUB: VHN-187984 // JVNDB: JVNDB-2020-006180 // NVD: CVE-2020-9859

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202006-058

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202006-058

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006180

PATCH
title:HT211214url:https://support.apple.com/en-us/HT211214
Trust: 0.8
title:HT211214url:https://support.apple.com/ja-jp/HT211214
Trust: 0.8
title:Multiple Apple product Kernel Fixes for component resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121036
Trust: 0.6
title:Known Exploited Vulnerabilities Detectorurl:https://github.com/Ostorlab/KEV 
Trust: 0.1
title: - url:https://www.theregister.co.uk/2020/06/08/security_roundup_june_5/
Trust: 0.1
title: - url:https://threatpost.com/apple-jailbreak-zero-day-patch/156201/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-9859 // 
            
            
            
            JVNDB: JVNDB-2020-006180 // 
            
            
            
            CNNVD: CNNVD-202006-058

EXTERNAL IDS
db:NVDid:CVE-2020-9859
Trust: 3.0
db:PACKETSTORMid:157913
Trust: 0.8
db:JVNid:JVNVU98960050
Trust: 0.8
db:JVNDBid:JVNDB-2020-006180
Trust: 0.8
db:CNNVDid:CNNVD-202006-058
Trust: 0.7
db:NSFOCUSid:48521
Trust: 0.6
db:AUSCERTid:ESB-2020.1913
Trust: 0.6
db:AUSCERTid:ESB-2020.1909
Trust: 0.6
db:PACKETSTORMid:157910
Trust: 0.2
db:PACKETSTORMid:157912
Trust: 0.2
db:PACKETSTORMid:157911
Trust: 0.2
db:CNVDid:CNVD-2020-33215
Trust: 0.1
db:VULHUBid:VHN-187984
Trust: 0.1
db:VULMONid:CVE-2020-9859
Trust: 0.1
sources:
            
            
            VULHUB: VHN-187984 // 
            
            
            
            VULMON: CVE-2020-9859 // 
            
            
            
            JVNDB: JVNDB-2020-006180 // 
            
            
            
            PACKETSTORM: 157912 // 
            
            
            
            PACKETSTORM: 157910 // 
            
            
            
            PACKETSTORM: 157911 // 
            
            
            
            PACKETSTORM: 157913 // 
            
            
            
            CNNVD: CNNVD-202006-058 // 
            
            
            
            NVD: CVE-2020-9859

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-9859
Trust: 1.8
url:https://support.apple.com/ht211214
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9859
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98960050/
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1909/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1913/
Trust: 0.6
url:https://support.apple.com/en-us/ht211214
Trust: 0.6
url:http://www.nsfocus.net/vulndb/48521
Trust: 0.6
url:https://support.apple.com/en-us/ht211215
Trust: 0.6
url:https://support.apple.com/kb/ht211215
Trust: 0.6
url:https://packetstormsecurity.com/files/157913/apple-security-advisory-2020-06-01-4.html
Trust: 0.6
url:https://www.apple.com/itunes/
Trust: 0.1
url:https://support.apple.com/downloads/
Trust: 0.1
url:https://support.apple.com/kb/ht204641
Trust: 0.1
sources:
            
            
            VULHUB: VHN-187984 // 
            
            
            
            JVNDB: JVNDB-2020-006180 // 
            
            
            
            PACKETSTORM: 157912 // 
            
            
            
            PACKETSTORM: 157910 // 
            
            
            
            PACKETSTORM: 157911 // 
            
            
            
            PACKETSTORM: 157913 // 
            
            
            
            CNNVD: CNNVD-202006-058 // 
            
            
            
            NVD: CVE-2020-9859

CREDITS
Apple
Trust: 1.0
sources:
            
            
            PACKETSTORM: 157912 // 
            
            
            
            PACKETSTORM: 157910 // 
            
            
            
            PACKETSTORM: 157911 // 
            
            
            
            PACKETSTORM: 157913 // 
            
            
            
            CNNVD: CNNVD-202006-058

SOURCES
db:VULHUBid:VHN-187984
db:VULMONid:CVE-2020-9859
db:JVNDBid:JVNDB-2020-006180
db:PACKETSTORMid:157912
db:PACKETSTORMid:157910
db:PACKETSTORMid:157911
db:PACKETSTORMid:157913
db:CNNVDid:CNNVD-202006-058
db:NVDid:CVE-2020-9859

LAST UPDATE DATE
2024-08-14T14:18:54.369000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-187984date:2023-01-09T00:00:00
db:VULMONid:CVE-2020-9859date:2023-01-09T00:00:00
db:JVNDBid:JVNDB-2020-006180date:2020-07-02T00:00:00
db:CNNVDid:CNNVD-202006-058date:2022-07-14T00:00:00
db:NVDid:CVE-2020-9859date:2023-01-09T16:41:59.350

SOURCES RELEASE DATE
db:VULHUBid:VHN-187984date:2020-06-05T00:00:00
db:VULMONid:CVE-2020-9859date:2020-06-05T00:00:00
db:JVNDBid:JVNDB-2020-006180date:2020-07-02T00:00:00
db:PACKETSTORMid:157912date:2020-06-02T22:25:22
db:PACKETSTORMid:157910date:2020-06-02T22:22:22
db:PACKETSTORMid:157911date:2020-06-02T22:23:23
db:PACKETSTORMid:157913date:2020-06-03T15:52:22
db:CNNVDid:CNNVD-202006-058date:2020-06-01T00:00:00
db:NVDid:CVE-2020-9859date:2020-06-05T15:15:11.097