ID

VAR-202012-1507


CVE

CVE-2020-9991


TITLE

plural  Apple  Service operation interruption in the product  (DoS)  Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-014225

DESCRIPTION

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service. plural Apple The product has a defective check, which interferes with service operation. (DoS) A vulnerability exists.Service operation disrupted by a remote attacker (DoS) It may be put into a state. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-11-13-6 Additional information for APPLE-SA-2020-09-16-4 watchOS 7.0 watchOS 7.0 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT211844. Audio Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab Entry added November 12, 2020 Audio Available for: Apple Watch Series 3 and later Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab Entry added November 12, 2020 CoreAudio Available for: Apple Watch Series 3 and later Impact: Playing a malicious audio file may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2020-9954: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Group Light-Year Security Lab Entry added November 12, 2020 CoreCapture Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9949: Proteas Entry added November 12, 2020 Disk Images Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9965: Proteas CVE-2020-9966: Proteas Entry added November 12, 2020 ImageIO Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab Entry added November 12, 2020 ImageIO Available for: Apple Watch Series 3 and later Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9876: Mickey Jin of Trend Micro Entry added November 12, 2020 Keyboard Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved state management. CVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany libxml2 Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9981: found by OSS-Fuzz Entry added November 12, 2020 Mail Available for: Apple Watch Series 3 and later Impact: A remote attacker may be able to unexpectedly alter application state Description: This issue was addressed with improved checks. CVE-2020-9941: Fabian Ising of FH Münster University of Applied Sciences and Damian Poddebniak of FH Münster University of Applied Sciences Entry added November 12, 2020 Messages Available for: Apple Watch Series 3 and later Impact: A local user may be able to discover a user’s deleted messages Description: The issue was addressed with improved deletion. CVE-2020-9989: von Brunn Media Entry added November 12, 2020 Phone Available for: Apple Watch Series 3 and later Impact: The screen lock may not engage after the specified time period Description: This issue was addressed with improved checks. CVE-2020-9946: Daniel Larsson of iolight AB Safari Available for: Apple Watch Series 3 and later Impact: Visiting a malicious website may lead to address bar spoofing Description: The issue was addressed with improved UI handling. CVE-2020-9993: Masato Sugiyama (@smasato) of University of Tsukuba, Piotr Duszynski Entry added November 12, 2020 Sandbox Available for: Apple Watch Series 3 and later Impact: A local user may be able to view senstive user information Description: An access issue was addressed with additional sandbox restrictions. CVE-2020-9969: Wojciech Reguła of SecuRing (wojciechregula.blog) Entry added November 12, 2020 Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to access restricted files Description: A logic issue was addressed with improved restrictions. CVE-2020-9968: Adam Chester (@_xpn_) of TrustedSec Entry updated September 17, 2020 SQLite Available for: Apple Watch Series 3 and later Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-13434 CVE-2020-13435 CVE-2020-9991 Entry added November 12, 2020 SQLite Available for: Apple Watch Series 3 and later Impact: Multiple issues in SQLite Description: Multiple issues were addressed by updating SQLite to version 3.32.3. CVE-2020-15358 Entry added November 12, 2020 SQLite Available for: Apple Watch Series 3 and later Impact: A remote attacker may be able to leak memory Description: An information disclosure issue was addressed with improved state management. CVE-2020-9849 Entry added November 12, 2020 SQLite Available for: Apple Watch Series 3 and later Impact: A maliciously crafted SQL query may lead to data corruption Description: This issue was addressed with improved checks. CVE-2020-13631 Entry added November 12, 2020 SQLite Available for: Apple Watch Series 3 and later Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2020-13630 Entry added November 12, 2020 WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9947: cc working with Trend Micro Zero Day Initiative CVE-2020-9950: cc working with Trend Micro Zero Day Initiative CVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos Entry added November 12, 2020 WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9983: zhunki Entry added November 12, 2020 WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2020-9952: Ryan Pickren (ryanpickren.com) Additional recognition Audio We would like to acknowledge JunDong Xie and XingWei Lin of Ant- financial Light-Year Security Lab for their assistance. Entry added November 12, 2020 Bluetooth We would like to acknowledge Andy Davis of NCC Group for their assistance. Clang We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. Entry added November 12, 2020 Core Location We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance. iAP We would like to acknowledge Andy Davis of NCC Group for their assistance. Entry added November 12, 2020 Kernel We would like to acknowledge Brandon Azad of Google Project Zero, Stephen Röttger of Google for their assistance. Entry updated November 12, 2020 Location Framework We would like to acknowledge Nicolas Brunner (linkedin.com/in/nicolas-brunner-651bb4128) for their assistance. Entry updated October 19, 2020 Mail Drafts We would like to acknowledge Jon Bottarini of HackerOne for their assistance. Entry added November 12, 2020 Safari We would like to acknowledge Andreas Gutmann (@KryptoAndI) of OneSpan's Innovation Centre (onespan.com) and University College London, Steven J. Murdoch (@SJMurdoch) of OneSpan's Innovation Centre (onespan.com) and University College London, Jack Cable of Lightning Security, Ryan Pickren (ryanpickren.com), Yair Amit for their assistance. Entry added October 19, 2020, updated November 12, 2020 WebKit We would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan Pickren (ryanpickren.com) for their assistance. Entry added November 12, 2020 Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+uxnUACgkQZcsbuWJ6 jjBSNA/9Fo7IsnnHAT7UAmepT0esn2tFafOZC9aupUH+KLAnslIqkhLibj8KdZ2z jtpOn8IzYKrFXQOxm9x+QGjzmxNhBQE2fNQRiATIaOdpkgOz7j6yqIRSUqA2aN0y QmaDwPzYEtEHKRF0Tk4cj8N8dGM3mgQTvS2YcTASFme/9jkbVX77F+CbbaxJUMHd 7fxUrMev+kTDx7kmG9aiec1+pfiV2JZUuv0a1IN7+VxbAHhVKHE2hDHNNPPLlG0Z 50sqhO/1vaRf6Ewe+A+xGi/Z31P81hhozyBZEcr8WDD7RBUA9QYyq7Duor6ZRUQ/ sUlTWctb+jPzyFePmYKEr7RIE1JSnANHHKMmLfTwLOaHqH5TMtcP6k6QRRVPjKBb zeWg6Xheaz+5h6ymX5woYNbzGN9TaAysz2KeFO3mK9XjPaUbzEAJT9+IryHYSLnT P3TgQw3g/HPVpWyp+s3fjcmpi9jGyxjdFezuMekeO4VktlgdK1lBs0gELPA0Zrkh MRl1ztd4FbMMAKHAzIgIcUUg5kgMMC6hO/DCVMlHCctHoNQeh2rEQo15YRRCEfAo OgDJsznRtf3hYsZC7Q19D8q0E/SeMtYrRdzjeSNvSQffyiNf3hvUcbxVYQMqm3Vw /tzliqnfshdjfpxB6sS4oDrnEqrM/x+2oETEgzHXWa9nt1rrLBI= =8ihy -----END PGP SIGNATURE-----

Trust: 1.89

sources: NVD: CVE-2020-9991 // JVNDB: JVNDB-2020-014225 // VULHUB: VHN-188116 // PACKETSTORM: 160062 // PACKETSTORM: 160064

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:14.0

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:11.4

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:14.0

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:7.21

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:7.0

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:14.0

Trust: 1.0

vendor:applemodel:icloudscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:11.0.1

Trust: 1.0

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

vendor:アップルmodel:tvosscope: - version: -

Trust: 0.8

vendor:アップルmodel:watchosscope:eqversion:7.0

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:icloudscope: - version: -

Trust: 0.8

vendor:アップルmodel:watchosscope:ltversion:(apple watch series 3 or later )

Trust: 0.8

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-014225 // NVD: CVE-2020-9991

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9991
value: HIGH

Trust: 1.0

NVD: CVE-2020-9991
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202011-1335
value: HIGH

Trust: 0.6

VULHUB: VHN-188116
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9991
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-188116
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9991
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-9991
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-188116 // JVNDB: JVNDB-2020-014225 // CNNVD: CNNVD-202011-1335 // NVD: CVE-2020-9991

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-014225 // NVD: CVE-2020-9991

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-1335

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-1335

PATCH

title:HT211931 Apple  Security updateurl:https://support.apple.com/en-us/HT211843

Trust: 0.8

title:Apple iCloud for Windows Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=136408

Trust: 0.6

sources: JVNDB: JVNDB-2020-014225 // CNNVD: CNNVD-202011-1335

EXTERNAL IDS

db:NVDid:CVE-2020-9991

Trust: 2.7

db:PACKETSTORMid:160062

Trust: 0.8

db:JVNid:JVNVU92546061

Trust: 0.8

db:JVNid:JVNVU99462952

Trust: 0.8

db:JVNDBid:JVNDB-2020-014225

Trust: 0.8

db:AUSCERTid:ESB-2020.4060.2

Trust: 0.6

db:AUSCERTid:ESB-2020.3181.2

Trust: 0.6

db:CNNVDid:CNNVD-202011-1335

Trust: 0.6

db:PACKETSTORMid:160064

Trust: 0.2

db:VULHUBid:VHN-188116

Trust: 0.1

sources: VULHUB: VHN-188116 // JVNDB: JVNDB-2020-014225 // PACKETSTORM: 160062 // PACKETSTORM: 160064 // CNNVD: CNNVD-202011-1335 // NVD: CVE-2020-9991

REFERENCES

url:https://support.apple.com/kb/ht211846

Trust: 1.7

url:http://seclists.org/fulldisclosure/2020/dec/32

Trust: 1.7

url:https://support.apple.com/en-us/ht211843

Trust: 1.7

url:https://support.apple.com/en-us/ht211844

Trust: 1.7

url:https://support.apple.com/en-us/ht211847

Trust: 1.7

url:https://support.apple.com/en-us/ht211850

Trust: 1.7

url:https://support.apple.com/en-us/ht211931

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-9991

Trust: 1.6

url:https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3cdev.mina.apache.org%3e

Trust: 1.0

url:https://jvn.jp/vu/jvnvu92546061/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu99462952/

Trust: 0.8

url:https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3cdev.mina.apache.org%3e

Trust: 0.7

url:https://vigilance.fr/vulnerability/apple-macos-11-multiple-vulnerabilities-33899

Trust: 0.6

url:https://support.apple.com/en-us/ht211846

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3181.2/

Trust: 0.6

url:https://packetstormsecurity.com/files/160062/apple-security-advisory-2020-11-13-4.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4060.2/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-9983

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9981

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9961

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-13434

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-13435

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9951

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9947

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9976

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9944

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9954

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9968

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-13631

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9943

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9965

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9966

Trust: 0.2

url:https://www.apple.com/support/security/pgp/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-15358

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9969

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9876

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-13630

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9949

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9849

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9950

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9952

Trust: 0.2

url:https://support.apple.com/ht211843.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10013

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9979

Trust: 0.1

url:https://support.apple.com/kb/ht204641

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9993

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9941

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9989

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9946

Trust: 0.1

url:https://support.apple.com/ht211844.

Trust: 0.1

sources: VULHUB: VHN-188116 // JVNDB: JVNDB-2020-014225 // PACKETSTORM: 160062 // PACKETSTORM: 160064 // CNNVD: CNNVD-202011-1335 // NVD: CVE-2020-9991

CREDITS

Apple

Trust: 0.8

sources: PACKETSTORM: 160062 // PACKETSTORM: 160064 // CNNVD: CNNVD-202011-1335

SOURCES

db:VULHUBid:VHN-188116
db:JVNDBid:JVNDB-2020-014225
db:PACKETSTORMid:160062
db:PACKETSTORMid:160064
db:CNNVDid:CNNVD-202011-1335
db:NVDid:CVE-2020-9991

LAST UPDATE DATE

2024-08-14T12:55:22.385000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-188116date:2023-01-09T00:00:00
db:JVNDBid:JVNDB-2020-014225date:2021-08-12T05:22:00
db:CNNVDid:CNNVD-202011-1335date:2021-10-29T00:00:00
db:NVDid:CVE-2020-9991date:2023-11-07T03:27:02.730

SOURCES RELEASE DATE

db:VULHUBid:VHN-188116date:2020-12-08T00:00:00
db:JVNDBid:JVNDB-2020-014225date:2021-08-12T00:00:00
db:PACKETSTORMid:160062date:2020-11-13T22:22:22
db:PACKETSTORMid:160064date:2020-11-14T12:44:44
db:CNNVDid:CNNVD-202011-1335date:2020-11-13T00:00:00
db:NVDid:CVE-2020-9991date:2020-12-08T22:15:19.273