Sign-up

ID

VAR-202012-1509


CVE

CVE-2020-9996


TITLE

plural  Apple  Product Free Memory Usage Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-014248

DESCRIPTION

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to elevate privileges. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of network extensions in PDFs. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. A security vulnerability in Apple NetworkExtension that could allow a malicious application to potentially elevate privileges affects the following products and versions: Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)

Trust: 2.43

sources: NVD: CVE-2020-9996 // JVNDB: JVNDB-2020-014248 // ZDI: ZDI-20-1393 // VULHUB: VHN-188121 // VULMON: CVE-2020-9996

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:14.0

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:11.0.1

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:14.0

Trust: 1.0

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

vendor:アップルmodel:ipadosscope:eqversion:14.0

Trust: 0.8

vendor:アップルmodel:ipadosscope:ltversion:(ipad air 2 or later )

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:ipadosscope:ltversion:(ipad mini 4 or later )

Trust: 0.8

vendor:applemodel:macosscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-20-1393 // JVNDB: JVNDB-2020-014248 // NVD: CVE-2020-9996

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9996
value: HIGH

Trust: 1.0

NVD: CVE-2020-9996
value: HIGH

Trust: 0.8

ZDI: CVE-2020-9996
value: HIGH

Trust: 0.7

CNNVD: CNNVD-202011-1342
value: HIGH

Trust: 0.6

VULHUB: VHN-188121
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-9996
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9996
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-188121
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9996
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-9996
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2020-9996
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-1393 // VULHUB: VHN-188121 // VULMON: CVE-2020-9996 // JVNDB: JVNDB-2020-014248 // CNNVD: CNNVD-202011-1342 // NVD: CVE-2020-9996

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.1

problemtype:Use of freed memory (CWE-416) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-188121 // JVNDB: JVNDB-2020-014248 // NVD: CVE-2020-9996

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202011-1342

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202011-1342

PATCH

title:HT211850 Apple  Security updateurl:https://support.apple.com/en-us/HT211850

Trust: 0.8

title:Apple has issued an update to correct this vulnerability.url:https://support.apple.com/en-us/HT211931

Trust: 0.7

title:Apple NetworkExtension Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=136412

Trust: 0.6

sources: ZDI: ZDI-20-1393 // JVNDB: JVNDB-2020-014248 // CNNVD: CNNVD-202011-1342

EXTERNAL IDS

db:NVDid:CVE-2020-9996

Trust: 3.3

db:JVNid:JVNVU92546061

Trust: 0.8

db:JVNid:JVNVU99462952

Trust: 0.8

db:JVNDBid:JVNDB-2020-014248

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-11457

Trust: 0.7

db:ZDIid:ZDI-20-1393

Trust: 0.7

db:AUSCERTid:ESB-2020.4060.2

Trust: 0.6

db:AUSCERTid:ESB-2020.3181.2

Trust: 0.6

db:CNNVDid:CNNVD-202011-1342

Trust: 0.6

db:VULHUBid:VHN-188121

Trust: 0.1

db:VULMONid:CVE-2020-9996

Trust: 0.1

sources: ZDI: ZDI-20-1393 // VULHUB: VHN-188121 // VULMON: CVE-2020-9996 // JVNDB: JVNDB-2020-014248 // CNNVD: CNNVD-202011-1342 // NVD: CVE-2020-9996

REFERENCES

url:https://support.apple.com/en-us/ht211931

Trust: 2.5

url:http://seclists.org/fulldisclosure/2020/dec/32

Trust: 1.8

url:https://support.apple.com/en-us/ht211850

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-9996

Trust: 1.4

url:https://jvn.jp/vu/jvnvu92546061/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu99462952/

Trust: 0.8

url:https://vigilance.fr/vulnerability/apple-macos-11-multiple-vulnerabilities-33899

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3181.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4060.2/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/416.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://seclists.org/fulldisclosure/2020/nov/20

Trust: 0.1

sources: ZDI: ZDI-20-1393 // VULHUB: VHN-188121 // VULMON: CVE-2020-9996 // JVNDB: JVNDB-2020-014248 // CNNVD: CNNVD-202011-1342 // NVD: CVE-2020-9996

CREDITS

Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and Mickey Jin of Trend Micro Mobile Security Research Team

Trust: 0.7

sources: ZDI: ZDI-20-1393

SOURCES

db:ZDIid:ZDI-20-1393
db:VULHUBid:VHN-188121
db:VULMONid:CVE-2020-9996
db:JVNDBid:JVNDB-2020-014248
db:CNNVDid:CNNVD-202011-1342
db:NVDid:CVE-2020-9996

LAST UPDATE DATE

2024-08-14T12:59:18.175000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-20-1393date:2020-12-03T00:00:00
db:VULHUBid:VHN-188121date:2023-01-09T00:00:00
db:VULMONid:CVE-2020-9996date:2021-03-11T00:00:00
db:JVNDBid:JVNDB-2020-014248date:2021-08-12T08:50:00
db:CNNVDid:CNNVD-202011-1342date:2020-12-24T00:00:00
db:NVDid:CVE-2020-9996date:2023-01-09T16:41:59.350

SOURCES RELEASE DATE

db:ZDIid:ZDI-20-1393date:2020-12-03T00:00:00
db:VULHUBid:VHN-188121date:2020-12-08T00:00:00
db:VULMONid:CVE-2020-9996date:2020-12-08T00:00:00
db:JVNDBid:JVNDB-2020-014248date:2021-08-12T00:00:00
db:CNNVDid:CNNVD-202011-1342date:2020-11-13T00:00:00
db:NVDid:CVE-2020-9996date:2020-12-08T20:15:18.293