CVE-2020-27946
Last modified
CVE-2020-27946 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. An information disclosure issue was addressed with improved state management. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. EPSS estimates a 0.80% chance of exploitation in the next 30 days.
Description
An information disclosure issue was addressed with improved state management. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font may result in the disclosure of process memory.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apple | Ipados | < 14.3 |
| Apple | Iphone Os | < 14.3 |
| Apple | Mac Os X | >= 10.14, < 10.14.6 |
| Apple | Mac Os X | >= 10.15, < 10.15.7 |
| Apple | Mac Os X | 10.14.6 |
| Apple | Mac Os X | 10.15.7 |
| Apple | Macos | >= 11.0, < 11.1.0 |
| Apple | Tvos | < 14.3 |
| Apple | Watchos | < 7.2 |
References
- https://support.apple.com/en-us/HT212003Vendor Advisory
- https://support.apple.com/en-us/HT212005Vendor Advisory
- https://support.apple.com/en-us/HT212009Vendor Advisory
- https://support.apple.com/en-us/HT212011Vendor Advisory
- https://support.apple.com/en-us/HT212003Vendor Advisory
- https://support.apple.com/en-us/HT212005Vendor Advisory
- https://support.apple.com/en-us/HT212009Vendor Advisory
- https://support.apple.com/en-us/HT212011Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-27946?
How severe is CVE-2020-27946?
How do I fix CVE-2020-27946?
Are you affected by CVE-2020-27946?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST