CVE-2020-27930
Published: 08 December 2020
Summary
CVE-2020-27930 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Apple Watchos. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 2.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A memory corruption vulnerability addressed through improved input validation affects font processing across multiple Apple platforms. The issue impacts macOS versions prior to Big Sur 11.0.1, Catalina 10.15.7 Supplemental Update, and Security Update 2020-006 for High Sierra and Mojave; iOS and iPadOS prior to 14.2 and 12.4.9; and watchOS prior to 7.1, 6.2.9, and 5.3.9. It is tracked as CWE-787 with a CVSS score of 7.8.
An attacker can trigger the flaw by supplying a maliciously crafted font file that the victim processes locally, such as by viewing a document or web page containing the font. Successful exploitation grants arbitrary code execution with the privileges of the affected process, though it requires user interaction to open the crafted content.
Apple security advisories for the listed updates, including HT211928, HT211929, and HT211931, direct users to install the available patches. Public references also include exploit artifacts posted to Packet Storm and Full Disclosure lists shortly after publication.
The references indicate at least one proof-of-concept targeting Safari via this vector, though no widespread in-the-wild exploitation is documented in the provided details.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-20423
Vulnerability details
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS…
more
5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. Processing a maliciously crafted font may lead to arbitrary code execution.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly implements the improved input validation that Apple used to eliminate the malicious font parsing flaw before memory corruption occurs.
Requires timely application of the vendor patches (Big Sur 11.0.1, iOS 14.2, etc.) that remediate the out-of-bounds write in font processing.
Memory-protection mechanisms (e.g., ASLR, guard pages) raise the bar for successful exploitation of the CWE-787 corruption that leads to arbitrary code execution.