Cyber Resilience

CVE-2020-27932

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 08 December 2020

Published
08 December 2020
Modified
27 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.1574 94.9th percentile
Risk Priority 45 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-27932 is a high-severity Type Confusion (CWE-843) vulnerability in Apple Watchos. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 5.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

A type confusion vulnerability, identified as CWE-843, was present in the XNU kernel and addressed through improved state handling. It affected multiple Apple platforms, including macOS Big Sur prior to 11.0.1, macOS Catalina prior to the 10.15.7 Supplemental Update, macOS Mojave and High Sierra prior to Security Update 2020-006, iOS prior to 14.2 and 12.4.9, iPadOS prior to 14.2, and various watchOS releases up to 7.1, 6.2.9, and 5.3.9.

The flaw could be triggered by a malicious application running on the device. With local access and no privileges required beyond user interaction to launch the app, an attacker could achieve arbitrary code execution with full kernel privileges, resulting in complete system compromise.

Apple security advisories for the listed updates, including HT211928, HT211929, and HT211931, recommend installing the patches that resolve the issue in the affected operating systems. Public references also include exploit details posted to sites such as Packet Storm and Full Disclosure.

EU & UK References

Vulnerability details

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS…

more

5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to execute arbitrary code with kernel privileges.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apple
icloud
≤ 11.5
apple
itunes
≤ 12.11
apple
ipados
≤ 14.2
apple
iphone os
≤ 12.4.9 · 14.0 — 14.2
apple
mac os x
≤ 10.15.7
apple
macos
11.0 — 11.0.1
apple
watchos
≤ 5.3.9 · 6.0 — 6.2.9 · 7.0 — 7.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of the vendor patches that eliminate the type-confusion flaw in XNU.

prevent

Enforces process/kernel isolation boundaries that the type-confusion exploit attempts to bypass for privilege escalation.

prevent

Limits the privileges available to user-space applications, reducing the impact of a successful kernel-level escalation from a malicious app.

References