Cyber Resilience

CVE-2020-27950

MediumCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 08 December 2020

Published
08 December 2020
Modified
27 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score 0.4376 97.6th percentile
Risk Priority 57 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-27950 is a medium-severity Improper Initialization (CWE-665) vulnerability in Apple Watchos. Its CVSS base score is 5.5 (Medium).

Operationally, ranked in the top 2.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

A memory initialization issue tracked as CVE-2020-27950 affects the XNU kernel on multiple Apple platforms. The flaw, assigned CWE-665, permits a malicious application to disclose kernel memory and is resolved in macOS Big Sur 11.0.1, macOS Catalina 10.15.7 Supplemental Update, Security Update 2020-006 for High Sierra and Mojave, iOS 14.2 and iPadOS 14.2, iOS 12.4.9, and corresponding watchOS releases. The CVSS 5.5 vector reflects local attack complexity with no privileges required and user interaction needed for successful exploitation.

An attacker who can persuade a user to run a malicious application on an affected device may read kernel memory contents. The issue manifests through improper initialization of Mach message trailers, enabling controlled disclosure of sensitive kernel data without elevated privileges.

Apple security advisories HT211928, HT211929, and HT211931 direct administrators to install the listed operating-system updates. Public technical details and proof-of-concept material have been published via Full Disclosure and Packet Storm, confirming the memory-disclosure primitive in the kernel's Mach messaging code.

EU & UK References

Vulnerability details

A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7…

more

Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to disclose kernel memory.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apple
ipados
≤ 14.2
apple
iphone os
≤ 12.4.9 · 14.0 — 14.2
apple
macos
≤ 10.15.7 · 11.0 — 11.0.1
apple
watchos
≤ 5.3.9 · 6.0 — 6.2.9 · 7.0 — 7.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires protection against unauthorized disclosure of information from memory, addressing the improper Mach-message-trailer initialization that leaks kernel memory.

prevent

Mandates timely installation of vendor patches that remediate the memory-initialization flaw in XNU on all listed Apple platforms.

prevent

Enforces process isolation boundaries that limit a user-space application’s ability to reach and read uninitialized kernel memory via Mach messaging.

References