CVE-2020-27950
Published: 08 December 2020
Summary
CVE-2020-27950 is a medium-severity Improper Initialization (CWE-665) vulnerability in Apple Watchos. Its CVSS base score is 5.5 (Medium).
Operationally, ranked in the top 2.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
A memory initialization issue tracked as CVE-2020-27950 affects the XNU kernel on multiple Apple platforms. The flaw, assigned CWE-665, permits a malicious application to disclose kernel memory and is resolved in macOS Big Sur 11.0.1, macOS Catalina 10.15.7 Supplemental Update, Security Update 2020-006 for High Sierra and Mojave, iOS 14.2 and iPadOS 14.2, iOS 12.4.9, and corresponding watchOS releases. The CVSS 5.5 vector reflects local attack complexity with no privileges required and user interaction needed for successful exploitation.
An attacker who can persuade a user to run a malicious application on an affected device may read kernel memory contents. The issue manifests through improper initialization of Mach message trailers, enabling controlled disclosure of sensitive kernel data without elevated privileges.
Apple security advisories HT211928, HT211929, and HT211931 direct administrators to install the listed operating-system updates. Public technical details and proof-of-concept material have been published via Full Disclosure and Packet Storm, confirming the memory-disclosure primitive in the kernel's Mach messaging code.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-20443
Vulnerability details
A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7…
more
Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to disclose kernel memory.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires protection against unauthorized disclosure of information from memory, addressing the improper Mach-message-trailer initialization that leaks kernel memory.
Mandates timely installation of vendor patches that remediate the memory-initialization flaw in XNU on all listed Apple platforms.
Enforces process isolation boundaries that limit a user-space application’s ability to reach and read uninitialized kernel memory via Mach messaging.