CVE-2020-27918

HIGH

iCloud < 11.5 - Use-After-Free

Title source: llm
STIX 2.1

Description

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.

References (14)

Core 14
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT211931
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT211935
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT211934
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT211928
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT211929
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT211930
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT211933
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Dec/32
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/03/22/1
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2021/dsa-4877
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202104-03

Scores

CVSS v3 7.8
EPSS 0.0136
EPSS Percentile 68.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (13)
apple/icloud < 11.5
apple/ipados < 14.2
apple/iphone_os < 14.2
apple/itunes < 12.11
apple/macos < 11.0.1
apple/safari < 14.0.1
apple/tvos < 14.2
apple/watchos < 7.1
debian/debian_linux 10.0
fedoraproject/fedora 32
... and 3 more
Published Dec 08, 2020
Tracked Since Feb 18, 2026