CVE-2020-27908: Input Validation
Published Nov 5, 2020
·Updated
CoreAudio. An out-of-bounds read was addressed with improved input validation.
Credit
JunDong Xie, Xingwei Lin(Ant Security Light), Anonymous(Trend Micro Zero Day Initiative), XingWei Lin(Ant Security Light)
Affected Software
14 affected componentsFixes available
Apple macOS Big Sur<11.0.1
11.0.1
Apple tvOS<14.2
14.2
Apple macOS Big Sur<11.1
11.1
Apple Catalina
Apple Mojave
Apple WatchOS<7.1
7.1
Apple iOS<14.2
14.2
Apple iPadOS<14.2
14.2
Apple iPadOS<14.2
Apple iPhone OS<14.2
Apple iOS and macOS<11.0.1
Apple tvOS<14.2
Apple WatchOS<7.1
Apple iOS and macOS<11.1.0
Event History
Apr 2, 2021
CVE Published
via MITRE·05:31 PM
Data Sourced
via MITRE·05:31 PM
DescriptionWeakness
Frequently Asked Questions
1
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2020-27908.
2
What is the title of this vulnerability?
The title of this vulnerability is CoreAudio. An out-of-bounds read was addressed with improved input validation.
3
What is the affected software?
The affected software includes Apple iOS, Apple iPadOS, Apple tvOS, Apple macOS Big Sur, Apple watchOS, Apple Catalina, and Apple Mojave.
4
What is the severity of CVE-2020-27908?
The severity of CVE-2020-27908 is not specified in the information provided.
5
How can I fix this vulnerability?
To fix this vulnerability, update your software to the specified versions: Apple iOS 14.2, Apple iPadOS 14.2, Apple tvOS 14.2, Apple macOS Big Sur 11.0.1, Apple watchOS 7.1, Apple macOS Big Sur 11.1, Apple Catalina, and Apple Mojave.