CVE-2020-3882: Medium severity macos catalina vulnerability

Q: What is the vulnerability ID of this issue?

The vulnerability ID of this issue is CVE-2020-3882.

Q: What is the affected software for this vulnerability?

The affected software for this vulnerability includes macOS Catalina (versions up to and exclusive of 10.15.5), Mojave, and High Sierra.

Q: How was this vulnerability addressed?

This vulnerability was addressed with improved checks.

Q: What is the severity of CVE-2020-3882?

The severity of CVE-2020-3882 is not provided.

Q: How can I fix this vulnerability?

To fix this vulnerability, install the latest updates for macOS Catalina, Mojave, or High Sierra provided by Apple.

Published May 26, 2020

Updated

Calendar. This issue was addressed with improved checks.

Other sources

This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. Importing a maliciously crafted calendar invitation may exfiltrate user information.

Credit

Andy Grant(NCC Group)

Affected Software

4 affected componentsFixes available

apple macOS Catalina<10.15.5

10.15.5

apple Mojave

apple High Sierra

Apple iOS and macOS<10.15.5

Event History

Jun 9, 2020

CVE Published

via MITRE·03:59 PM

Data Sourced

via MITRE·03:59 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

HT211170

Frequently Asked Questions

What is the vulnerability ID of this issue?

The vulnerability ID of this issue is CVE-2020-3882.

What is the affected software for this vulnerability?

The affected software for this vulnerability includes macOS Catalina (versions up to and exclusive of 10.15.5), Mojave, and High Sierra.

How was this vulnerability addressed?

This vulnerability was addressed with improved checks.

What is the severity of CVE-2020-3882?