Apple watchOS CoreAudio out-of-bounds read

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical has been found in Apple watchOS (Smartwatch Operating System) (version unknown). Affected is an unknown function of the component CoreAudio. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field04/03/2021 11:11 AM04/08/2021 04:32 PM
vendorAppleApple
namewatchOSwatchOS
componentCoreAudioCoreAudio
cwe125 (information disclosure)125 (information disclosure)
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcCC
date1607900400 (12/14/2020)1607900400 (12/14/2020)
locationWebsiteWebsite
typeAdvisoryAdvisory
person_nameJunDong Xie/XingWei LinJunDong Xie/XingWei Lin
disputed00
nameUpgradeUpgrade
date1607900400 (12/14/2020)1607900400 (12/14/2020)
cveCVE-2020-9960CVE-2020-9960
cve_assigned15831036001583103600
cve_nvd_summaryAn out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted audio file may lead to arbitrary code execution.
typeSmartwatch Operating System
cvss2_vuldb_basescore7.5
cvss2_vuldb_tempscore6.5
cvss3_vuldb_basescore6.3
cvss3_vuldb_tempscore6.0
cvss3_meta_basescore6.3
cvss3_meta_tempscore6.0
price_0day$0-$5k

Interested in the pricing of exploits?

See the underground prices here!