Apple tvOS XPC Service launchd access control

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Apple tvOS (Digital Media Player) (affected version not known). It has been rated as critical. Affected by this issue is an unknown functionality of the file launchd of the component XPC Service. Upgrading eliminates this vulnerability.

Field04/03/2021 11:17 AM04/08/2021 05:11 PM
vendorAppleApple
nametvOStvOS
componentXPC ServiceXPC Service
filelaunchdlaunchd
cwe264 (privilege escalation)264 (privilege escalation)
risk22
cvss3_vuldb_avLL
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cHH
cvss3_vuldb_iHH
cvss3_vuldb_aHH
cvss3_vuldb_ePP
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
cvss2_vuldb_avLL
cvss2_vuldb_acLL
cvss2_vuldb_auSS
cvss2_vuldb_ciCC
cvss2_vuldb_iiCC
cvss2_vuldb_aiCC
cvss2_vuldb_ePOCPOC
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcCC
date1611097200 (01/20/2021)1611097200 (01/20/2021)
urlhttps://xlab.tencent.com/en/2021/01/11/cve-2020-9971-abusing-xpc-service-to-elevate-privilege/https://xlab.tencent.com/en/2021/01/11/cve-2020-9971-abusing-xpc-service-to-elevate-privilege/
availability11
publicity11
urlhttps://xlab.tencent.com/en/2021/01/11/cve-2020-9971-abusing-xpc-service-to-elevate-privilege/https://xlab.tencent.com/en/2021/01/11/cve-2020-9971-abusing-xpc-service-to-elevate-privilege/
nameUpgradeUpgrade
cveCVE-2020-9971CVE-2020-9971
cve_assigned15831036001583103600
cve_nvd_summaryA logic issue was addressed with improved validation. This issue is fixed in watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.0.1. A malicious application may be able to elevate privileges.
typeDigital Media Player
cvss2_vuldb_basescore6.8
cvss2_vuldb_tempscore5.3
cvss3_vuldb_basescore7.8
cvss3_vuldb_tempscore7.0
cvss3_meta_basescore7.8
cvss3_meta_tempscore7.0
price_0day$5k-$25k

Might our Artificial Intelligence support you?

Check our Alexa App!