CVE-2020-9949 - 漏洞详情

CVE-2020-9949 (CNNVD-202011-1346)

HIGH

中文标题:

Apple CoreCapture 资源管理错误漏洞

英文标题:

A use after free issue was addressed with improved memory management. This issue is fixed in macOS B...

CVSS分数: 7.8

发布时间: 2020-12-08 19:23:21

漏洞类型: 资源管理错误

状态: PUBLISHED

数据质量分数: 0.30

数据版本: v3

漏洞描述

中文描述:

Apple CoreCapture是美国苹果（Apple）公司的针对 IEEE 802.11的主要日志记录和跟踪框架。 Apple CoreCapture存在资源管理错误漏洞，该漏洞允许应用程序可以使用内核特权执行任意代码。以下产品及版本受到影响：Mac Pro (2013 and later), MacBook Air (2013 and later), MacBook Pro (Late 2013 and later), Mac mini (2014 and later), iMac (2014 and later), MacBook (2015 and later), iMac Pro (all models)。

英文描述:

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra, tvOS 14.0. An application may be able to execute arbitrary code with kernel privileges.

CWE类型:

CWE-416

受影响产品

厂商	产品	版本	版本范围	平台	CPE
Apple	macOS	-	< 10.15	-	`cpe:2.3:a:apple:macos::::::::`
apple	ipados	*	-	-	`cpe:2.3:o:apple:ipados::::::::`
apple	iphone_os	*	-	-	`cpe:2.3:o:apple:iphone_os::::::::`
apple	mac_os_x	*	-	-	`cpe:2.3:o:apple:mac_os_x::::::::`
apple	tvos	*	-	-	`cpe:2.3:o:apple:tvos::::::::`
apple	watchos	*	-	-	`cpe:2.3:o:apple:watchos::::::::`

解决方案

中文解决方案:

（暂无数据）

英文解决方案:

（暂无数据）