What is CVE-2020-27899?

CVE-2020-27899 is a vulnerability in the Symptom Framework that allows for a use after free issue due to improper memory management.

Which software is affected by CVE-2020-27899?

CVE-2020-27899 affects Apple iOS up to version 14.2, Apple iPadOS up to version 14.2, Apple tvOS up to version 14.2, Apple macOS Big Sur up to version 11.0.1, and Apple watchOS up to version 7.1.

What is the severity of CVE-2020-27899?

The severity of CVE-2020-27899 is not specified, but it is a use after free vulnerability that can lead to code execution or information disclosure.

How can I fix CVE-2020-27899?

To fix CVE-2020-27899, update your Apple devices to the latest available version of their respective operating systems.

Where can I find more information about CVE-2020-27899?

You can find more information about CVE-2020-27899 on the official Apple support website.

Vulnerability/
CVE-2020-27899

high

7.8

CWE

416

5/11/2020

2/4/2021

4/8/2024

CVE-2020-27899: Use After Free

First published: Thu Nov 05 2020(Updated: )

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A local attacker may be able to elevate their privileges.

Credit: 08Tc3wBB ZecOps08Tc3wBB ZecOps08Tc3wBB ZecOps08Tc3wBB ZecOps product-security@apple.com

Affected Software	Affected Version	How to fix
Apple tvOS	<14.2	14.2
Apple watchOS	<7.1	7.1
Apple iOS	<14.2	14.2
Apple iPadOS	<14.2	14.2
Apple macOS Big Sur	<11.0.1	11.0.1
Apple iPadOS	<14.2
Apple iPhone OS	<14.2
Apple macOS	<11.0.1
Apple tvOS	<14.2
Apple watchOS	<7.1

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/HT211928 (Advisory)
https://support.apple.com/en-us/HT211929 (Advisory)
https://support.apple.com/en-us/HT211930 (Advisory)
https://support.apple.com/en-us/HT211931 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2020-27914
CVE-2020-27915
CVE-2020-27903
CVE-2020-27910
CVE-2020-27916
CVE-2020-9943
CVE-2020-9944
CVE-2020-27906
CVE-2020-27945
CVE-2020-27908
CVE-2020-27909
CVE-2020-9960
CVE-2020-10017
CVE-2020-9949
CVE-2020-9897
CVE-2020-9883
CVE-2020-10003
CVE-2020-27922
CVE-2020-9999
CVE-2020-27937
CVE-2020-9965
CVE-2020-9966
CVE-2020-27894
CVE-2020-36615
CVE-2021-1790
CVE-2021-1775
CVE-2020-29629
CVE-2020-27942
CVE-2020-9962
CVE-2020-27952
CVE-2020-9956
CVE-2020-27931
CVE-2020-27930
CVE-2020-27927
CVE-2020-29639
CVE-2020-10002
CVE-2020-9978
CVE-2020-9955
CVE-2020-27924
CVE-2020-27912
CVE-2020-27923
CVE-2020-9876
CVE-2020-10015
CVE-2020-27897
CVE-2020-27907
CVE-2020-27919
CVE-2020-9967
CVE-2020-9975
CVE-2020-27921
CVE-2020-27904
CVE-2019-14899
CVE-2020-27950
CVE-2020-9974
CVE-2020-10016
CVE-2020-27932
CVE-2020-27917
CVE-2020-27920
CVE-2020-27911
CVE-2020-9971
CVE-2020-10014
CVE-2020-10010
CVE-2020-9941
CVE-2020-9988
CVE-2020-9989
CVE-2020-10011
CVE-2020-13524
CVE-2020-10004
CVE-2020-9996
CVE-2020-27901
CVE-2020-27900
CVE-2019-20838
CVE-2020-14155
CVE-2020-10007
CVE-2020-27896
CVE-2020-9963
CVE-2020-10012
CVE-2020-10663
CVE-2020-9945
CVE-2020-9977
CVE-2020-9942
CVE-2020-9987
CVE-2021-1803
CVE-2020-9969
CVE-2020-27893
CVE-2021-1755
CVE-2020-10005
CVE-2020-9991
CVE-2020-9849
CVE-2020-15358
CVE-2020-13631
CVE-2020-13434
CVE-2020-13435
CVE-2020-13630
CVE-2020-27899
CVE-2020-10009
CVE-2020-10008
CVE-2020-27918
CVE-2020-9947
CVE-2020-9950
CVE-2020-27898
CVE-2020-27935
CVE-2020-10006
CVE-2020-27905
CVE-2020-27925
CVE-2020-27902
CVE-2020-27926

Frequently Asked Questions

What is CVE-2020-27899?
CVE-2020-27899 is a vulnerability in the Symptom Framework that allows for a use after free issue due to improper memory management.
Which software is affected by CVE-2020-27899?
CVE-2020-27899 affects Apple iOS up to version 14.2, Apple iPadOS up to version 14.2, Apple tvOS up to version 14.2, Apple macOS Big Sur up to version 11.0.1, and Apple watchOS up to version 7.1.
What is the severity of CVE-2020-27899?
The severity of CVE-2020-27899 is not specified, but it is a use after free vulnerability that can lead to code execution or information disclosure.
How can I fix CVE-2020-27899?
To fix CVE-2020-27899, update your Apple devices to the latest available version of their respective operating systems.
Where can I find more information about CVE-2020-27899?
You can find more information about CVE-2020-27899 on the official Apple support website.

agent/type
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
collector/apple-support
agent/software-canonical-lookup-request
collector/nvd-index
agent/references
agent/weakness
agent/severity
agent/author
agent/tags
agent/event
agent/description
collector/mitre-cve
source/MITRE
vendor/apple
canonical/apple macos big sur
canonical/apple watchos
canonical/apple ipados
canonical/apple iphone os
canonical/apple macos
canonical/apple tvos
canonical/apple ios