What is CVE-2020-27927?

CVE-2020-27927 is an out-of-bounds write vulnerability in FontParser that has been addressed with improved bounds checking.

Which software is affected by CVE-2020-27927?

iPhone and iPad devices running iOS 14.2, iPod devices running watchOS 7.1, Mac devices running macOS Big Sur 11.0.1, and Apple TV devices running tvOS 14.2 are affected by CVE-2020-27927.

What is the severity of CVE-2020-27927?

The severity of CVE-2020-27927 is not mentioned in the information provided.

How can I fix CVE-2020-27927?

To fix CVE-2020-27927, update your affected Apple devices to the recommended versions: iOS 14.2, iPadOS 14.2, watchOS 7.1, macOS Big Sur 11.0.1, or tvOS 14.2, as specified by Apple.

Where can I find more information about CVE-2020-27927?

You can find more information about CVE-2020-27927 on the Apple support website: [link1], [link2], [link3].

Vulnerability/
CVE-2020-27927

high

7.8

CWE

787

5/11/2020

8/12/2020

4/8/2024

CVE-2020-27927

First published: Thu Nov 05 2020(Updated: )

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted font file may lead to arbitrary code execution.

Credit: Xingwei Lin Ant Security LightXingwei Lin Ant Security LightXingwei Lin Ant Security LightXingwei Lin Ant Security Light product-security@apple.com

Affected Software	Affected Version	How to fix
Apple iPadOS	<14.2
Apple iPhone OS	<14.2
Apple macOS	<11.0.1
Apple tvOS	<14.2
Apple watchOS	<7.1
Apple tvOS	<14.2	14.2
Apple watchOS	<7.1	7.1
Apple iOS	<14.2	14.2
Apple iPadOS	<14.2	14.2
Apple macOS Big Sur	<11.0.1	11.0.1

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/HT211928 (Advisory)
https://support.apple.com/en-us/HT211929 (Advisory)
https://support.apple.com/en-us/HT211930 (Advisory)
https://support.apple.com/en-us/HT211931 (Advisory)
http://seclists.org/fulldisclosure/2020/Dec/32

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2020-27914
CVE-2020-27915
CVE-2020-27903
CVE-2020-27910
CVE-2020-27916
CVE-2020-9943
CVE-2020-9944
CVE-2020-27906
CVE-2020-27945
CVE-2020-27908
CVE-2020-27909
CVE-2020-9960
CVE-2020-10017
CVE-2020-9949
CVE-2020-9897
CVE-2020-9883
CVE-2020-10003
CVE-2020-27922
CVE-2020-9999
CVE-2020-27937
CVE-2020-9965
CVE-2020-9966
CVE-2020-27894
CVE-2020-36615
CVE-2021-1790
CVE-2021-1775
CVE-2020-29629
CVE-2020-27942
CVE-2020-9962
CVE-2020-27952
CVE-2020-9956
CVE-2020-27931
CVE-2020-27930
CVE-2020-27927
CVE-2020-29639
CVE-2020-10002
CVE-2020-9978
CVE-2020-9955
CVE-2020-27924
CVE-2020-27912
CVE-2020-27923
CVE-2020-9876
CVE-2020-10015
CVE-2020-27897
CVE-2020-27907
CVE-2020-27919
CVE-2020-9967
CVE-2020-9975
CVE-2020-27921
CVE-2020-27904
CVE-2019-14899
CVE-2020-27950
CVE-2020-9974
CVE-2020-10016
CVE-2020-27932
CVE-2020-27917
CVE-2020-27920
CVE-2020-27911
CVE-2020-9971
CVE-2020-10014
CVE-2020-10010
CVE-2020-9941
CVE-2020-9988
CVE-2020-9989
CVE-2020-10011
CVE-2020-13524
CVE-2020-10004
CVE-2020-9996
CVE-2020-27901
CVE-2020-27900
CVE-2019-20838
CVE-2020-14155
CVE-2020-10007
CVE-2020-27896
CVE-2020-9963
CVE-2020-10012
CVE-2020-10663
CVE-2020-9945
CVE-2020-9977
CVE-2020-9942
CVE-2020-9987
CVE-2021-1803
CVE-2020-9969
CVE-2020-27893
CVE-2021-1755
CVE-2020-10005
CVE-2020-9991
CVE-2020-9849
CVE-2020-15358
CVE-2020-13631
CVE-2020-13434
CVE-2020-13435
CVE-2020-13630
CVE-2020-27899
CVE-2020-10009
CVE-2020-10008
CVE-2020-27918
CVE-2020-9947
CVE-2020-9950
CVE-2020-27898
CVE-2020-27935
CVE-2020-10006
CVE-2020-27905
CVE-2020-27925
CVE-2020-27902
CVE-2020-27926

Frequently Asked Questions

What is CVE-2020-27927?
CVE-2020-27927 is an out-of-bounds write vulnerability in FontParser that has been addressed with improved bounds checking.
Which software is affected by CVE-2020-27927?
iPhone and iPad devices running iOS 14.2, iPod devices running watchOS 7.1, Mac devices running macOS Big Sur 11.0.1, and Apple TV devices running tvOS 14.2 are affected by CVE-2020-27927.
What is the severity of CVE-2020-27927?
The severity of CVE-2020-27927 is not mentioned in the information provided.
How can I fix CVE-2020-27927?
To fix CVE-2020-27927, update your affected Apple devices to the recommended versions: iOS 14.2, iPadOS 14.2, watchOS 7.1, macOS Big Sur 11.0.1, or tvOS 14.2, as specified by Apple.
Where can I find more information about CVE-2020-27927?
You can find more information about CVE-2020-27927 on the Apple support website: [link1], [link2], [link3].

agent/type
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/apple-support
agent/software-canonical-lookup-request
agent/tags
collector/nvd-index
agent/author
agent/references
agent/weakness
agent/severity
agent/event
agent/description
collector/mitre-cve
source/MITRE
vendor/apple
canonical/apple macos big sur
canonical/apple watchos
canonical/apple ipados
canonical/apple iphone os
canonical/apple macos
canonical/apple tvos
canonical/apple ios