First published: Tue Jan 28 2020(Updated: )
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3, watchOS 6.1.2. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
Credit: an anonymous researcher Trend Microan anonymous researcher Trend Micro product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple Mac OS X | <10.15.3 | |
Apple watchOS | <6.1.2 | |
Apple macOS Catalina | <10.15.3 | 10.15.3 |
Apple Mojave | ||
Apple High Sierra | ||
Apple watchOS | <6.1.2 | 6.1.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2020-3877 is a vulnerability in AnnotationKit that allows for an out-of-bounds read due to insufficient input validation.
The affected software versions include Apple watchOS up to version 6.1.2, macOS Catalina up to version 10.15.3, Apple Mojave, and Apple High Sierra.
To fix CVE-2020-3877, update your software to the latest version provided by Apple.
The severity of CVE-2020-3877 is not specified.
You can find more information about CVE-2020-3877 on the Apple support website.