CVE-2020-9954: Buffer Overflow
First published: Wed Sep 16 2020(Updated: )
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 7.0, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave, iOS 14.0 and iPadOS 14.0. Playing a malicious audio file may lead to arbitrary code execution.
Credit: Francis Trend Micro Zero Day InitiativeJunDong Xie Ant Group LightFrancis Trend Micro Zero Day InitiativeJunDong Xie Ant Group LightFrancis Trend Micro Zero Day InitiativeJunDong Xie Ant Group LightFrancis Trend Micro Zero Day InitiativeJunDong Xie Ant Group Light product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple tvOS | <14.0 | 14.0 |
| Apple watchOS | <7.0 | 7.0 |
| Apple macOS Catalina | <10.15.7 | 10.15.7 |
| Apple High Sierra | ||
| Apple Mojave | ||
| Apple iOS | <14.0 | 14.0 |
| Apple iPadOS | <14.0 | 14.0 |
| Apple iPadOS | <14.0 | |
| Apple iPhone OS | <14.0 | |
| Apple Mac OS X | <10.15.7 | |
| Apple tvOS | <14.0 | |
| Apple watchOS | <7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT211843 (Advisory)
- https://support.apple.com/en-us/HT211844 (Advisory)
- https://support.apple.com/en-us/HT211849 (Advisory)
- https://support.apple.com/en-us/HT211850 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2020-9954
- CVE-2020-9986
- CVE-2020-9961
- CVE-2020-9981
- CVE-2020-9941
- CVE-2020-10011
- CVE-2020-9973
- CVE-2020-13520
- CVE-2020-9968
- CVE-2020-10013
- CVE-2020-9943
- CVE-2020-9944
- CVE-2020-9960
- CVE-2020-9949
- CVE-2020-9999
- CVE-2020-9965
- CVE-2020-9966
- CVE-2020-29629
- CVE-2020-9956
- CVE-2020-9962
- CVE-2020-27931
- CVE-2020-29639
- CVE-2020-9978
- CVE-2020-36521
- CVE-2020-9876
- CVE-2020-9955
- CVE-2020-9967
- CVE-2020-9975
- CVE-2020-9976
- CVE-2020-9971
- CVE-2020-9989
- CVE-2020-9946
- CVE-2020-9993
- CVE-2020-9969
- CVE-2020-13434
- CVE-2020-13435
- CVE-2020-9991
- CVE-2020-15358
- CVE-2020-9849
- CVE-2020-13631
- CVE-2020-13630
- CVE-2020-9947
- CVE-2020-9950
- CVE-2020-9951
- CVE-2020-9983
- CVE-2020-9952
- CVE-2020-9979
- CVE-2020-9958
- CVE-2020-9773
- CVE-2020-9992
- CVE-2020-9964
- CVE-2019-14899
- CVE-2020-9988
- CVE-2020-6147
- CVE-2020-9972
- CVE-2020-9996
- CVE-2020-9963
- CVE-2020-9977
- CVE-2020-9959
Frequently Asked Questions
What is CVE-2020-9954?
CVE-2020-9954 is a vulnerability in CoreAudio that allows for a buffer overflow, which has been addressed with improved memory handling.
Which software is affected by CVE-2020-9954?
CVE-2020-9954 affects Apple tvOS (up to version 14.0), Apple iOS (up to version 14.0), Apple iPadOS (up to version 14.0), Apple macOS Catalina (up to version 10.15.7), Apple High Sierra, Apple Mojave, and Apple watchOS (up to version 7.0).
How severe is CVE-2020-9954?
CVE-2020-9954 has a severity score of 9.8 (Critical) based on the Common Vulnerability Scoring System (CVSS) v3.0.
How can I fix CVE-2020-9954?
To fix CVE-2020-9954, you should update your Apple software to the latest available version. Please refer to the official Apple support page for specific instructions.
Where can I find more information about CVE-2020-9954?
You can find more information about CVE-2020-9954 on the official Apple support page. The reference links provided are also helpful resources.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/references
- collector/apple-support
- agent/software-canonical-lookup-request
- agent/event
- agent/weakness
- agent/severity
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- vendor/apple
- canonical/apple macos catalina
- canonical/apple high sierra
- canonical/apple mojave
- canonical/apple watchos
- canonical/apple tvos
- canonical/apple ios
- canonical/apple ipados
- canonical/apple iphone os
- canonical/apple mac os x