Main Vulnerability Database Vulnerabilities #VU28314

Time-of-check Time-of-use (TOCTOU) Race Condition in macOS - CVE-2020-9839

Published: May 28, 2020 / Updated: October 9, 2021

Vulnerability identifier: #VU28314

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear

CVE-ID: CVE-2020-9839

CWE-ID:

Exploitation vector: Local access

Exploit availability: The vulnerability is being exploited in the wild

Vendor: Apple Inc.

Affected software:
macOS

Detailed vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a lack of proper locking when performing operations on an object within the handling of file permissions. An local user can gain elevated privileges on the target system.

How to mitigate CVE-2020-9839

Install updates from vendor's website.

Sources

https://www.zerodayinitiative.com/advisories/ZDI-20-681/
https://support.apple.com/en-gb/HT211170

Time-of-check Time-of-use (TOCTOU) Race Condition in macOS - CVE-2020-9839

Detailed vulnerability description

How to mitigate CVE-2020-9839

Sources

Please verify you're human