Buffer overflow in watchOS - CVE-2020-3834
Published: February 27, 2020 / Updated: July 17, 2020
Vulnerability identifier: #VU30347
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-3834
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
watchOS
watchOS
Detailed vulnerability description
The vulnerability allows a local non-authenticated attacker to execute arbitrary code.
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.
How to mitigate CVE-2020-3834
Install update from vendor's website.