#VU30347 Buffer overflow in watchOS - CVE-2020-3834
Published: February 27, 2020 / Updated: July 17, 2020
Vulnerability identifier: #VU30347
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-3834
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
watchOS
watchOS
Software vendor:
Apple Inc.
Apple Inc.
Description
The vulnerability allows a local non-authenticated attacker to execute arbitrary code.
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.
Remediation
Install update from vendor's website.