Main Vulnerability Database Vulnerabilities #VU48185

#VU48185 Security features bypass in watchOS - CVE-2020-9974

Published: November 6, 2020

Vulnerability identifier: #VU48185

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-9974

CWE-ID: CWE-254

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
watchOS

Software vendor:
Apple Inc.

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists within the OS kernel that allows a local user to run a specially crafted program and determine kernel memory layout. This vulnerability can be used to bypass implemented security restrictions and leverage exploitation of other vulnerabilities.

Remediation

Install updates from vendor's website.

External links

https://support.apple.com/en-us/HT211928

#VU48185 Security features bypass in watchOS - CVE-2020-9974

Description

Remediation

External links

Please verify you're human