Lucene search
FrancisZDI-20-1392HistoryDec 03, 2020 - 12:00 a.m.
Apple macOS AudioCodecs Out-Of-Bounds Write Remote Code Execution Vulnerability
2020-12-0300:00:00
Francis
www.zerodayinitiative.com
24
apple macos
audiocodecs
vulnerability
remote code execution
mp4 file
malicious page
arbitrary code
EPSS
0.002
Percentile
53.9%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AudioCodecs module. Crafted data in an MP4 file can trigger a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process.
References
Related
cvelist
cvelist
CVE-2020-9954
2020-12-08 19:20:30
prion
prion
Buffer overflow
2020-12-08 20:15:00
cve
cve
CVE-2020-9954
2020-12-08 20:15:16
nvd
nvd
CVE-2020-9954
2020-12-08 20:15:16
openvas
openvas
Apple Mac OS X Security Update (HT211849) - 02
2022-09-21 00:00:00
apple
apple
About the security content of macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave - Apple Support
2020-11-12 10:19:34
About the security content of macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave
2020-09-24 00:00:00
About the security content of tvOS 14.0 - Apple Support
2020-12-15 05:52:05
qualysblog
qualysblog