Lucene search
FrancisZDI-20-1396HistoryDec 04, 2020 - 12:00 a.m.
Apple macOS AudioCodecs AAC Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability
2020-12-0400:00:00
Francis
www.zerodayinitiative.com
53
macos
audiocodecs
aac
decoding
vulnerability
remote code execution
user interaction
mp4
buffer overflow
EPSS
0.002
Percentile
53.6%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AudioCodecs module. Crafted AAC data in an MP4 file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
References
Related
cvelist
cvelist
CVE-2020-10017
2020-12-08 20:06:47
nvd
nvd
CVE-2020-10017
2020-12-08 21:15:12
cve
cve
CVE-2020-10017
2020-12-08 21:15:12
prion
prion
Input validation
2020-12-08 21:15:00
apple
apple
About the security content of tvOS 14.2 - Apple Support
2020-12-15 05:56:55
About the security content of watchOS 7.1 - Apple Support
2020-12-15 06:04:57
About the security content of watchOS 7.1
2020-11-05 00:00:00
nessus
nessus
Apple TV < 14.2 Multiple Vulnerabilities
2021-02-05 00:00:00
macOS 10.14.x < 10.14.6 Security Update 2020-007 / 10.15.x < 10.15.7 Security Update 2020-001 / macOS 11.x < 11.1 (HT212011)
2020-12-18 00:00:00
macOS 11.0.x < 11.0.1
2020-11-19 00:00:00
qualysblog
qualysblog
openvas
openvas
Apple Mac OS X Security Update (HT211931)
2022-09-22 00:00:00