CVE-2020-27914 – This memory corruption vulnerability in macOS a... (How to Fix)

Q: What is the severity of CVE-2020-27914?

CVE-2020-27914 has a CVSS score of 7.8 (HIGH). This memory corruption vulnerability in macOS allows malicious applications to execute arbitrary code with system privileges. It affects macOS Catalina, Mojave, and Big Sur systems. Attackers could gain complete control of affected systems.

📋 TL;DR

This memory corruption vulnerability in macOS allows malicious applications to execute arbitrary code with system privileges. It affects macOS Catalina, Mojave, and Big Sur systems. Attackers could gain complete control of affected systems.

💻 Affected Systems

Products:

macOS

Versions: macOS Catalina, macOS Mojave, macOS Big Sur before 11.1

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected macOS versions are vulnerable. Requires local application execution.

📦 What is this software?

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining root privileges, enabling installation of persistent malware, data theft, and complete system control.

🟠

Likely Case

Malicious application exploiting the vulnerability to gain elevated privileges, potentially leading to data exfiltration or ransomware deployment.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions in place.

🌐 Internet-Facing: LOW (requires local application execution)

🏢 Internal Only: HIGH (malicious insider or malware could exploit locally)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user to execute malicious application. No public exploit code available at disclosure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave

Vendor Advisory: https://support.apple.com/en-us/HT211931

Restart Required: Yes

Instructions:

1. Open System Preferences > Software Update. 2. Install available security updates. 3. Restart system when prompted.

🔧 Temporary Workarounds

Application Restriction

all

Restrict installation and execution of untrusted applications

sudo spctl --master-enable
sudo spctl --enable --label "Developer ID"

🧯 If You Can't Patch

Implement strict application allowlisting to prevent execution of untrusted applications
Use standard user accounts instead of admin accounts for daily use

🔍 How to Verify

Check if Vulnerable:

Check macOS version: sw_vers -productVersion

Check Version:

sw_vers -productVersion

Verify Fix Applied:

Verify macOS version is 11.1 or higher for Big Sur, or has security updates 2020-001/2020-007 installed

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation events
Suspicious application execution with elevated privileges

Network Indicators:

Unusual outbound connections from system processes

SIEM Query:

process where parent_process_name contains "launchd" and process_name not in (approved_list) and integrity_level changed

📊 Metadata

CVE ID: CVE-2020-27914

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: April 2, 2021

Last Updated: November 21, 2024

🔗 References

https://support.apple.com/en-us/HT211931 Vendor Advisory
https://support.apple.com/en-us/HT212011 Vendor Advisory
https://support.apple.com/en-us/HT211931 Vendor Advisory
https://support.apple.com/en-us/HT212011 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-27914, you might also want to check these: