CVE-2020-27942

7.8 HIGH

Remote Code Execution

📋 TL;DR

This vulnerability allows arbitrary code execution by processing a maliciously crafted font file on affected macOS systems. It affects macOS Catalina and Mojave users who open malicious font files, potentially giving attackers full system control.

💻 Affected Systems

Products:

macOS

Versions: Catalina 10.15.7 and earlier, Mojave 10.14.6 and earlier

Operating Systems: macOS Catalina, macOS Mojave

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected macOS versions are vulnerable when processing font files.

📦 What is this software?

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining root privileges and persistent access to the device.

🟠

Likely Case

Local privilege escalation or remote code execution when user opens a malicious font file.

🟢

If Mitigated

Limited impact with proper application sandboxing and user awareness preventing font file execution.

🌐 Internet-Facing: MEDIUM - Attackers could embed malicious fonts in web pages or documents, but requires user interaction.

🏢 Internal Only: MEDIUM - Internal users could be targeted via malicious documents, but requires initial access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction to open malicious font file. No public exploit code available as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Security Update 2021-002 for Catalina, Security Update 2021-003 for Mojave

Vendor Advisory: https://support.apple.com/en-us/HT212326

Restart Required: Yes

Instructions:

1. Open System Preferences > Software Update. 2. Install Security Update 2021-002 (Catalina) or 2021-003 (Mojave). 3. Restart computer when prompted.

🔧 Temporary Workarounds

Disable automatic font installation

all

Prevent automatic processing of font files from untrusted sources

User education on font files

all

Train users to avoid opening font files from unknown sources

🧯 If You Can't Patch

Restrict user permissions to prevent font file execution
Implement application whitelisting to block suspicious font processing

🔍 How to Verify

Check if Vulnerable:

Check macOS version: Catalina 10.15.7 or earlier, Mojave 10.14.6 or earlier

Check Version:

sw_vers

Verify Fix Applied:

Verify Security Update 2021-002 (Catalina) or 2021-003 (Mojave) is installed via System Preferences > Software Update

📡 Detection & Monitoring

Log Indicators:

Unusual font file processing in system logs
Crash reports from font-related processes

Network Indicators:

Downloads of font files from suspicious sources

SIEM Query:

process_name:fontd AND (parent_process:user_interactive OR file_path:*.ttf OR file_path:*.otf)

📊 Metadata

CVE ID: CVE-2020-27942

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Published: September 8, 2021

Last Updated: November 21, 2024

🔗 References

https://support.apple.com/en-us/HT212326 Vendor Advisory
https://support.apple.com/en-us/HT212327 Vendor Advisory
https://support.apple.com/en-us/HT212326 Vendor Advisory
https://support.apple.com/en-us/HT212327 Vendor Advisory