Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-10002

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A local user may be able to read arbitrary files.

Published

2020-12-08T20:15:12.777

Last Modified

2024-11-21T04:54:37.837

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apple	icloud	< 11.5	Yes
Application	apple	itunes	< 12.11	Yes
Operating System	apple	ipados	< 14.2	Yes
Operating System	apple	iphone_os	< 14.2	Yes
Operating System	apple	mac_os_x	< 11.0.1	Yes
Operating System	apple	mac_os_x	< 10.14.6	Yes
Operating System	apple	mac_os_x	< 10.15.7	Yes
Operating System	apple	mac_os_x	10.14.6	Yes
Operating System	apple	mac_os_x	10.14.6	Yes
Operating System	apple	mac_os_x	10.14.6	Yes
Operating System	apple	mac_os_x	10.14.6	Yes
Operating System	apple	mac_os_x	10.14.6	Yes
Operating System	apple	mac_os_x	10.14.6	Yes
Operating System	apple	mac_os_x	10.14.6	Yes
Operating System	apple	mac_os_x	10.14.6	Yes
Operating System	apple	mac_os_x	10.14.6	Yes
Operating System	apple	mac_os_x	10.14.6	Yes
Operating System	apple	mac_os_x	10.14.6	Yes
Operating System	apple	mac_os_x	10.14.6	Yes
Operating System	apple	mac_os_x	10.14.6	Yes
Operating System	apple	mac_os_x	10.15.7	Yes
Operating System	apple	mac_os_x	10.15.7	Yes
Operating System	apple	tvos	< 14.2	Yes
Operating System	apple	watchos	< 7.1	Yes

References

http://seclists.org/fulldisclosure/2020/Dec/26 Mailing List, Third Party Advisory ([email protected])
http://seclists.org/fulldisclosure/2020/Dec/32 Mailing List, Third Party Advisory ([email protected])
https://support.apple.com/en-us/HT211928 Vendor Advisory ([email protected])
https://support.apple.com/en-us/HT211929 Vendor Advisory ([email protected])
https://support.apple.com/en-us/HT211930 Vendor Advisory ([email protected])
https://support.apple.com/en-us/HT211931 Vendor Advisory ([email protected])
https://support.apple.com/en-us/HT211933 Vendor Advisory ([email protected])
https://support.apple.com/en-us/HT211935 Vendor Advisory ([email protected])
https://support.apple.com/kb/HT212011 Vendor Advisory ([email protected])
http://seclists.org/fulldisclosure/2020/Dec/26 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2020/Dec/32 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/en-us/HT211928 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/en-us/HT211929 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/en-us/HT211930 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/en-us/HT211931 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/en-us/HT211933 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/en-us/HT211935 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT212011 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)