Vulnerabilities > CVE-2020-27901 - Incorrect Authorization vulnerability in Apple Macos

CVSS 6.3 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

local

low complexity

apple

CWE-863

NVD

Published: 2021-04-02

Updated: 2021-04-07

Summary

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A sandboxed process may be able to circumvent sandbox restrictions.

Vulnerable Configurations

Part	Description	Count
OS	Apple Apple Macos - Apple Macos 1.0 Apple Macos 7.5.3 Apple Macos 7.6 Apple Macos 7.6.1 Apple Macos 8.0 Apple Macos 8.1 Apple Macos 8.5 Apple Macos 8.6 Apple Macos 9 Apple Macos 9.0 Apple Macos 10.15.7 Apple Macos 11.0 Apple Macos 11.0.1 Apple Macos 11.1	28

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://support.apple.com/en-us/HT212011
https://support.apple.com/en-us/HT211931