(Pwn2Own) Apple macOS cfprefsd Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability

🗓️ 28 May 2020 00:00:00Reported by @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_GatechType

zdi

zdi🔗 www.zerodayinitiative.com👁 92 Views

Apple macOS cfprefsd privilege escalation vulnerabilit

Reporter	Title	Published	Views	Family All 24
0day.today	macOS cfprefsd Arbitrary File Write / Local Privilege Escalation Exploit	7 Sep 202000:00	–	zdt
Apple	About the security content of macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra	26 May 202000:00	–	apple
Apple	About the security content of tvOS 13.4.5	20 May 202000:00	–	apple
Apple	About the security content of iOS 13.5 and iPadOS 13.5	20 May 202000:00	–	apple
Apple	About the security content of watchOS 6.2.5	18 May 202000:00	–	apple
Apple	About the security content of iOS 13.5 and iPadOS 13.5 - Apple Support	21 Sep 202004:30	–	apple
Apple	About the security content of macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra - Apple Support	21 Sep 202004:32	–	apple
Apple	About the security content of tvOS 13.4.5 - Apple Support	21 Sep 202004:33	–	apple
Apple	About the security content of watchOS 6.2.5 - Apple Support	21 Sep 202004:34	–	apple
Tenable Nessus	Apple iOS < 13.5 Multiple Vulnerabilities	27 May 202000:00	–	nessus

Source	Link
support	www.support.apple.com/en-gb/HT211170

28 May 2020 00:00Current

3.7Low risk

Vulners AI Score3.7

CVSS 37.8

EPSS0.35894

apple macos cfprefsd privilege escalation vulnerability file permissions local attacker root execution