CVE-2020–9962 : Apple FontParser Buffer Overflow Vulnerability (Short)

with Apple security updates, buffer overflow vulnerability was addressed with improved size validation.

With proof of concept app compiled with ASan and Guard Malloc , processing the proof of concept image should buffer overflow similar to the following.

Program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. This too may lead to arbitrary code execution.

This issue was addressed on Apple systems. I credited by Apple on macOS Big Sur 11.1, Security Update 2020–001 Catalina, Security Update 2020–007 Mojave update and macOS Big Sur 11.0.1 articles. Also, company will be crediting me at iOS,tvOS,watchOS (for this issue).

Regarding the Apple security bounty program, report is currently being evaluated.

“Why join the navy if you can be a pirate?”

-Steve Jobs

Best regards,

Have a nice day!

20 Years Old | Computer Engineering Student | Linux/UNIX, Apple Developer | 64 Credits From Apple (for security issues/security developments) 🏆🎉

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store