CVE-2020–9962 : Apple FontParser Buffer Overflow Vulnerability (Short)
with Apple security updates, buffer overflow vulnerability was addressed with improved size validation.
With proof of concept app compiled with ASan and Guard Malloc , processing the proof of concept image should buffer overflow similar to the following.
Program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. This too may lead to arbitrary code execution.
This issue was addressed on Apple systems. I credited by Apple on macOS Big Sur 11.1, Security Update 2020–001 Catalina, Security Update 2020–007 Mojave update and macOS Big Sur 11.0.1 articles. Also, company will be crediting me at iOS,tvOS,watchOS (for this issue).
Regarding the Apple security bounty program, report is currently being evaluated.
“Why join the navy if you can be a pirate?”
Have a nice day!