CVE-2020–9962 : Apple FontParser Buffer Overflow Vulnerability (Short)

with Apple security updates, buffer overflow vulnerability was addressed with improved size validation.

With proof of concept app compiled with ASan and Guard Malloc , processing the proof of concept image should buffer overflow similar to the following.

Program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. This too may lead to arbitrary code execution.

This issue was addressed on Apple systems. I credited by Apple on macOS Big Sur 11.1, Security Update 2020–001 Catalina, Security Update 2020–007 Mojave update and macOS Big Sur 11.0.1 articles. Also, company will be crediting me at iOS,tvOS,watchOS (for this issue).

Regarding the Apple security bounty program, report is currently being evaluated.

“Why join the navy if you can be a pirate?”

-Steve Jobs

Best regards,

Have a nice day!

20 Years Old | Computer Engineering Student | Linux/UNIX, Apple Developer | 64 Credits From Apple (for security issues/security developments) 🏆🎉

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

🦸‍♂️AXS HEROES FAIRLAUNCH 🦸‍♂️🚀 August 8, 2021 3PM UTC TIME ⌚ https://countingdownto.com/?c=375

PAID Network Technical Roadmap

Best Hacking Tools Of 2017 For Windows, Linux, And Mac OS X

{UPDATE} Family Feud Info Hack Free Resources Generator

Impact of iOS Vulnerabilities Disclosed by Google Recently

The Top Ten Of File-Integrity Monitoring

{UPDATE} Jigsaw Daily: Fun Calming Game Hack Free Resources Generator

{UPDATE} Athletics 2: Summer Sports Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Yiğit Can Yılmaz

Yiğit Can Yılmaz

20 Years Old | Computer Engineering Student | Linux/UNIX, Apple Developer | 64 Credits From Apple (for security issues/security developments) 🏆🎉

More from Medium

Verdant green

Forging bonds under the Arabian sky

How to survive an artillery bombardment.

Using Private Registry NPM Packages in Cloud Builds