CVE-2020–9962 : Apple FontParser Buffer Overflow Vulnerability (Short)

with Apple security updates, buffer overflow vulnerability was addressed with improved size validation.

With proof of concept app compiled with ASan and Guard Malloc , processing the proof of concept image should buffer overflow similar to the following.

Program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. This too may lead to arbitrary code execution.

This issue was addressed on Apple systems. I credited by Apple on macOS Big Sur 11.1, Security Update 2020–001 Catalina, Security Update 2020–007 Mojave update and macOS Big Sur 11.0.1 articles. Also, company will be crediting me at iOS,tvOS,watchOS (for this issue).

Regarding the Apple security bounty program, report is currently being evaluated.

“Why join the navy if you can be a pirate?”

-Steve Jobs

Best regards,

Have a nice day!

--

--

--

20 Years Old | Computer Engineering Student | Linux/UNIX, Apple Developer | 67 Credits From Apple (for security issues/security developments) 🏆🎉

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Web App Security is not a Feature, But it’s a part of Modern Web Application Development Process

{UPDATE} Kvíz M?sta - Slovní Hra Hack Free Resources Generator

SO/IEC 27040:2015 — OVERVIEW AND SANITATION STANDARDS

Benjilock TSA FINGERPRINT PADLOCK REVIEW | MacSources

Ways to Teach Kids about Cybersecurity

Ways to Teach Kids about Cybersecurity

Hideez Key REVIEW Lots of Promise, limited utility

Leveraging the graph to speed up malicious email analysis

MAP Protocol Weekly Report #46 (November 2nd — November 8th)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Yiğit Can Yılmaz

Yiğit Can Yılmaz

20 Years Old | Computer Engineering Student | Linux/UNIX, Apple Developer | 67 Credits From Apple (for security issues/security developments) 🏆🎉

More from Medium

Pair Programming시 Git 관리/Git Workflow

Doctor Strange in the Multiverse of Madness: Executive Summary

Olivier Messiaen, piano, vocal ensemble; in his unique language

A breezy three mile walk