CVE-2020-3838

The issue was addressed with improved permissions logic. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with system privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
appleCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
appleipados
𝑥
< 13.3.1
appleiphone_os
𝑥
< 13.3.1
applemac_os_x
𝑥
< 10.14.6
applemac_os_x
10.15 ≤
𝑥
< 10.15.3
applemac_os_x
10.14.6
applemac_os_x
10.14.6:security_update_2019-001
applemac_os_x
10.14.6:security_update_2019-002
applemac_os_x
10.14.6:security_update_2020-001
applemac_os_x
10.14.6:security_update_2020-002
applemac_os_x
10.14.6:security_update_2020-003
applemac_os_x
10.14.6:security_update_2020-004
applemac_os_x
10.14.6:security_update_2020-005
applemac_os_x
10.14.6:security_update_2020-006
applemac_os_x
10.14.6:security_update_2020-007
applemac_os_x
10.14.6:security_update_2021-001
applemac_os_x
10.14.6:security_update_2021-002
applemac_os_x
10.14.6:supplemental_update
applemac_os_x
10.14.6:supplemental_update_2
appletvos
𝑥
< 13.3.1
applewatchos
𝑥
< 6.1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2021/Apr/51
https://support.apple.com/HT210918
https://support.apple.com/HT210919
https://support.apple.com/HT210920
https://support.apple.com/HT210921
https://support.apple.com/kb/HT212326
https://support.apple.com/kb/HT212327
http://seclists.org/fulldisclosure/2021/Apr/51
https://support.apple.com/HT210918
https://support.apple.com/HT210919
https://support.apple.com/HT210920
https://support.apple.com/HT210921
https://support.apple.com/kb/HT212326
https://support.apple.com/kb/HT212327