CVE-2020-27911: 
macOS vulnerability analysis and mitigation

CVE-2020-27911 is an integer overflow vulnerability discovered in libxml2 that was addressed through improved input validation. The vulnerability was fixed in multiple Apple products including macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, and iTunes 12.11 for Windows. The vulnerability was discovered by OSS-Fuzz (Apple Security, NVD).

The vulnerability is classified as an integer overflow issue in libxml2 that could allow remote attackers to cause unexpected application termination or execute arbitrary code. The vulnerability received a CVSS v3.1 base score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

If exploited, this vulnerability could allow a remote attacker to cause unexpected application termination or execute arbitrary code on the affected system (Apple Security).

Apple addressed this vulnerability by implementing improved input validation in libxml2. Users should update to macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, or iTunes 12.11 for Windows depending on their affected system (Apple Security).