CVE-2020-3872: 
macOS vulnerability analysis and mitigation

A memory initialization issue was discovered in Apple operating systems that could allow an application to read restricted memory. The vulnerability (CVE-2020-3872) was fixed in iOS 13.3.1, iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, and watchOS 6.1.2, released on January 28, 2020. The vulnerability was discovered by Haakon Garseg Mørk and Cim Stordal of Cognite (Apple Security).

The vulnerability is a memory initialization issue in the kernel component that was addressed with improved memory handling. It has a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. The vulnerability allows local access, requires low attack complexity, needs no privileges, but does require user interaction. It can result in high confidentiality impact but has no effect on integrity or availability (NVD).

The vulnerability allows a malicious application to read restricted memory, potentially exposing sensitive information stored in memory. This could lead to unauthorized access to protected data (Apple Security).

Apple addressed this vulnerability by improving memory handling in the affected operating systems. Users should update to iOS 13.3.1, iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, or watchOS 6.1.2 or later versions to protect against this vulnerability (Apple Security).