← back
CVE-2020-3837

CVE-2020-3837

CVSS 7.8 HIGHEPSS 16.1%● KEVCWE-787
Vexday Risk Score
76High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.8EPSS 16.1%KEV simPoC públicaNuclei Metasploit Patch
Lifecycle
10 Feb 2020Public PoC
27 Feb 2020Published on NVD
27 Jun 2022Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

A memory corruption vulnerability in Apple systems allows malicious applications to execute arbitrary code with the highest system privileges (kernel level). This could let attackers take complete control of the device.

Technical detail

A buffer overflow or out-of-bounds write (CWE-787) in memory handling permitted arbitrary code execution in kernel context. Exploitation required a malicious application with local execution capabilities; the vulnerability was patched by hardening memory management across iOS, iPadOS, macOS, tvOS, and watchOS platforms.

Summary generated and translated by AI from the official description.
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Apple · iOSApple · macOSApple · tvOSApple · watchOS
public PoCs found1
exploitdbwww.exploit-db.com/exploits/48035unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.apple.com/HT210918https://support.apple.com/HT210919https://support.apple.com/HT210920https://support.apple.com/HT210921https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-3837