← back
CVE-2020-9818

CVE-2020-9818

CVSS 8.8 HIGHEPSS 2.3%● KEVCWE-787
Vexday Risk Score
51Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 8.8EPSS 2.3%KEV simPoC Nuclei Metasploit Patch
Lifecycle
09 Jun 2020Published on NVD
03 Nov 2021Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

A flaw in Apple's mail app allows maliciously crafted emails to write data beyond memory boundaries, potentially causing the app to crash or allowing attackers to modify system memory without proper authorization.

Technical detail

An out-of-bounds write vulnerability in iOS/iPadOS mail processing fails to properly validate buffer bounds when parsing specially crafted mail messages, allowing local or remote attackers to achieve arbitrary memory modification or denial of service via a malicious email attachment or content.

Summary generated and translated by AI from the official description.
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Apple · iOSApple · iOS-1Apple · watchOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.apple.com/HT211168https://support.apple.com/HT211169https://support.apple.com/HT211175https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9818