← back
CVE-2020-9907

CVE-2020-9907

CVSS 7.8 HIGHEPSS 3.7%● KEVCWE-787
Vexday Risk Score
51Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.8EPSS 3.7%KEV simPoC Nuclei Metasploit Patch
Lifecycle
16 Oct 2020Published on NVD
27 Jun 2022Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

A memory corruption vulnerability in Apple's operating systems allowed apps to run malicious code with the highest system privileges (kernel level). This could let attackers take complete control of your device.

Technical detail

A memory corruption vulnerability (CWE-787: out-of-bounds write) in iOS, iPadOS, and tvOS allowed local applications to execute arbitrary code with kernel privileges. The vulnerability was addressed by removing the vulnerable code path; exploitation required execution context on the affected device.

Summary generated and translated by AI from the official description.
A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An application may be able to execute arbitrary code with kernel privileges.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Apple · iOSApple · tvOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.apple.com/HT211288https://support.apple.com/HT211290https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9907