← back
CVE-2020-3837

CVE-2020-3837

CVSS 7.8 HIGHEPSS 16.1%● KEVCWE-787
In short

A memory corruption vulnerability in Apple systems allows malicious applications to execute arbitrary code with the highest system privileges (kernel level). This could let attackers take complete control of the device.

Technical detail

A buffer overflow or out-of-bounds write (CWE-787) in memory handling permitted arbitrary code execution in kernel context. Exploitation required a malicious application with local execution capabilities; the vulnerability was patched by hardening memory management across iOS, iPadOS, macOS, tvOS, and watchOS platforms.

Summary generated and translated by AI from the official description.
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Apple · iOSApple · macOSApple · tvOSApple · watchOS
public PoCs found1
exploitdbwww.exploit-db.com/exploits/48035unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.apple.com/HT210918https://support.apple.com/HT210919https://support.apple.com/HT210920https://support.apple.com/HT210921https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-3837