CVE-2020-9859

CVSS 7.8 HIGHEPSS 0.8%● KEVCWE-415

In short

A memory handling flaw in Apple's operating systems could allow an app to consume excessive memory or crash the system. An attacker could exploit this to run malicious code with the highest level of system privileges.

Technical detail

A use-after-free vulnerability (CWE-415) in iOS, macOS, tvOS, and watchOS allows a local application to execute arbitrary code in the kernel context by triggering improper memory management. Exploitation requires the ability to run an application on the target device; successful exploitation grants kernel-level code execution.

Summary generated and translated by AI from the official description.

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Apple · iOS Apple · macOS Apple · tvOS Apple · watchOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.apple.com/HT211214 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9859