← back
CVE-2020-9907

CVE-2020-9907

CVSS 7.8 HIGHEPSS 3.7%● KEVCWE-787
In short

A memory corruption vulnerability in Apple's operating systems allowed apps to run malicious code with the highest system privileges (kernel level). This could let attackers take complete control of your device.

Technical detail

A memory corruption vulnerability (CWE-787: out-of-bounds write) in iOS, iPadOS, and tvOS allowed local applications to execute arbitrary code with kernel privileges. The vulnerability was addressed by removing the vulnerable code path; exploitation required execution context on the affected device.

Summary generated and translated by AI from the official description.
A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An application may be able to execute arbitrary code with kernel privileges.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Apple · iOSApple · tvOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.apple.com/HT211288https://support.apple.com/HT211290https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9907