CVE-2020-10010

7.8 HIGH

Path Traversal

📋 TL;DR

This CVE describes a path handling vulnerability in Apple operating systems that allows local attackers to elevate privileges through improper validation. It affects macOS, iOS, iPadOS, tvOS, and watchOS. Attackers could gain higher system permissions than intended.

💻 Affected Systems

Products:

macOS
iOS
iPadOS
tvOS
watchOS

Versions: Versions prior to macOS Big Sur 11.0.1, iOS 14.2, iPadOS 14.2, tvOS 14.2, watchOS 7.1

Operating Systems: macOS, iOS, iPadOS, tvOS, watchOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected Apple operating systems are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains root/system-level privileges, enabling complete system compromise, data theft, persistence mechanisms, and lateral movement.

🟠

Likely Case

Local user or malware gains elevated privileges to install additional payloads, modify system files, or bypass security controls.

🟢

If Mitigated

With proper patching and least privilege principles, impact is limited to denial of service or minimal privilege escalation within user context.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to exploit.

🏢 Internal Only: HIGH - Internal users or compromised accounts can exploit this to gain elevated privileges on affected Apple devices.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access but is relatively straightforward based on the path handling nature. Public disclosures suggest exploit code exists.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Big Sur 11.0.1, iOS 14.2, iPadOS 14.2, tvOS 14.2, watchOS 7.1

Vendor Advisory: https://support.apple.com/en-us/HT211928

Restart Required: Yes

Instructions:

1. Open System Preferences > Software Update on macOS or Settings > General > Software Update on iOS/iPadOS. 2. Download and install the available update. 3. Restart the device when prompted.

🔧 Temporary Workarounds

Restrict local user privileges

all

Implement least privilege principles to limit what local users can do even if they exploit the vulnerability

🧯 If You Can't Patch

Implement strict access controls and monitor for privilege escalation attempts
Segment affected devices from critical systems and apply additional monitoring

🔍 How to Verify

Check if Vulnerable:

Check OS version: On macOS, go to Apple menu > About This Mac. On iOS/iPadOS, go to Settings > General > About. Compare against patched versions.

Check Version:

macOS: sw_vers -productVersion; iOS/iPadOS: Settings > General > About > Version

Verify Fix Applied:

Verify OS version matches or exceeds: macOS 11.0.1, iOS 14.2, iPadOS 14.2, tvOS 14.2, watchOS 7.1

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation events
Processes running with unexpected privileges
System file modifications by non-privileged users

Network Indicators:

None - this is a local vulnerability

SIEM Query:

Search for process creation events where parent process has lower privileges than child process, or unexpected privilege changes in system logs

📊 Metadata

CVE ID: CVE-2020-10010

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: December 8, 2020

Last Updated: November 21, 2024

🔗 References

http://seclists.org/fulldisclosure/2020/Dec/26 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2020/Dec/32 Mailing List,Third Party Advisory
https://support.apple.com/en-us/HT211928 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT211929 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT211930 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT211931 Release Notes,Vendor Advisory
https://support.apple.com/kb/HT212011 Vendor Advisory
http://seclists.org/fulldisclosure/2020/Dec/26 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2020/Dec/32 Mailing List,Third Party Advisory
https://support.apple.com/en-us/HT211928 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT211929 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT211930 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT211931 Release Notes,Vendor Advisory
https://support.apple.com/kb/HT212011 Vendor Advisory