Login Sign Up

CVE-2020-10013

7.8 HIGH
Remote Code Execution

📋 TL;DR

This CVE describes a kernel privilege escalation vulnerability in Apple's iOS, iPadOS, and tvOS. An application could exploit a logic issue to execute arbitrary code with kernel privileges, potentially gaining full control of the device. This affects devices running versions before iOS 14.0, iPadOS 14.0, and tvOS 14.0.

💻 Affected Systems

Products:
  • iPhone
  • iPad
  • Apple TV
Versions: Versions before iOS 14.0, iPadOS 14.0, tvOS 14.0
Operating Systems: iOS, iPadOS, tvOS
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running affected versions are vulnerable by default. Requires malicious application installation.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Tvos by Apple

View all CVEs affecting Tvos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to install persistent malware, access all user data, bypass security controls, and potentially use device as pivot point in network attacks.

🟠

Likely Case

Targeted attacks against specific users to gain elevated privileges, access sensitive data, or install surveillance tools.

🟢

If Mitigated

Limited impact if devices are already patched or isolated from untrusted applications.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user to install malicious application. No public exploit code available at time of advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 14.0, iPadOS 14.0, tvOS 14.0

Vendor Advisory: https://support.apple.com/en-us/HT211843

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Tap General. 3. Tap Software Update. 4. Download and install iOS 14.0 or later. 5. Device will restart automatically.

🔧 Temporary Workarounds

Application Restriction

all

Restrict installation of untrusted applications to reduce attack surface.

🧯 If You Can't Patch

  • Isolate affected devices from critical networks and sensitive data
  • Implement strict application whitelisting policies

🔍 How to Verify

Check if Vulnerable:

Check Settings > General > About > Version. If version is earlier than iOS 14.0, iPadOS 14.0, or tvOS 14.0, device is vulnerable.

Check Version:

Settings > General > About > Version (no command line available on iOS devices)

Verify Fix Applied:

Verify version shows iOS 14.0 or later, iPadOS 14.0 or later, or tvOS 14.0 or later in Settings > General > About > Version.

📡 Detection & Monitoring

Log Indicators:

  • Unusual kernel process activity
  • Unexpected privilege escalation attempts
  • Suspicious application behavior

Network Indicators:

  • Unusual outbound connections from mobile devices
  • Traffic to known malicious domains

SIEM Query:

device.os.name:"iOS" AND device.os.version:"<14.0" OR device.os.name:"iPadOS" AND device.os.version:"<14.0" OR device.os.name:"tvOS" AND device.os.version:"<14.0"

📊 Metadata

CVE ID: CVE-2020-10013
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: December 8, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON