Login Sign Up

CVE-2020-27951

7.8 HIGH
Remote Code Execution Authentication Bypass

📋 TL;DR

CVE-2020-27951 is a vulnerability in Apple operating systems that allows unauthorized code execution, potentially leading to authentication policy violations. This affects users of iOS, iPadOS, and watchOS who haven't updated to patched versions.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • watchOS
Versions: Versions prior to iOS 12.5, iOS 14.3, iPadOS 14.3, watchOS 6.3, watchOS 7.2
Operating Systems: iOS, iPadOS, watchOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected versions are vulnerable. Apple devices only.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Watchos by Apple

View all CVEs affecting Watchos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to execute arbitrary code, bypass authentication controls, and access sensitive data.

🟠

Likely Case

Limited code execution in sandboxed context, potentially allowing privilege escalation or data exfiltration.

🟢

If Mitigated

No impact if patched; minimal risk with proper network segmentation and device management controls.

🌐 Internet-Facing: MEDIUM - Requires user interaction or specific conditions for exploitation over internet.
🏢 Internal Only: MEDIUM - Similar risk profile internally; requires local network access or user interaction.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation likely requires some user interaction or specific conditions. No public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 12.5, iOS 14.3, iPadOS 14.3, watchOS 6.3, watchOS 7.2

Vendor Advisory: https://support.apple.com/en-us/HT212003

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Go to General > Software Update. 3. Install available update. 4. Restart device when prompted.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate vulnerable devices from critical networks and internet access

MDM Policy Enforcement

all

Use Mobile Device Management to enforce update policies and restrict vulnerable devices

🧯 If You Can't Patch

  • Isolate affected devices from corporate networks and sensitive data
  • Implement strict application whitelisting and network access controls

🔍 How to Verify

Check if Vulnerable:

Check Settings > General > About > Version. If version is earlier than iOS 12.5, iOS 14.3, iPadOS 14.3, watchOS 6.3, or watchOS 7.2, device is vulnerable.

Check Version:

Settings > General > About > Version (iOS/iPadOS) or Settings > General > About (watchOS)

Verify Fix Applied:

Verify version is iOS 12.5 or later, iOS 14.3 or later, iPadOS 14.3 or later, watchOS 6.3 or later, or watchOS 7.2 or later.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected process execution
  • Authentication policy violations
  • System integrity alerts

Network Indicators:

  • Unusual outbound connections from Apple devices
  • Anomalous authentication attempts

SIEM Query:

device.vendor:"Apple" AND device.version:"<12.5" OR device.version:"<14.3" OR device.version:"<6.3" OR device.version:"<7.2"

📊 Metadata

CVE ID: CVE-2020-27951
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: April 2, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON