Login Sign Up

CVE-2020-3842

7.8 HIGH

📋 TL;DR

This is a memory corruption vulnerability (CWE-787) in Apple operating systems that allows an application to execute arbitrary code with kernel privileges. It affects iOS, iPadOS, macOS, tvOS, and watchOS. Successful exploitation gives attackers complete control over affected devices.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • macOS
  • tvOS
  • watchOS
Versions: Versions prior to iOS 13.3.1, iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2
Operating Systems: iOS, iPadOS, macOS, tvOS, watchOS
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running affected versions are vulnerable by default. No special configuration required.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise: attacker gains kernel-level privileges, can install persistent malware, access all data, and control device functions.

🟠

Likely Case

Targeted attacks against specific users or organizations to steal sensitive data, install spyware, or establish persistence.

🟢

If Mitigated

Limited impact if devices are fully patched and have security controls like app sandboxing and code signing enforcement.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires an attacker to get a malicious application installed on the target device, which typically requires user interaction or social engineering.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 13.3.1, iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2

Vendor Advisory: https://support.apple.com/HT210918

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update on iOS/iPadOS/watchOS. 2. On macOS, go to System Preferences > Software Update. 3. On tvOS, go to Settings > System > Software Updates. 4. Download and install the latest update. 5. Restart device after installation.

🔧 Temporary Workarounds

Restrict App Installation

all

Only allow installation of apps from trusted sources like the App Store

On iOS/iPadOS: Settings > General > Device Management > Verify trusted sources
On macOS: System Preferences > Security & Privacy > Allow apps downloaded from: App Store

🧯 If You Can't Patch

  • Isolate affected devices from critical networks and sensitive data
  • Implement application allowlisting to prevent unauthorized app execution

🔍 How to Verify

Check if Vulnerable:

Check current OS version against affected versions list

Check Version:

iOS/iPadOS: Settings > General > About > Version; macOS: Apple menu > About This Mac; tvOS: Settings > General > About; watchOS: Watch app on iPhone > General > About

Verify Fix Applied:

Verify OS version matches or exceeds patched versions listed in fix_official.patch_version

📡 Detection & Monitoring

Log Indicators:

  • Unexpected kernel extensions loading
  • Unusual process spawning with elevated privileges
  • System integrity protection (SIP) violations on macOS

Network Indicators:

  • Unusual outbound connections from system processes
  • Command and control traffic from kernel-level processes

SIEM Query:

process.parent.name:kernel AND process.name:sh OR process.name:bash OR process.name:cmd.exe

📊 Metadata

CVE ID: CVE-2020-3842
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: February 27, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-3842, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)