CVE-2020-3845 – CVE-2020-3845 is a memory corruption vulnerabil... (How to Fix)

Q: What is the severity of CVE-2020-3845?

CVE-2020-3845 has a CVSS score of 7.8 (HIGH). CVE-2020-3845 is a memory corruption vulnerability in macOS that allows an application to execute arbitrary code with system privileges. This affects macOS Catalina versions before 10.15.3, potentially giving attackers full control of affected systems.

📋 TL;DR

CVE-2020-3845 is a memory corruption vulnerability in macOS that allows an application to execute arbitrary code with system privileges. This affects macOS Catalina versions before 10.15.3, potentially giving attackers full control of affected systems.

💻 Affected Systems

Products:

macOS

Versions: macOS Catalina versions before 10.15.3

Operating Systems: macOS Catalina

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected macOS Catalina versions are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Mac Os X by Apple

View all CVEs affecting Mac Os X →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root-level access, allowing installation of persistent malware, data theft, and lateral movement across the network.

🟠

Likely Case

Local privilege escalation where a malicious application gains system privileges to bypass security controls and access sensitive data.

🟢

If Mitigated

Limited impact if systems are fully patched and application execution is restricted through security policies.

🌐 Internet-Facing: LOW - This is primarily a local privilege escalation vulnerability requiring local access or user interaction.

🏢 Internal Only: MEDIUM - Internal users or compromised applications could exploit this to gain system privileges on vulnerable macOS systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access or user interaction to run a malicious application. No public exploit code is known, but memory corruption vulnerabilities are often weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Catalina 10.15.3 and later

Vendor Advisory: https://support.apple.com/HT210919

Restart Required: Yes

Instructions:

1. Open System Preferences > Software Update. 2. Install macOS Catalina 10.15.3 or later update. 3. Restart the system when prompted.

🔧 Temporary Workarounds

Restrict application execution

all

Use macOS Gatekeeper and application whitelisting to prevent unauthorized applications from running.

sudo spctl --master-enable
sudo spctl --enable --label "Developer ID"

🧯 If You Can't Patch

Implement strict application control policies to prevent execution of untrusted applications
Segment vulnerable systems from critical network resources and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check macOS version: if running Catalina version earlier than 10.15.3, the system is vulnerable.

Check Version:

sw_vers

Verify Fix Applied:

Verify macOS version is 10.15.3 or later and check that Security Update 2020-001 is installed.

📡 Detection & Monitoring

Log Indicators:

Unusual process execution with elevated privileges
Security framework violations
Application crashes related to memory corruption

Network Indicators:

Outbound connections from system processes to suspicious destinations

SIEM Query:

process:parent_name="*" AND process:integrity_level="SYSTEM" AND process:command_line CONTAINS suspicious_pattern

📊 Metadata

CVE ID: CVE-2020-3845

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: February 27, 2020

Last Updated: November 21, 2024

🔗 References

https://support.apple.com/HT210919 Release Notes,Vendor Advisory
https://support.apple.com/HT210919 Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-3845, you might also want to check these: