CVE-2020-3847 – CVE-2020-3847 is a critical memory leak vulnera... (How to Fix)

📋 TL;DR

CVE-2020-3847 is a critical memory leak vulnerability in macOS that allows remote attackers to read sensitive information from system memory. This affects macOS Catalina versions before 10.15.3. Attackers can exploit this without authentication to potentially access confidential data.

💻 Affected Systems

Products:

macOS

Versions: macOS Catalina versions before 10.15.3

Operating Systems: macOS Catalina

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected macOS Catalina versions are vulnerable.

📦 What is this software?

Mac Os X by Apple

View all CVEs affecting Mac Os X →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attacker gains unauthorized access to sensitive memory contents, potentially including passwords, encryption keys, or other confidential data, leading to complete system compromise.

🟠

Likely Case

Remote attacker leaks memory contents to gather system information or sensitive data, enabling further attacks or data exfiltration.

🟢

If Mitigated

With proper patching and network segmentation, impact is limited to potential information disclosure without system takeover.

🌐 Internet-Facing: HIGH - Remote exploitation possible without authentication, making internet-facing systems prime targets.

🏢 Internal Only: MEDIUM - Internal systems still vulnerable but require attacker to have network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Out-of-bounds read vulnerabilities are often easier to exploit than write vulnerabilities, and remote unauthenticated access makes this particularly dangerous.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Catalina 10.15.3 or later

Vendor Advisory: https://support.apple.com/HT210919

Restart Required: Yes

Instructions:

1. Open System Preferences > Software Update
2. Install macOS Catalina 10.15.3 update
3. Restart the system when prompted

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to vulnerable systems to reduce attack surface

🧯 If You Can't Patch

Isolate vulnerable systems from untrusted networks
Implement strict network access controls and monitor for unusual memory access patterns

🔍 How to Verify

Check if Vulnerable:

Check macOS version: System Preferences > About This Mac. If version is earlier than 10.15.3, system is vulnerable.

Check Version:

sw_vers

Verify Fix Applied:

Verify macOS version is 10.15.3 or later in System Preferences > About This Mac.

📡 Detection & Monitoring

Log Indicators:

Unusual process memory access patterns
System crash reports related to memory violations

Network Indicators:

Unexpected network connections to system services
Traffic patterns suggesting memory probing

SIEM Query:

source="macos" AND (event_type="crash" OR event_type="memory_violation") AND severity>=HIGH

📊 Metadata

CVE ID: CVE-2020-3847

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-20

Published: April 1, 2020

Last Updated: November 21, 2024

🔗 References

https://support.apple.com/HT210919 Release Notes,Vendor Advisory
https://support.apple.com/HT210919 Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-3847, you might also want to check these: