CVE-2020-3858 – CVE-2020-3858 is a memory corruption vulnerabil... (How to Fix)

Q: What is the severity of CVE-2020-3858?

CVE-2020-3858 has a CVSS score of 7.8 (HIGH). CVE-2020-3858 is a memory corruption vulnerability in iOS and iPadOS that allows malicious applications to execute arbitrary code with kernel privileges. This affects iOS and iPadOS devices running versions before 13.3.1. Successful exploitation gives attackers complete control over the device.

📋 TL;DR

CVE-2020-3858 is a memory corruption vulnerability in iOS and iPadOS that allows malicious applications to execute arbitrary code with kernel privileges. This affects iOS and iPadOS devices running versions before 13.3.1. Successful exploitation gives attackers complete control over the device.

💻 Affected Systems

Products:

iPhone
iPad
iPod touch

Versions: iOS and iPadOS versions before 13.3.1

Operating Systems: iOS, iPadOS

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running vulnerable iOS/iPadOS versions are affected regardless of configuration.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with kernel-level persistence, data theft, surveillance capabilities, and ability to install backdoors or ransomware.

🟠

Likely Case

Targeted attacks against specific users to steal sensitive data, credentials, or install spyware.

🟢

If Mitigated

No impact if patched; limited impact if device has strong app vetting and user doesn't install untrusted apps.

🌐 Internet-Facing: LOW - Requires local application execution, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Requires user to install malicious app, but enterprise devices could be targeted via social engineering or compromised enterprise apps.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user to install malicious application; Apple's App Store review provides some protection but not guaranteed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 13.3.1 and iPadOS 13.3.1

Vendor Advisory: https://support.apple.com/HT210918

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update. 2. Download and install iOS 13.3.1 or iPadOS 13.3.1. 3. Restart device when prompted.

🔧 Temporary Workarounds

Restrict App Installation

all

Only allow installation from App Store and prevent installation of untrusted enterprise apps

Mobile Device Management Restrictions

all

Use MDM to enforce app installation policies and block untrusted sources

🧯 If You Can't Patch

Isolate vulnerable devices from sensitive networks and data
Implement strict app installation policies and user education about app sources

🔍 How to Verify

Check if Vulnerable:

Check iOS/iPadOS version in Settings > General > About > Version

Check Version:

Not applicable - check via device settings UI

Verify Fix Applied:

Verify version is 13.3.1 or later in Settings > General > About > Version

📡 Detection & Monitoring

Log Indicators:

Unusual kernel activity
Unexpected privilege escalation
Suspicious app behavior logs

Network Indicators:

Unusual outbound connections from iOS devices
Suspicious data exfiltration patterns

SIEM Query:

Not applicable - device-level vulnerability requiring endpoint detection

📊 Metadata

CVE ID: CVE-2020-3858

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: February 27, 2020

Last Updated: November 21, 2024

🔗 References

https://support.apple.com/HT210918 Release Notes,Vendor Advisory
https://support.apple.com/HT210918 Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-3858, you might also want to check these: