CVE-2020-9779 – CVE-2020-9779 is an out-of-bounds read vulnerab... (How to Fix)

Q: What is the severity of CVE-2020-9779?

CVE-2020-9779 has a CVSS score of 7.1 (HIGH). CVE-2020-9779 is an out-of-bounds read vulnerability in macOS kernel memory handling that allows a local user to read kernel memory or cause system crashes. This affects macOS systems before Catalina 10.15.4. Only users with local access to the system can exploit this vulnerability.

📋 TL;DR

CVE-2020-9779 is an out-of-bounds read vulnerability in macOS kernel memory handling that allows a local user to read kernel memory or cause system crashes. This affects macOS systems before Catalina 10.15.4. Only users with local access to the system can exploit this vulnerability.

💻 Affected Systems

Products:

macOS

Versions: All versions before macOS Catalina 10.15.4

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all standard macOS installations before the patched version. No special configuration required for exploitation.

📦 What is this software?

Mac Os X by Apple

View all CVEs affecting Mac Os X →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel-level access, system compromise, or persistent denial of service through system crashes.

🟠

Likely Case

Local user causing system crashes (kernel panics) or reading sensitive kernel memory information.

🟢

If Mitigated

Limited to denial of service through crashes if kernel memory reading fails or is prevented.

🌐 Internet-Facing: LOW - Requires local access to exploit, not remotely exploitable.

🏢 Internal Only: MEDIUM - Local users (including malicious insiders or compromised accounts) can exploit this to cause system instability or gather kernel information.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local user access and knowledge of kernel memory structures. Apple addressed this with improved input validation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Catalina 10.15.4 and later

Vendor Advisory: https://support.apple.com/kb/HT211100

Restart Required: Yes

Instructions:

1. Open System Preferences > Software Update. 2. Install macOS Catalina 10.15.4 update. 3. Restart the system when prompted.

🔧 Temporary Workarounds

Restrict local user access

all

Limit local user accounts to trusted individuals only and implement least privilege principles.

🧯 If You Can't Patch

Implement strict access controls to limit who has local login capabilities
Monitor systems for unexpected crashes or kernel panic events

🔍 How to Verify

Check if Vulnerable:

Check macOS version: if running macOS Catalina earlier than 10.15.4, system is vulnerable.

Check Version:

sw_vers

Verify Fix Applied:

Verify macOS version is 10.15.4 or later via System Information or terminal command.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs in /Library/Logs/DiagnosticReports
Unexpected system restarts
Console.app kernel error messages

Network Indicators:

No network indicators - local exploit only

SIEM Query:

source="macos" AND (event_type="kernel_panic" OR message="panic" OR message="kernel crash")

📊 Metadata

CVE ID: CVE-2020-9779

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-125

Published: October 22, 2020

Last Updated: November 21, 2024

🔗 References

https://support.apple.com/kb/HT211100 Vendor Advisory
https://support.apple.com/kb/HT211100 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-9779, you might also want to check these: