Login Sign Up

CVE-2020-9785

7.8 HIGH

📋 TL;DR

This vulnerability allows a malicious application to exploit memory corruption issues to execute arbitrary code with kernel privileges. It affects Apple devices running vulnerable versions of iOS, iPadOS, macOS, tvOS, and watchOS. Attackers could gain complete control over affected devices.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • macOS
  • tvOS
  • watchOS
Versions: Versions prior to iOS 13.4, iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2
Operating Systems: Apple iOS, Apple iPadOS, Apple macOS, Apple tvOS, Apple watchOS
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running affected versions are vulnerable by default. No special configuration required.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise with kernel-level privileges, allowing attackers to install persistent malware, steal all data, and control device functions.

🟠

Likely Case

Malicious apps from untrusted sources could exploit this to gain elevated privileges and perform unauthorized actions.

🟢

If Mitigated

With proper app vetting and security controls, exploitation risk is significantly reduced to isolated incidents.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires a malicious application to be installed and executed on the target device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 13.4, iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2

Vendor Advisory: https://support.apple.com/HT211100

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update on iOS/iPadOS/watchOS. 2. Go to System Preferences > Software Update on macOS. 3. Go to Settings > System > Software Updates on tvOS. 4. Download and install the latest update. 5. Restart the device when prompted.

🔧 Temporary Workarounds

Restrict App Installation

all

Only allow installation of apps from trusted sources like the official App Store.

🧯 If You Can't Patch

  • Isolate affected devices from critical networks and sensitive data
  • Implement strict application whitelisting policies

🔍 How to Verify

Check if Vulnerable:

Check the device's current OS version against the vulnerable versions listed above.

Check Version:

iOS/iPadOS/watchOS: Settings > General > About > Version. macOS: Apple menu > About This Mac. tvOS: Settings > General > About.

Verify Fix Applied:

Verify the OS version is at or above the patched versions: iOS 13.4+, iPadOS 13.4+, macOS 10.15.4+, tvOS 13.4+, watchOS 6.2+.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected kernel crashes or panics
  • Unusual application behavior with elevated privileges

Network Indicators:

  • Unusual outbound connections from Apple devices
  • Traffic to known malicious domains

SIEM Query:

source="apple_device_logs" AND (event_type="kernel_panic" OR process_name="malicious_app")

📊 Metadata

CVE ID: CVE-2020-9785
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: April 1, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-9785, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)