CVE-2020-9799 – CVE-2020-9799 is an out-of-bounds read vulnerab... (How to Fix)

Q: What is the severity of CVE-2020-9799?

CVE-2020-9799 has a CVSS score of 7.8 (HIGH). CVE-2020-9799 is an out-of-bounds read vulnerability in macOS that allows malicious applications to execute arbitrary code with kernel privileges. This affects macOS systems running versions prior to Catalina 10.15.6, potentially giving attackers complete system control.

📋 TL;DR

CVE-2020-9799 is an out-of-bounds read vulnerability in macOS that allows malicious applications to execute arbitrary code with kernel privileges. This affects macOS systems running versions prior to Catalina 10.15.6, potentially giving attackers complete system control.

💻 Affected Systems

Products:

macOS

Versions: Versions prior to macOS Catalina 10.15.6

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default macOS configurations are vulnerable. Requires user to execute malicious application.

📦 What is this software?

Mac Os X by Apple

View all CVEs affecting Mac Os X →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with kernel-level privileges, allowing attackers to install persistent malware, steal sensitive data, or disable security controls.

🟠

Likely Case

Malicious applications exploiting this to gain elevated privileges, potentially leading to data theft or system manipulation.

🟢

If Mitigated

Limited impact if systems are patched, applications are from trusted sources only, and proper application sandboxing is enforced.

🌐 Internet-Facing: LOW - Requires local application execution, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Malicious insider or compromised user account could exploit this to escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user to execute malicious application. No public exploit code available as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Catalina 10.15.6

Vendor Advisory: https://support.apple.com/HT211289

Restart Required: Yes

Instructions:

1. Open System Preferences > Software Update. 2. Install macOS Catalina 10.15.6 update. 3. Restart system when prompted.

🔧 Temporary Workarounds

Application Restriction

macos

Restrict application execution to App Store and identified developers only

sudo spctl --master-enable
sudo spctl --enable --label "Mac App Store"
sudo spctl --enable --label "Developer ID"

🧯 If You Can't Patch

Restrict user privileges and implement least privilege access controls
Deploy application allowlisting to prevent unauthorized application execution

🔍 How to Verify

Check if Vulnerable:

Check macOS version: if running macOS Catalina earlier than 10.15.6, system is vulnerable.

Check Version:

sw_vers -productVersion

Verify Fix Applied:

Verify macOS version is 10.15.6 or later after update installation.

📡 Detection & Monitoring

Log Indicators:

Unusual kernel extensions loading
Suspicious privilege escalation attempts in system logs

Network Indicators:

None - local exploitation only

SIEM Query:

source="macos_system_logs" AND (event="kernel_extension_load" OR event="privilege_escalation")

📊 Metadata

CVE ID: CVE-2020-9799

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: October 16, 2020

Last Updated: November 21, 2024

🔗 References

https://support.apple.com/HT211289 Vendor Advisory
https://support.apple.com/HT211289 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-9799, you might also want to check these: