CVE-2020-9800 – This is a type confusion vulnerability in Apple... (How to Fix)

Q: What is the severity of CVE-2020-9800?

CVE-2020-9800 has a CVSS score of 8.8 (HIGH). This is a type confusion vulnerability in Apple's WebKit browser engine that allows arbitrary code execution when processing malicious web content. Attackers can exploit this by tricking users into visiting specially crafted websites, potentially taking full control of affected devices. It affects iOS, iPadOS, tvOS, watchOS, Safari, iTunes for Windows, and iCloud for Windows.

📋 TL;DR

This is a type confusion vulnerability in Apple's WebKit browser engine that allows arbitrary code execution when processing malicious web content. Attackers can exploit this by tricking users into visiting specially crafted websites, potentially taking full control of affected devices. It affects iOS, iPadOS, tvOS, watchOS, Safari, iTunes for Windows, and iCloud for Windows.

💻 Affected Systems

Products:

iOS
iPadOS
tvOS
watchOS
Safari
iTunes for Windows
iCloud for Windows

Versions: Versions prior to iOS 13.5, iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7, iCloud for Windows 11.2/7.19

Operating Systems: iOS, iPadOS, tvOS, watchOS, Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All devices using WebKit browser engine are vulnerable by default when processing web content.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the device, enabling data theft, surveillance, ransomware deployment, or persistence establishment.

🟠

Likely Case

Drive-by compromise where users visiting malicious websites get malware installed, leading to credential theft, data exfiltration, or device enrollment in botnets.

🟢

If Mitigated

Limited impact with proper patching and security controls, potentially only affecting isolated browser sessions without system-wide compromise.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction (visiting malicious website) but no authentication. Type confusion vulnerabilities in WebKit have historically been weaponized in exploit chains.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 13.5, iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7, iCloud for Windows 11.2/7.19

Vendor Advisory: https://support.apple.com/HT211168

Restart Required: Yes

Instructions:

1. For Apple devices: Go to Settings > General > Software Update and install latest update. 2. For Safari on macOS: Use App Store updates. 3. For iTunes/iCloud on Windows: Use Apple Software Update or download from apple.com.

🔧 Temporary Workarounds

Disable JavaScript

all

Temporarily disable JavaScript in Safari/WebKit browsers to prevent exploitation

Safari: Safari > Preferences > Security > uncheck 'Enable JavaScript'

Use Alternative Browser

all

Use browsers not based on WebKit engine (Chrome, Firefox, Edge) until patched

🧯 If You Can't Patch

Implement network filtering to block known malicious domains and restrict web browsing
Deploy application whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check current version against affected versions list. For iOS: Settings > General > About > Version. For Safari: Safari > About Safari.

Check Version:

iOS: Settings > General > About > Version; macOS: Safari > About Safari; Windows: iTunes > Help > About iTunes

Verify Fix Applied:

Confirm version matches or exceeds patched versions listed in Apple advisory.

📡 Detection & Monitoring

Log Indicators:

Unusual process spawning from Safari/WebKit processes
Crash reports from WebKit processes with memory corruption signatures

Network Indicators:

Connections to suspicious domains from WebKit processes
Unusual outbound traffic patterns following web browsing

SIEM Query:

process_name:Safari OR process_name:WebKit AND (event_type:process_creation OR event_type:crash)

📊 Metadata

CVE ID: CVE-2020-9800

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-843

Published: June 9, 2020

Last Updated: November 21, 2024

🔗 References

https://support.apple.com/HT211168 Release Notes,Vendor Advisory
https://support.apple.com/HT211171 Release Notes,Vendor Advisory
https://support.apple.com/HT211175 Release Notes,Vendor Advisory
https://support.apple.com/HT211177 Release Notes,Vendor Advisory
https://support.apple.com/HT211178 Release Notes,Vendor Advisory
https://support.apple.com/HT211179 Release Notes,Vendor Advisory
https://support.apple.com/HT211181 Release Notes,Vendor Advisory
https://support.apple.com/HT211168 Release Notes,Vendor Advisory
https://support.apple.com/HT211171 Release Notes,Vendor Advisory
https://support.apple.com/HT211175 Release Notes,Vendor Advisory
https://support.apple.com/HT211177 Release Notes,Vendor Advisory
https://support.apple.com/HT211178 Release Notes,Vendor Advisory
https://support.apple.com/HT211179 Release Notes,Vendor Advisory
https://support.apple.com/HT211181 Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-9800, you might also want to check these: