Login Sign Up

CVE-2020-9850

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This is a critical remote code execution vulnerability affecting multiple Apple products. A logic issue allows remote attackers to execute arbitrary code on vulnerable systems. Affected users include anyone running unpatched versions of iOS, iPadOS, tvOS, watchOS, Safari, iTunes for Windows, or iCloud for Windows.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • tvOS
  • watchOS
  • Safari
  • iTunes for Windows
  • iCloud for Windows
Versions: Versions prior to iOS 13.5, iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19
Operating Systems: iOS, iPadOS, tvOS, watchOS, Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected products are vulnerable.

📦 What is this software?

Icloud by Apple

View all CVEs affecting Icloud →

Icloud by Apple

View all CVEs affecting Icloud →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Itunes by Apple

View all CVEs affecting Itunes →

Safari by Apple

View all CVEs affecting Safari →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to install malware, steal data, or pivot to other systems.

🟠

Likely Case

Remote code execution leading to data theft, ransomware deployment, or unauthorized access.

🟢

If Mitigated

No impact if systems are fully patched or isolated from untrusted networks.

🌐 Internet-Facing: HIGH - Remote exploitation possible without authentication.
🏢 Internal Only: HIGH - Internal systems remain vulnerable to internal threats or compromised endpoints.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

CVSS 9.8 indicates critical severity with low attack complexity and no authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 13.5, iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19

Vendor Advisory: https://support.apple.com/HT211168

Restart Required: Yes

Instructions:

1. Update iOS/iPadOS: Settings > General > Software Update. 2. Update tvOS: Settings > System > Software Updates. 3. Update watchOS: iPhone Watch app > General > Software Update. 4. Update Safari: App Store updates. 5. Update iTunes/iCloud for Windows: Use Apple Software Update or download from apple.com.

🔧 Temporary Workarounds

Network segmentation

all

Isolate vulnerable systems from untrusted networks and internet access.

Application control

all

Restrict execution of untrusted applications and scripts.

🧯 If You Can't Patch

  • Remove affected systems from internet-facing networks
  • Implement strict network segmentation and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check current version against patched versions listed in fix_official.patch_version.

Check Version:

iOS/iPadOS: Settings > General > About > Version. Windows: iTunes > Help > About iTunes or iCloud > Help > About iCloud.

Verify Fix Applied:

Confirm version matches or exceeds patched versions: iOS/iPadOS 13.5+, tvOS 13.4.5+, watchOS 6.2.5+, Safari 13.1.1+, iTunes 12.10.7+, iCloud for Windows 11.2+ or 7.19+.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected process execution
  • Crash reports from affected applications
  • Unusual network connections from Apple services

Network Indicators:

  • Suspicious traffic to/from Apple service ports
  • Anomalous outbound connections from patched systems

SIEM Query:

source="apple_services" AND (event_type="crash" OR process_execution="unexpected")

📊 Metadata

CVE ID: CVE-2020-9850
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: June 9, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON