Login Sign Up

CVE-2020-9870

8.8 HIGH

📋 TL;DR

This vulnerability allows an attacker with memory write capability to bypass pointer authentication codes, potentially enabling arbitrary code execution. It affects Apple iOS, iPadOS, macOS, and tvOS systems with insufficient validation logic. Users running affected versions of these Apple operating systems are at risk.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • macOS
  • tvOS
Versions: Versions prior to iOS 13.6, iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8
Operating Systems: iOS, iPadOS, macOS, tvOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected versions are vulnerable. Requires memory write capability to exploit.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Tvos by Apple

View all CVEs affecting Tvos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with kernel-level arbitrary code execution leading to complete data theft, persistence, and lateral movement.

🟠

Likely Case

Privilege escalation allowing attackers to execute code with higher privileges than originally obtained.

🟢

If Mitigated

Limited impact if systems are fully patched and have additional memory protection mechanisms enabled.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires memory write capability, making it more likely to be chained with other vulnerabilities. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 13.6, iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8

Vendor Advisory: https://support.apple.com/HT211288

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Navigate to General > Software Update. 3. Download and install the available update. 4. Restart device when prompted.

🔧 Temporary Workarounds

Disable unnecessary services

all

Reduce attack surface by disabling unused network services and applications

Enable additional security features

macOS

Turn on System Integrity Protection (SIP) and other Apple security features

🧯 If You Can't Patch

  • Isolate affected systems from untrusted networks and internet access
  • Implement strict application control and monitor for unusual process behavior

🔍 How to Verify

Check if Vulnerable:

Check system version against affected versions list. On macOS: System Information > Software > System Version. On iOS/iPadOS: Settings > General > About > Version.

Check Version:

macOS: sw_vers -productVersion; iOS/iPadOS: Check in Settings > General > About

Verify Fix Applied:

Verify system version is equal to or newer than iOS 13.6, iPadOS 13.6, macOS Catalina 10.15.6, or tvOS 13.4.8

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • Unexpected process termination
  • Memory access violation logs

Network Indicators:

  • Unusual outbound connections from system processes
  • Suspicious network activity following memory-related events

SIEM Query:

source="apple_system_logs" AND (event="kernel_panic" OR event="memory_violation")

📊 Metadata

CVE ID: CVE-2020-9870
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-20
Published: October 16, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-9870, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2020-12388 10.0

This vulnerability allows attackers to escape Firefox's content process sandbox on Windows systems, ...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)