CVE-2020-9890 – This vulnerability allows attackers to execute ... (How to Fix)

Q: What is the severity of CVE-2020-9890?

CVE-2020-9890 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to execute arbitrary code by tricking users into opening malicious audio files. It affects Apple devices running outdated iOS, iPadOS, macOS, tvOS, and watchOS versions. Successful exploitation could give attackers full control of the affected device.

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code by tricking users into opening malicious audio files. It affects Apple devices running outdated iOS, iPadOS, macOS, tvOS, and watchOS versions. Successful exploitation could give attackers full control of the affected device.

💻 Affected Systems

Products:

iOS
iPadOS
macOS Catalina
tvOS
watchOS

Versions: Versions prior to iOS 13.6, iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8

Operating Systems: iOS, iPadOS, macOS, tvOS, watchOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable if running affected versions. Audio processing components are typically enabled by default.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Malware installation through social engineering (user opens malicious audio file), potentially leading to credential theft or surveillance.

🟢

If Mitigated

Limited impact if systems are patched, users avoid suspicious files, and network segmentation limits lateral movement.

🌐 Internet-Facing: MEDIUM - Requires user interaction with malicious content, but common attack vectors exist (email attachments, downloads).

🏢 Internal Only: LOW - Primarily requires user interaction with malicious files, less likely in controlled internal environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious audio file). No public exploit code is known, but the vulnerability is serious enough that threat actors may develop private exploits.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 13.6, iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8

Vendor Advisory: https://support.apple.com/HT211288

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update on iOS/iPadOS/watchOS. 2. For macOS, go to System Preferences > Software Update. 3. For tvOS, go to Settings > System > Software Updates. 4. Download and install the latest update. 5. Restart the device after installation.

🔧 Temporary Workarounds

Restrict Audio File Processing

all

Use application control or endpoint protection to block processing of untrusted audio files.

User Education

all

Train users to avoid opening audio files from untrusted sources.

🧯 If You Can't Patch

Implement network segmentation to isolate vulnerable devices from critical systems.
Deploy endpoint detection and response (EDR) to monitor for suspicious audio file processing.

🔍 How to Verify

Check if Vulnerable:

Check device version against affected versions list. On iOS/iPadOS: Settings > General > About > Version. On macOS: Apple menu > About This Mac.

Check Version:

iOS/iPadOS/watchOS: No command line. macOS: 'sw_vers' in terminal. tvOS: Check in Settings.

Verify Fix Applied:

Verify device version matches or exceeds patched versions: iOS 13.6+, iPadOS 13.6+, macOS Catalina 10.15.6+, tvOS 13.4.8+, watchOS 6.2.8+.

📡 Detection & Monitoring

Log Indicators:

Unexpected audio file processing, crash logs from audio services, suspicious file downloads

Network Indicators:

Downloads of audio files from untrusted sources, unusual outbound connections after audio file access

SIEM Query:

Example: 'process_name contains "audio" AND file_extension in ("mp3", "wav", "aac") AND parent_process not in (trusted_apps)'

📊 Metadata

CVE ID: CVE-2020-9890

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: October 16, 2020

Last Updated: November 21, 2024

🔗 References

https://support.apple.com/HT211288 Vendor Advisory
https://support.apple.com/HT211289 Vendor Advisory
https://support.apple.com/HT211290 Vendor Advisory
https://support.apple.com/HT211291 Vendor Advisory
https://support.apple.com/HT211288 Vendor Advisory
https://support.apple.com/HT211289 Vendor Advisory
https://support.apple.com/HT211290 Vendor Advisory
https://support.apple.com/HT211291 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-9890, you might also want to check these: