CVE-2020-9906

9.1 CRITICAL

Denial of Service

📋 TL;DR

This CVE describes a memory corruption vulnerability in Apple's kernel that allows remote attackers to cause system crashes or corrupt kernel memory. It affects iOS, iPadOS, macOS, and watchOS devices. Attackers can exploit this without user interaction to potentially execute arbitrary code with kernel privileges.

💻 Affected Systems

Products:

iPhone
iPad
Mac
Apple Watch

Versions: Versions before iOS 13.6, iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8

Operating Systems: iOS, iPadOS, macOS, watchOS

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running affected versions are vulnerable by default. The vulnerability is in the kernel's radio proximity handling.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete system compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

System crashes (kernel panics) causing denial of service and potential data corruption.

🟢

If Mitigated

Limited impact with proper network segmentation and updated systems, though unpatched devices remain vulnerable to crashes.

🌐 Internet-Facing: HIGH - Remote attackers can exploit this without authentication via network proximity.

🏢 Internal Only: MEDIUM - Requires attacker to be on same network segment, but internal threats could exploit it.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Proof-of-concept code is publicly available on Packet Storm. Exploitation requires proximity to target device via radio protocols.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 13.6, iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8

Vendor Advisory: https://support.apple.com/kb/HT211288

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update on iOS/iPadOS/watchOS. 2. On macOS, go to System Preferences > Software Update. 3. Download and install the latest update. 4. Restart the device when prompted.

🔧 Temporary Workarounds

Disable Bluetooth and Wi-Fi

all

Temporarily disable wireless radios to prevent remote exploitation via proximity attacks.

On iOS/iPadOS: Settings > Bluetooth > Turn Off
On macOS: Click Bluetooth icon in menu bar > Turn Bluetooth Off

Network Segmentation

all

Isolate vulnerable devices on separate network segments to limit attack surface.

🧯 If You Can't Patch

Physically isolate devices from untrusted networks and users.
Implement strict network access controls and monitor for unusual radio activity.

🔍 How to Verify

Check if Vulnerable:

Check device version against affected versions. On iOS/iPadOS: Settings > General > About > Version. On macOS: Apple menu > About This Mac > macOS version.

Check Version:

On macOS terminal: sw_vers -productVersion

Verify Fix Applied:

Verify version is iOS 13.6+, iPadOS 13.6+, macOS 10.15.6+, or watchOS 6.2.8+.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Unexpected system restarts
Radio protocol anomalies in system logs

Network Indicators:

Unusual Bluetooth/Wi-Fi traffic patterns
Proximity-based network scans

SIEM Query:

source="apple_system_logs" AND (event="kernel_panic" OR event="unexpected_restart")

📊 Metadata

CVE ID: CVE-2020-9906

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE: CWE-20

Published: October 22, 2020

Last Updated: November 21, 2024

🔗 References

http://packetstormsecurity.com/files/162119/iOS-macOS-Radio-Proximity-Kernel-Memory-Corruption.html Third Party Advisory,VDB Entry
https://support.apple.com/kb/HT211288 Vendor Advisory
https://support.apple.com/kb/HT211289 Vendor Advisory
https://support.apple.com/kb/HT211291 Vendor Advisory
http://packetstormsecurity.com/files/162119/iOS-macOS-Radio-Proximity-Kernel-Memory-Corruption.html Third Party Advisory,VDB Entry
https://support.apple.com/kb/HT211288 Vendor Advisory
https://support.apple.com/kb/HT211289 Vendor Advisory
https://support.apple.com/kb/HT211291 Vendor Advisory