CVE-2020-9910 – This vulnerability allows a malicious attacker ... (How to Fix)

Q: What is the severity of CVE-2020-9910?

CVE-2020-9910 has a CVSS score of 8.8 (HIGH). This vulnerability allows a malicious attacker with arbitrary read/write capability to bypass Pointer Authentication mechanisms in Apple operating systems. This affects iOS, iPadOS, tvOS, watchOS, Safari, iTunes for Windows, and iCloud for Windows. The bypass could enable further exploitation of affected systems.

📋 TL;DR

This vulnerability allows a malicious attacker with arbitrary read/write capability to bypass Pointer Authentication mechanisms in Apple operating systems. This affects iOS, iPadOS, tvOS, watchOS, Safari, iTunes for Windows, and iCloud for Windows. The bypass could enable further exploitation of affected systems.

💻 Affected Systems

Products:

iOS
iPadOS
tvOS
watchOS
Safari
iTunes for Windows
iCloud for Windows

Versions: Versions prior to iOS 13.6, iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8, iCloud for Windows 11.3/7.20

Operating Systems: iOS, iPadOS, tvOS, watchOS, Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires attacker to already have arbitrary read/write capability, suggesting this is typically chained with other vulnerabilities.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing arbitrary code execution with kernel privileges, potentially leading to data theft, device takeover, or persistent backdoor installation.

🟠

Likely Case

Privilege escalation enabling attackers to bypass security controls and execute malicious code with elevated permissions.

🟢

If Mitigated

Limited impact if systems are fully patched and have additional security controls like application sandboxing and network segmentation.

🌐 Internet-Facing: MEDIUM - Requires initial access or user interaction, but could be chained with other vulnerabilities for remote exploitation.

🏢 Internal Only: MEDIUM - Could be used for lateral movement or privilege escalation once an attacker gains initial foothold.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires existing arbitrary read/write capability, making this a secondary exploitation technique rather than a primary attack vector.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 13.6, iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8, iCloud for Windows 11.3/7.20

Vendor Advisory: https://support.apple.com/HT211288

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Go to General > Software Update. 3. Download and install available updates. 4. For Windows applications, update through Apple Software Update or download from Apple website.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices from critical networks to limit potential lateral movement.

Application Control

all

Restrict installation of untrusted applications to reduce attack surface.

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable devices
Deploy endpoint detection and response (EDR) solutions to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check current version against patched versions listed in Apple advisories.

Check Version:

iOS/iPadOS: Settings > General > About > Version; Windows: Help > About in respective applications

Verify Fix Applied:

Confirm device/application version matches or exceeds patched versions: iOS/iPadOS ≥13.6, tvOS ≥13.4.8, watchOS ≥6.2.8, Safari ≥13.1.2, iTunes ≥12.10.8, iCloud for Windows ≥11.3/7.20.

📡 Detection & Monitoring

Log Indicators:

Unexpected process execution with elevated privileges
Memory access violations
Pointer authentication failures

Network Indicators:

Unusual outbound connections from Apple devices
Traffic to known malicious domains

SIEM Query:

source="apple-devices" AND (event_type="privilege_escalation" OR event_type="memory_violation")

📊 Metadata

CVE ID: CVE-2020-9910

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Published: October 16, 2020

Last Updated: November 21, 2024

🔗 References

https://support.apple.com/HT211288 Vendor Advisory
https://support.apple.com/HT211290 Vendor Advisory
https://support.apple.com/HT211291 Vendor Advisory
https://support.apple.com/HT211292 Vendor Advisory
https://support.apple.com/HT211293 Vendor Advisory
https://support.apple.com/HT211294 Vendor Advisory
https://support.apple.com/HT211295 Vendor Advisory
https://support.apple.com/HT211288 Vendor Advisory
https://support.apple.com/HT211290 Vendor Advisory
https://support.apple.com/HT211291 Vendor Advisory
https://support.apple.com/HT211292 Vendor Advisory
https://support.apple.com/HT211293 Vendor Advisory
https://support.apple.com/HT211294 Vendor Advisory
https://support.apple.com/HT211295 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON