CVE-2020-9950 – This is a use-after-free vulnerability in Apple... (How to Fix)

Q: What is the severity of CVE-2020-9950?

CVE-2020-9950 has a CVSS score of 8.8 (HIGH). This is a use-after-free vulnerability in Apple's WebKit browser engine that could allow arbitrary code execution when processing malicious web content. It affects Safari, iOS, iPadOS, watchOS, and tvOS users who haven't updated to patched versions.

📋 TL;DR

This is a use-after-free vulnerability in Apple's WebKit browser engine that could allow arbitrary code execution when processing malicious web content. It affects Safari, iOS, iPadOS, watchOS, and tvOS users who haven't updated to patched versions.

💻 Affected Systems

Products:

Safari
iOS
iPadOS
watchOS
tvOS

Versions: Versions prior to Safari 14.0, iOS 14.0, iPadOS 14.0, watchOS 7.0, tvOS 14.0

Operating Systems: iOS, iPadOS, watchOS, tvOS, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected versions are vulnerable when processing web content.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through remote code execution, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Browser compromise leading to session hijacking, credential theft, or malware installation when visiting malicious websites.

🟢

If Mitigated

No impact if systems are patched or if web content filtering blocks malicious sites.

🌐 Internet-Facing: HIGH - Exploitable via malicious web content accessible from the internet.

🏢 Internal Only: MEDIUM - Could be exploited via internal phishing campaigns or compromised internal websites.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction (visiting malicious website) but no authentication. No public exploit code was found in initial research.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Safari 14.0, iOS 14.0, iPadOS 14.0, watchOS 7.0, tvOS 14.0

Vendor Advisory: https://support.apple.com/en-us/HT211843

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Go to General > Software Update. 3. Install available updates. 4. For Safari on macOS, update through System Preferences > Software Update.

🔧 Temporary Workarounds

Disable JavaScript

all

Disabling JavaScript prevents exploitation but breaks most modern websites.

Safari: Safari > Preferences > Security > uncheck 'Enable JavaScript'

Use Content Filtering

all

Block known malicious domains and suspicious web content.

🧯 If You Can't Patch

Implement strict web content filtering to block malicious sites
Restrict browser usage to trusted websites only

🔍 How to Verify

Check if Vulnerable:

Check current version against affected versions list. On iOS/iPadOS: Settings > General > About > Version. On macOS: Safari > About Safari.

Check Version:

iOS/iPadOS: Settings > General > About > Version; macOS: Safari > About Safari

Verify Fix Applied:

Verify version is Safari 14.0+, iOS 14.0+, iPadOS 14.0+, watchOS 7.0+, or tvOS 14.0+.

📡 Detection & Monitoring

Log Indicators:

Browser crash logs with WebKit memory errors
Unexpected process spawning from browser processes

Network Indicators:

Connections to known malicious domains from browser processes
Unusual outbound traffic patterns from affected devices

SIEM Query:

source="*browser*" AND (event="crash" OR event="memory_error") AND process="WebKit"

📊 Metadata

CVE ID: CVE-2020-9950

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: December 8, 2020

Last Updated: November 21, 2024

🔗 References

https://support.apple.com/en-us/HT211843 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT211844 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT211845 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT211850 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT211843 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT211844 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT211845 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT211850 Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-9950, you might also want to check these: