CVE-2020-9955 – This vulnerability allows arbitrary code execut... (How to Fix)

Q: What is the severity of CVE-2020-9955?

CVE-2020-9955 has a CVSS score of 7.8 (HIGH). This vulnerability allows arbitrary code execution by processing a maliciously crafted image due to an out-of-bounds write issue. It affects Apple devices running older versions of iOS, iPadOS, macOS, tvOS, and watchOS. Attackers can exploit this to gain control of affected devices.

📋 TL;DR

This vulnerability allows arbitrary code execution by processing a maliciously crafted image due to an out-of-bounds write issue. It affects Apple devices running older versions of iOS, iPadOS, macOS, tvOS, and watchOS. Attackers can exploit this to gain control of affected devices.

💻 Affected Systems

Products:

iPhone
iPad
Mac
Apple Watch
Apple TV

Versions: Versions prior to watchOS 7.0, tvOS 14.0, iOS 14.0, iPadOS 14.0, macOS Big Sur 11.0.1

Operating Systems: iOS, iPadOS, macOS, tvOS, watchOS

Default Config Vulnerable: ⚠️ Yes

Notes: All devices with affected OS versions are vulnerable when processing images through built-in applications or frameworks.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to data theft, surveillance, ransomware deployment, or use as a botnet node.

🟠

Likely Case

Targeted attacks against specific users via malicious images, potentially leading to data exfiltration or credential theft.

🟢

If Mitigated

No impact if devices are fully patched or if image processing is restricted to trusted sources.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction to process a malicious image, but no authentication is needed once the image is opened.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: watchOS 7.0, tvOS 14.0, iOS 14.0, iPadOS 14.0, macOS Big Sur 11.0.1

Vendor Advisory: https://support.apple.com/en-us/HT211843

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update on iOS/iPadOS/watchOS/tvOS or System Preferences > Software Update on macOS. 2. Download and install the latest available update. 3. Restart the device when prompted.

🔧 Temporary Workarounds

Disable automatic image processing

all

Prevent automatic loading of images in email clients and web browsers

Restrict image sources

all

Only open images from trusted sources and avoid downloading unknown image files

🧯 If You Can't Patch

Isolate affected devices from critical networks and sensitive data
Implement application whitelisting to prevent execution of unauthorized code

🔍 How to Verify

Check if Vulnerable:

Check OS version in Settings > General > About on iOS/iPadOS/watchOS/tvOS or About This Mac on macOS

Check Version:

On macOS: sw_vers -productVersion; On iOS/iPadOS: Settings > General > About > Version

Verify Fix Applied:

Verify OS version matches or exceeds the patched versions listed in the fix section

📡 Detection & Monitoring

Log Indicators:

Unexpected process crashes in image processing applications
Unusual network connections from image viewing applications

Network Indicators:

Outbound connections to suspicious IPs after image file access
DNS queries for known malicious domains following image processing

SIEM Query:

source="apple_system_logs" AND (process="image*" OR process="Photos" OR process="Preview") AND event_type="crash"

📊 Metadata

CVE ID: CVE-2020-9955

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: April 2, 2021

Last Updated: November 21, 2024

🔗 References

https://support.apple.com/en-us/HT211843 Vendor Advisory
https://support.apple.com/en-us/HT211844 Vendor Advisory
https://support.apple.com/en-us/HT211850 Vendor Advisory
https://support.apple.com/en-us/HT211931 Vendor Advisory
https://support.apple.com/en-us/HT211843 Vendor Advisory
https://support.apple.com/en-us/HT211844 Vendor Advisory
https://support.apple.com/en-us/HT211850 Vendor Advisory
https://support.apple.com/en-us/HT211931 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-9955, you might also want to check these: