CVE-2020-9983 – CVE-2020-9983 is an out-of-bounds write vulnera... (How to Fix)

Q: What is the severity of CVE-2020-9983?

CVE-2020-9983 has a CVSS score of 8.8 (HIGH). CVE-2020-9983 is an out-of-bounds write vulnerability in Safari that allows remote code execution when processing malicious web content. Attackers can exploit this by tricking users into visiting specially crafted websites. All users running vulnerable versions of Safari on macOS are affected.

📋 TL;DR

CVE-2020-9983 is an out-of-bounds write vulnerability in Safari that allows remote code execution when processing malicious web content. Attackers can exploit this by tricking users into visiting specially crafted websites. All users running vulnerable versions of Safari on macOS are affected.

💻 Affected Systems

Products:

Safari

Versions: Versions before Safari 14.0

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all macOS versions with Safari installed. Safari is the default browser on macOS systems.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining arbitrary code execution at the user's privilege level, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Malicious website executes arbitrary code in Safari context, allowing session hijacking, credential theft, and installation of malware on the victim's system.

🟢

If Mitigated

With proper controls like updated browsers and network filtering, exploitation attempts are blocked before reaching vulnerable systems.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction (visiting malicious website). Multiple public disclosures suggest exploit code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Safari 14.0

Vendor Advisory: https://support.apple.com/en-us/HT211849

Restart Required: Yes

Instructions:

1. Open System Preferences > Software Update. 2. Install all available updates. 3. Restart your Mac if prompted. 4. Verify Safari version is 14.0 or later.

🔧 Temporary Workarounds

Use alternative browser

all

Temporarily disable Safari and use a different browser until patched.

Disable JavaScript

all

Disable JavaScript in Safari settings to prevent exploitation (breaks most websites).

🧯 If You Can't Patch

Implement web filtering to block known malicious domains and suspicious JavaScript content.
Use application whitelisting to prevent unauthorized code execution from Safari processes.

🔍 How to Verify

Check if Vulnerable:

Open Safari > Safari menu > About Safari. If version is below 14.0, system is vulnerable.

Check Version:

safari_version=$(defaults read /Applications/Safari.app/Contents/Info.plist CFBundleShortVersionString); echo $safari_version

Verify Fix Applied:

Check Safari version is 14.0 or higher. Test with known safe websites to ensure browser functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual Safari process behavior
Crash reports from Safari with memory corruption signatures
Unexpected network connections from Safari to suspicious domains

Network Indicators:

HTTP requests to domains hosting exploit code
Unusual JavaScript execution patterns in web traffic

SIEM Query:

source="*safari*" AND (event_type="crash" OR process_behavior="unusual")

📊 Metadata

CVE ID: CVE-2020-9983

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: October 16, 2020

Last Updated: November 21, 2024

🔗 References

http://seclists.org/fulldisclosure/2020/Nov/18 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2020/Nov/19 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2020/Nov/20 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2020/Nov/22 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/11/23/3 Mailing List,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY2OBQZFMEFZOSWXPXHPEHOJXXILEEX2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDGBNKYT7NMW7CJ26YFUPUHPJVYGV7IQ/
https://security.gentoo.org/glsa/202012-10 Third Party Advisory
https://support.apple.com/HT211845 Release Notes,Vendor Advisory
https://support.apple.com/kb/HT211843 Vendor Advisory
https://support.apple.com/kb/HT211844 Vendor Advisory
https://support.apple.com/kb/HT211850 Vendor Advisory
https://support.apple.com/kb/HT211935 Vendor Advisory
https://support.apple.com/kb/HT211952 Vendor Advisory
https://www.debian.org/security/2020/dsa-4797 Third Party Advisory
http://seclists.org/fulldisclosure/2020/Nov/18 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2020/Nov/19 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2020/Nov/20 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2020/Nov/22 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/11/23/3 Mailing List,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY2OBQZFMEFZOSWXPXHPEHOJXXILEEX2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDGBNKYT7NMW7CJ26YFUPUHPJVYGV7IQ/
https://security.gentoo.org/glsa/202012-10 Third Party Advisory
https://support.apple.com/HT211845 Release Notes,Vendor Advisory
https://support.apple.com/kb/HT211843 Vendor Advisory
https://support.apple.com/kb/HT211844 Vendor Advisory
https://support.apple.com/kb/HT211850 Vendor Advisory
https://support.apple.com/kb/HT211935 Vendor Advisory
https://support.apple.com/kb/HT211952 Vendor Advisory
https://www.debian.org/security/2020/dsa-4797 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-9983, you might also want to check these: