Login Sign Up

CVE-2020-9984

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code by tricking users into processing maliciously crafted images. It affects Apple iOS, iPadOS, macOS, tvOS, watchOS, iTunes for Windows, and iCloud for Windows users running outdated versions.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • macOS Catalina
  • tvOS
  • watchOS
  • iTunes for Windows
  • iCloud for Windows
Versions: Versions prior to iOS 13.6, iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8, iCloud for Windows 11.3/7.20
Operating Systems: iOS, iPadOS, macOS, tvOS, watchOS, Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable if running affected versions

📦 What is this software?

Icloud by Apple

View all CVEs affecting Icloud →

Icloud by Apple

View all CVEs affecting Icloud →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Itunes by Apple

View all CVEs affecting Itunes →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise leading to data theft, ransomware deployment, or persistent backdoor installation

🟠

Likely Case

Malware installation, credential theft, or surveillance through image processing applications

🟢

If Mitigated

Limited impact with proper patching and security controls preventing malicious image delivery

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user interaction to process malicious image

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 13.6, iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8, iCloud for Windows 11.3/7.20

Vendor Advisory: https://support.apple.com/kb/HT211288

Restart Required: Yes

Instructions:

1. Open Settings/System Preferences 2. Navigate to Software Update 3. Download and install available updates 4. Restart device when prompted

🔧 Temporary Workarounds

Disable automatic image processing

all

Prevent automatic processing of images in email clients and web browsers

Use application sandboxing

macOS

Run image processing applications in restricted environments

🧯 If You Can't Patch

  • Implement network filtering to block suspicious image files
  • Deploy endpoint protection with memory corruption detection

🔍 How to Verify

Check if Vulnerable:

Check system version against affected versions list

Check Version:

iOS/iPadOS: Settings > General > About; macOS: Apple menu > About This Mac; Windows: iTunes/iCloud > Help > About

Verify Fix Applied:

Confirm system version matches or exceeds patched versions

📡 Detection & Monitoring

Log Indicators:

  • Unexpected process crashes in image handling applications
  • Memory access violations in system logs

Network Indicators:

  • Unusual outbound connections after image processing
  • Suspicious image file downloads

SIEM Query:

Process:name=* AND (EventID=1000 OR EventID=1001) AND CommandLine:*image*

📊 Metadata

CVE ID: CVE-2020-9984
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-125
Published: October 22, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-9984, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)