CVE-2020-9859
Published: 05 June 2020
Summary
CVE-2020-9859 is a high-severity Double Free (CWE-415) vulnerability in Apple Ipados. Its CVSS base score is 7.8 (High).
Operationally, ranked at the 26.4th percentile by exploit likelihood (below the median); CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
A memory consumption issue tracked as CVE-2020-9859 and assigned CWE-415 was present in multiple Apple platforms. The flaw resided in the affected versions of iOS, iPadOS, macOS Catalina, tvOS, and watchOS and stemmed from inadequate memory handling that could be triggered by a local process.
An attacker who can execute code as a local user or application on an unpatched device can exploit the weakness to consume memory in a manner that leads to arbitrary code execution with kernel privileges, resulting in full system compromise without user interaction.
Apple resolved the vulnerability through improved memory handling in the releases iOS 13.5.1, iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, and watchOS 6.2.6, as described in the vendor advisory HT211214. The issue is also catalogued by CISA among vulnerabilities observed in active exploitation.
Its presence on the CISA known-exploited list indicates confirmed real-world attacks against the affected Apple operating systems.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-30638
Vulnerability details
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel…
more
privileges.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of vendor patches that correct the inadequate memory handling (double-free) in affected Apple kernels.
Mandates memory-protection mechanisms that would have blocked the memory-consumption path used to achieve kernel code execution.
Enforces process-isolation boundaries that limit a local application's ability to corrupt kernel memory structures.