Cyber Resilience

CVE-2020-9859

HighCISA KEVActive ExploitationEUVD Exploited

Published: 05 June 2020

Published
05 June 2020
Modified
23 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0009 26.4th percentile
Risk Priority 36 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-9859 is a high-severity Double Free (CWE-415) vulnerability in Apple Ipados. Its CVSS base score is 7.8 (High).

Operationally, ranked at the 26.4th percentile by exploit likelihood (below the median); CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

A memory consumption issue tracked as CVE-2020-9859 and assigned CWE-415 was present in multiple Apple platforms. The flaw resided in the affected versions of iOS, iPadOS, macOS Catalina, tvOS, and watchOS and stemmed from inadequate memory handling that could be triggered by a local process.

An attacker who can execute code as a local user or application on an unpatched device can exploit the weakness to consume memory in a manner that leads to arbitrary code execution with kernel privileges, resulting in full system compromise without user interaction.

Apple resolved the vulnerability through improved memory handling in the releases iOS 13.5.1, iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, and watchOS 6.2.6, as described in the vendor advisory HT211214. The issue is also catalogued by CISA among vulnerabilities observed in active exploitation.

Its presence on the CISA known-exploited list indicates confirmed real-world attacks against the affected Apple operating systems.

EU & UK References

Vulnerability details

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel…

more

privileges.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apple
ipados
≤ 13.5.1
apple
iphone os
≤ 13.5.1
apple
mac os x
≤ 10.15.5
apple
tvos
≤ 13.4.6
apple
watchos
≤ 6.2.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of vendor patches that correct the inadequate memory handling (double-free) in affected Apple kernels.

prevent

Mandates memory-protection mechanisms that would have blocked the memory-consumption path used to achieve kernel code execution.

prevent

Enforces process-isolation boundaries that limit a local application's ability to corrupt kernel memory structures.

References