CVE-2020-9859

Confirmed PUBLISHED

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5...

Apple · iOS, macOS, tvOS, watchOS
Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
7.8 High

At a Glance

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges.

macos ios cisa
CVE Published
Jun 05, 2020
Exploitation Reported
Nov 03, 2021
CVSS
7.8 High
EPSS
Low complexity No user interaction

Affected Versions

Vendor Product Version Status
Apple
iOS

unspecified to < iOS 13.5.1 and iPadOS 13.5.1

Affected
Apple
macOS

unspecified to < macOS Catalina 10.15.5 Supplemental Update

Affected
Apple
tvOS

unspecified to < tvOS 13.4.6

Affected
Apple
watchOS

unspecified to < watchOS 6.2.6

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.