Logic Issue in Apple iOS, iPadOS, tvOS, watchOS and Safari
CVE-2020-9802

8.8HIGH

Key Information:

Vendor

Apple
Status
iOS
TV OS
Watch OS
Safari
Vendor
CVE Published:
9 June 2020

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 45%

What is CVE-2020-9802?

A logic issue within the processing of web content has been discovered that can allow maliciously crafted input to potentially execute arbitrary code on affected systems. This vulnerability has been addressed in the latest updates across various Apple platforms including iOS, iPadOS, tvOS, and Safari, highlighting the importance of keeping devices up to date to mitigate security risks. Users are encouraged to update their software to the latest versions as listed in the affected products section to ensure protection against potential exploits.

Affected Version(s)

iCloud for Windows < unspecified

iCloud for Windows (Legacy) < unspecified

iOS < unspecified

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

jitsploitation
Created by Billy-Ellis

References

https://support.apple.com/HT211168
x_refsource_MISC
https://support.apple.com/HT211171
x_refsource_MISC
https://support.apple.com/HT211175
x_refsource_MISC

EPSS Score

45% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.