CVE-2020-9795 : What You Need to Know

A use after free issue was addressed with improved memory management in iOS, macOS, tvOS, and watchOS. This vulnerability allows an application to execute arbitrary code with kernel privileges.

Understanding CVE-2020-9795

What is CVE-2020-9795?

CVE-2020-9795 is a use after free vulnerability that affects multiple Apple operating systems, allowing malicious applications to execute arbitrary code with kernel privileges.

The Impact of CVE-2020-9795

The vulnerability poses a significant security risk as it enables unauthorized code execution with elevated privileges, potentially leading to system compromise.

Technical Details of CVE-2020-9795

Vulnerability Description

The issue arises from a use after free flaw that was mitigated through enhanced memory management techniques in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, and watchOS 6.2.5.

Affected Systems and Versions

iOS: Versions prior to 13.5 and iPadOS 13.5
macOS: Versions prior to Catalina 10.15.5
tvOS: Versions prior to 13.4.5
watchOS: Versions prior to 6.2.5

Exploitation Mechanism

The vulnerability allows an application to manipulate memory after it has been freed, potentially leading to the execution of arbitrary code with kernel privileges.

Mitigation and Prevention

Immediate Steps to Take

Update affected systems to iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, or watchOS 6.2.5 to patch the vulnerability.
Avoid downloading and running untrusted applications to mitigate the risk of exploitation.

Long-Term Security Practices

Regularly update all software and operating systems to the latest versions to address known security issues.
Implement strict application whitelisting policies to control the execution of programs on devices.

Patching and Updates

Apply security patches provided by Apple promptly to ensure that known vulnerabilities are mitigated effectively.