CVE-2020-9975 : What You Need to Know
Learn about CVE-2020-9975, a critical vulnerability in Apple products allowing arbitrary code execution. Find out affected systems and how to prevent exploitation.
A use after free issue in Apple products was addressed with improved memory management, allowing an application to execute arbitrary code with kernel privileges.
Understanding CVE-2020-9975
What is CVE-2020-9975?
CVE-2020-9975 is a vulnerability in Apple products that could lead to arbitrary code execution with kernel privileges.
The Impact of CVE-2020-9975
The vulnerability could be exploited by an application to execute malicious code with elevated privileges.
Technical Details of CVE-2020-9975
Vulnerability Description
The issue stems from a use after free problem that was mitigated through enhanced memory management.
Affected Systems and Versions
- tvOS versions less than 14.0
- watchOS versions less than 7.0
- iOS and iPadOS versions less than 14.0
- macOS versions less than 11.0 and 11.1
Exploitation Mechanism
An application could exploit this vulnerability to run arbitrary code with kernel privileges.
Mitigation and Prevention
Immediate Steps to Take
- Update affected systems to the fixed versions: macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0, and iPadOS 14.0
Long-Term Security Practices
- Regularly apply security updates and patches
- Implement secure coding practices
Patching and Updates
Ensure all Apple devices are updated to the latest versions to mitigate the vulnerability.