⚠ Actively exploited

Added to CISA KEV on 2022-06-27. Federal agencies required to patch by 2022-07-18. Required action: Apply updates per vendor instructions..

CVE-2020-3837 — Out-of-bounds Write in Apple Macos

CWE-787 — Out-of-bounds Write CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents7 sources

Severity

7.8HIGHNVD

EPSS

6.4%

top 8.93%

CISA KEV

KEV

Added 2022-06-27

Due 2022-07-18

Exploit

Exploited in wild

Active exploitation observed

Affected products

Apple IOS Apple Macos Apple Tvos +4 more

Timeline

PublishedFeb 27

KEV addedJun 27

KEV dueJul 18

CISA Required Action: Apply updates per vendor instructions.

Description

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages9 packages

▶CVEListV5apple/tvosunspecified — tvOS 13.3.1

▶NVDapple/tvos< 13.3.1

▶CVEListV5apple/macosunspecified — macOS Catalina 10.15.3

▶NVDapple/ipados< 13.3.1

▶CVEListV5apple/watchosunspecified — watchOS 6.1.2

🔴Vulnerability Details

GHSA

GHSA-qhhm-rhwq-mpvm: A memory corruption issue was addressed with improved memory handling↗2022-05-24

▶

Project0

An iOS hacker tries Android - Project Zero↗2020-12-01

▶

Project0

One Byte to rule them all - Project Zero↗2020-07-01

▶

Project0

A survey of recent iOS kernel exploits - Project Zero↗2020-06-01

▶

CVEList

CVE-2020-3837: A memory corruption issue was addressed with improved memory handling↗2020-02-27

▶

💥Exploits & PoCs

Exploit-DB

iOS/macOS - Out-of-Bounds Timestamp Write in IOAccelCommandQueue2::processSegmentKernelCommand()↗2020-02-10

▶

📋Vendor Advisories

CISA

Apple Multiple Products Memory Corruption Vulnerability↗2022-06-27

▶