⚠ Actively exploited

Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2020-9818

CWE-787 — Out-of-bounds Write6 documents6 sources

Severity

8.8HIGH

EPSS

0.5%

top 32.78%

CISA KEV

KEV

Added 2021-11-03

Due 2022-05-03

Exploit

Exploited in wild

Active exploitation observed

Affected products

Apple IOS Apple Ios-1 Apple Watchos +2 more

Timeline

PublishedJun 9

KEV addedNov 3

KEV dueMay 3

Latest updateMay 24

CISA Required Action: Apply updates per vendor instructions.

Description

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

▶NVDapple/ipados< 13.5

▶CVEListV5apple/watchosunspecified — watchOS 6.2.5

▶NVDapple/watchos< 6.2.5

▶CVEListV5apple/iosunspecified — iOS 13.5 and iPadOS 13.5

▶CVEListV5apple/ios-1unspecified — iOS 12.4.7

🔴Vulnerability Details

GHSA

GHSA-r647-89qj-xwmp: An out-of-bounds write issue was addressed with improved bounds checking↗2022-05-24

▶

CVEList

CVE-2020-9818: An out-of-bounds write issue was addressed with improved bounds checking↗2020-06-09

▶

VulnCheck

Apple iOS, iPadOS, and watchOS Out-of-Bounds Write Vulnerability↗2020

▶

📋Vendor Advisories

CISA

Apple iOS, iPadOS, and watchOS Out-of-Bounds Write Vulnerability↗2021-11-03

▶