Vulnerability Description
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Ipados | < 13.6 |
| Apple | Iphone Os | < 13.6 |
| Apple | Tvos | < 13.4.8 |
| Apple | Watchos | < 6.2.8 |
Related Weaknesses (CWE)
References
- https://support.apple.com/HT211288Vendor Advisory
- https://support.apple.com/HT211290Vendor Advisory
- https://support.apple.com/HT211291Vendor Advisory
- https://support.apple.com/HT211288Vendor Advisory
- https://support.apple.com/HT211290Vendor Advisory
- https://support.apple.com/HT211291Vendor Advisory
FAQ
What is CVE-2020-9909?
CVE-2020-9909 is a vulnerability with a CVSS score of 5.9 (MEDIUM). An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. An attacker that has already achieved kernel code execut...
How severe is CVE-2020-9909?
CVE-2020-9909 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-9909?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Ipados, Apple Iphone Os, Apple Tvos, Apple Watchos.