9.3
CVSSv2

CVE-2020-9992

Published: 16/10/2020 Updated: 15/11/2020
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Apple iOS and iPadOS could allow a local authenticated malicious user to execute arbitrary code on the system, caused by an error during a debug session over the network in the IDE Device Support component. By using a specially-crafted application, an attacker could exploit this vulnerability to execute arbitrary code on a paired device.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple xcode

apple ipad os

apple iphone os

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-09-16-5 Xcode 120 Xcode 120 is now available and addresses the following: IDE Device Support Available for: macOS Mojave 10154 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the ne ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-09-16-1 iOS 140 and iPadOS 140 iOS 140 and iPadOS 140 are now available and address the following: AppleAVD Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An application may be able to cause unexpected system ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 140 and iPadOS 140 iOS 140 and iPadOS 140 addresses the following issues Information about the security content is also available at supportapplecom/HT211850 AppleAVD Available for: iPhone 6s and later, iPod ...

Github Repositories

PENTESTING-BIBLE Explore more than 2000 hacking articles saved over time as PDF BROWSE HISTORY Created By Ammar Amer (Twitter @cry__pto) Support Paypal: -1- 3 Ways Extract Password Hashes from NTDSdit: wwwhackingarticlesin/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: wwwhackingarticlesin/3-ways-to-captu

PENTESTING-BIBLE Explore more than 2000 hacking articles saved over time as PDF BROWSE HISTORY Created By Ammar Amer (Twitter @cry__pto) Support Paypal: -1- 3 Ways Extract Password Hashes from NTDSdit: wwwhackingarticlesin/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: wwwhackingarticlesin/3-ways-to-captu

PENTESTING-BIBLE Explore more than 2000 hacking articles saved over time as PDF BROWSE HISTORY Created By Ammar Amer (Twitter @cry__pto) Support Paypal: -1- 3 Ways Extract Password Hashes from NTDSdit: wwwhackingarticlesin/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: wwwhackingarticlesin/3-ways-to-captu

PENTESTING-BIBLE Explore more than 2000 hacking articles saved over time as PDF BROWSE HISTORY Created By Ammar Amer (Twitter @cry__pto) Support Paypal: -1- 3 Ways Extract Password Hashes from NTDSdit: wwwhackingarticlesin/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: wwwhackingarticlesin/3-ways-to-captu

PENTESTING-BIBLE Explore more than 2000 hacking articles saved over time as PDF BROWSE HISTORY Created By Ammar Amer (Twitter @cry__pto) Support Paypal: -1- 3 Ways Extract Password Hashes from NTDSdit: wwwhackingarticlesin/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: wwwhackingarticlesin/3-ways-to-captu

PENTESTING-BIBLE Explore more than 2000 hacking articles saved over time as PDF BROWSE HISTORY Created By Ammar Amer (Twitter @cry__pto) Support Paypal: -1- 3 Ways Extract Password Hashes from NTDSdit: wwwhackingarticlesin/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: wwwhackingarticlesin/3-ways-to-captu

PENTESTING-BIBLE Explore more than 2000 hacking articles saved over time as PDF BROWSE HISTORY Created By Ammar Amer (Twitter @cry__pto) Support Paypal: -1- 3 Ways Extract Password Hashes from NTDSdit: wwwhackingarticlesin/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: wwwhackingarticlesin/3-ways-to-captu

macos/ios exploit writeup

Here is some resources about macOS/iOS system security exploit writeup blogpanguio/ bugschromiumorg/p/project-zero/issues/list talosintelligencecom/vulnerability_reports#disclosed CVE modules POC/writeup link CVE-2015-???? Kernel githubcom/kpwn/tpwnnirvan360cn/blog/?p=469wwwblackhatcom/docs/eu-15/materials/eu-15-T

2020年发布到阿尔法实验室微信公众号的所有安全资讯汇总

欢迎关注阿尔法实验室微信公众号 20201231 [漏洞] 2020年增加的10个最严重的CVE blogdetectifycom/2020/12/30/top-10-critical-cves-added-in-2020/ Chromium RawClipboardHostImpl中的UAF漏洞 bugschromiumorg/p/chromium/issues/detail?id=1101509 [工具] Sarenka:OSINT工具,将来自shodan、censys等服务的数据集中在一处

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android

Recent Articles

Apple Bug Allows Code Execution on iPhone, iPad, iPod
Threatpost • Tom Spring • 17 Sep 2020

Apple has updated its iOS and iPadOS operating systems, which addressed a wide range of flaws in its iPhone, iPad and iPod devices. The most severe of these could allow an adversary to exploit a privilege-escalation vulnerability against any of the devices and ultimately gain arbitrary code-execution.
The bugs were made public Wednesday as part of Apple’s release its iOS 14 and  iPadOS 14 security changelogs. In total, Apple addressed 11 bugs in products and components, including AppleA...