Vulnerability in Apple Ios
CVE-2020-9819
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5, watchOS 5.3.7. Processing a maliciously crafted mail message may lead to heap corruption.
EPSS: 0.006 (70.1th percentile) — read the EPSS interpretation.
Affected products
- Apple Ios — versions unspecified
- Apple Ios-1 — versions unspecified
- Apple Watchos — versions unspecified
- Apple Watchos-1 — versions unspecified
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply updates per vendor instructions.
Public proof-of-concept exploits
References
- support.apple.com/HT211168 (x_refsource_MISC)
- support.apple.com/HT211175 (x_refsource_MISC)
- support.apple.com/HT211169 (x_refsource_MISC)
- support.apple.com/HT211176 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-9819?
- CVE-2020-9819 is a vulnerability in Apple Ios. Published 2020-06-09.
- Is CVE-2020-9819 known to be exploited?
- Yes. CVE-2020-9819 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2021-11-03), indicating it is being actively exploited. 2 public proof-of-concept repositories are indexed.