CVE-2020-27935

MEDIUM

iPadOS < 14.2 - Sandbox Escape

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-27935. PoCs published by LIJI32.

AI-analyzed exploit summary This repository contains a working proof-of-concept exploit for CVE-2020-27935, a sandbox escape vulnerability in macOS up to version 10.15 and early beta versions of macOS 11.0. The exploit leverages Objective-C runtime manipulation to execute code before sandbox initialization, allowing access to files outside the sandbox.

Description

Multiple issues were addressed with improved logic. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A sandboxed process may be able to circumvent sandbox restrictions.

Exploits (1)

nomisec WORKING POC 32 stars
by LIJI32 · poc
https://github.com/LIJI32/SnatchBox

This repository contains a working proof-of-concept exploit for CVE-2020-27935, a sandbox escape vulnerability in macOS up to version 10.15 and early beta versions of macOS 11.0. The exploit leverages Objective-C runtime manipulation to execute code before sandbox initialization, allowing access to files outside the sandbox.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: macOS up to 10.15 and early beta versions of macOS 11.0
No auth needed
Prerequisites: macOS environment with vulnerable version · Ability to run a signed binary with App Store entitlements
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT211931
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT211928
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT211929
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT211930

Scores

CVSS v3 6.3
EPSS 0.0566
EPSS Percentile 90.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Details

Status published
Products (5)
apple/ipados < 14.2
apple/iphone_os < 14.2
apple/mac_os_x < 11.0.1
apple/tvos < 14.2
apple/watchos < 7.1
Published Apr 02, 2021
Tracked Since Feb 18, 2026