CVE-2020-9802

HIGH EXPLOITED

Apple Icloud < 7.19 - Denial of Service

Title source: rule

Description

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

Exploits (2)

nomisec WRITEUP 7 stars

by Billy-Ellis · client-side

https://github.com/Billy-Ellis/jitsploitation

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by khcujw · client-side

https://github.com/khcujw/CVE-2020-9802

View Code ZIP pw:eip

References (7)

[Release Notes, Vendor Advisory] https://support.apple.com/HT211168

[Release Notes, Vendor Advisory] https://support.apple.com/HT211171

[Release Notes, Vendor Advisory] https://support.apple.com/HT211175

[Broken Link, Release Notes, Vendor Advisory] https://support.apple.com/HT211177

[Release Notes, Vendor Advisory] https://support.apple.com/HT211178

[Release Notes, Vendor Advisory] https://support.apple.com/HT211179

[Release Notes, Vendor Advisory] https://support.apple.com/HT211181

Scores

CVSS v3 8.8

EPSS 0.4149

EPSS Percentile 97.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-05-06

Status published

Products (7)

apple/icloud < 7.19

apple/ipados < 13.5

apple/iphone_os < 13.5

apple/itunes < 12.10.7

apple/safari < 13.1.1

apple/tvos < 13.4.5

apple/watchos < 6.2.5

Published Jun 09, 2020

Tracked Since Feb 18, 2026