CVE-2020-9856

MEDIUM

macOS Catalina <10.15.5 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-9856. Includes Metasploit module exploits/osx/browser/safari_in_operator_side_effect.

AI-analyzed exploit summary This exploit leverages a type confusion vulnerability in Safari's JavaScript engine (CVE-2020-9850) to achieve arbitrary read/write primitives, leading to RCE via shellcode execution in RWX memory. It chains multiple CVEs to bypass sandbox restrictions on macOS.

Description

This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. An application may be able to gain elevated privileges.

Exploits (1)

metasploit WORKING POC MANUAL
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/browser/safari_in_operator_side_effect.rb

This exploit leverages a type confusion vulnerability in Safari's JavaScript engine (CVE-2020-9850) to achieve arbitrary read/write primitives, leading to RCE via shellcode execution in RWX memory. It chains multiple CVEs to bypass sandbox restrictions on macOS.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Apple Safari (WebKit) on macOS
No auth needed
Prerequisites: Victim must visit a malicious webpage using Safari on macOS · Specific macOS version vulnerable to CVE-2020-9850, CVE-2020-9856, and CVE-2020-9801
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/HT211170

Scores

CVSS v3 5.3
EPSS 0.0139
EPSS Percentile 68.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

Status published
Products (3)
apple/mac_os_x 10.13.6 (13 CPE variants)
apple/mac_os_x 10.14.6 (11 CPE variants)
apple/mac_os_x 10.13 - 10.13.6
Published Jun 09, 2020
Tracked Since Feb 18, 2026