CVE-2020-9922

MEDIUM

macOS < 10.15.6 - Arbitrary File Write via Malicious Email Processing

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-9922. PoCs published by Wowfunhappy.

AI-analyzed exploit summary The repository lacks actual exploit code and instead directs users to an external download link, which is a common tactic for distributing malware or fake exploits. The README provides minimal technical details about CVE-2020-9922.

Description

A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted email may lead to writing arbitrary files.

Exploits (1)

nomisec SUSPICIOUS 3 stars
by Wowfunhappy · poc
https://github.com/Wowfunhappy/Fix-Apple-Mail-CVE-2020-9922

The repository lacks actual exploit code and instead directs users to an external download link, which is a common tactic for distributing malware or fake exploits. The README provides minimal technical details about CVE-2020-9922.

Classification
Suspicious 90%
Attack Type
Other
Complexity
Theoretical
Reliability
Theoretical
Target: Apple Mail (OS X prior to High Sierra)
No auth needed
Prerequisites: none specified
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT211289

Scores

CVSS v3 6.5
EPSS 0.0149
EPSS Percentile 70.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

Status published
Products (1)
apple/mac_os_x < 10.15.6
Published Dec 08, 2020
Tracked Since Feb 18, 2026