CVE-2020-9992

HIGH

Xcode < 12.0 - Remote Code Execution via Unencrypted Debug Session

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-9992. PoCs published by c0ntextomy.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2020-9992, demonstrating a design flaw in macOS/Xcode's MobileDevice.framework that allows plain-text remote debugging sessions over the network. The exploit leverages ARP spoofing and MITM techniques to hijack debugging sessions, enabling remote code execution and sensitive data exfiltration.

Description

This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network.

Exploits (1)

nomisec WORKING POC 73 stars

by c0ntextomy · poc

https://github.com/c0ntextomy/c0ntextomy

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2020-9992, demonstrating a design flaw in macOS/Xcode's MobileDevice.framework that allows plain-text remote debugging sessions over the network. The exploit leverages ARP spoofing and MITM techniques to hijack debugging sessions, enabling remote code execution and sensitive data exfiltration.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: macOS/Xcode MobileDevice.framework (affecting iOS/iPadOS/tvOS debugging)

No auth needed

Prerequisites: Local network access · ARP spoofing capability · Victim using Xcode remote debugging

MITRE ATT&CK

T1557 - Adversary-in-the-Middle T1059 - Command and Scripting Interpreter T1040 - Network Sniffing

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Release Notes, Vendor Advisory x_refsource_misc

https://support.apple.com/HT211850

Release Notes, Vendor Advisory x_refsource_misc

https://support.apple.com/HT211848

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2020/Nov/20

Scores

CVSS v3 7.8

EPSS 0.0299

EPSS Percentile 85.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published

Products (3)

apple/ipados < 14.0

apple/iphone_os < 14.0

apple/xcode < 12.0

Published Oct 16, 2020

Tracked Since Feb 18, 2026