CVE-2020-9996: Use After Free

Q: What is CVE-2020-9996?

CVE-2020-9996 is a vulnerability in NetworkExtension that allows for a use after free issue, which has been addressed with improved memory management.

Q: Which software versions are affected by CVE-2020-9996?

CVE-2020-9996 affects Apple iOS up to version 14.0, Apple iPadOS up to version 14.0, and Apple macOS Big Sur up to version 11.0.1.

Q: How severe is CVE-2020-9996?

The severity of CVE-2020-9996 is not specified.

Q: How can I fix CVE-2020-9996?

To fix CVE-2020-9996, ensure you have installed the latest security updates and patches provided by Apple for the affected software versions.

Q: Where can I find more information about CVE-2020-9996?

You can find more information about CVE-2020-9996 on the official Apple support website: https://support.apple.com/en-us/HT211850

Published Sep 16, 2020

Updated

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to elevate privileges.

Other sources

NetworkExtension. A use after free issue was addressed with improved memory management.

Credit

Zhiwei Yuan(Trend Micro iCore Team), Junzhi Lu, Mickey Jin(Trend Micro)

Affected Software

6 affected componentsFixes available

Apple macOS Big Sur<11.0.1

11.0.1

Apple iOS<14.0

14.0

Apple iPadOS<14.0

14.0

Apple iPadOS<14.0

Apple iPhone OS<14.0

Apple iOS and macOS<11.0.1

Event History

Dec 8, 2020

CVE Published

via MITRE·07:59 PM

Data Sourced

via MITRE·07:59 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

CVE-2020-27914
CVE-2020-27915
CVE-2020-27903
CVE-2020-27910
CVE-2020-27916
CVE-2020-9943
CVE-2020-9944
CVE-2020-27906
CVE-2020-27945
CVE-2020-27908
CVE-2020-27909
CVE-2020-9960
CVE-2020-10017
CVE-2020-9949
CVE-2020-9897
CVE-2020-9883
CVE-2020-10003
CVE-2020-27922
CVE-2020-9999
CVE-2020-27937
CVE-2020-9965
CVE-2020-9966
CVE-2020-27894
CVE-2020-36615
CVE-2021-1790
CVE-2021-1775
CVE-2020-29629
CVE-2020-27942
CVE-2020-9962
CVE-2020-27952
CVE-2020-9956
CVE-2020-27931
CVE-2020-27930
CVE-2020-27927
CVE-2020-29639
CVE-2020-10002
CVE-2020-9978
CVE-2020-9955
CVE-2020-27924
CVE-2020-27912
CVE-2020-27923
CVE-2020-9876
CVE-2020-10015
CVE-2020-27897
CVE-2020-27907
CVE-2020-27919
CVE-2020-9967
CVE-2020-9975
CVE-2020-27921
CVE-2020-27904
CVE-2019-14899
CVE-2020-27950
CVE-2020-9974
CVE-2020-10016
CVE-2020-27932
CVE-2020-27917
CVE-2020-27920
CVE-2020-27911
CVE-2020-9971
CVE-2020-10014
CVE-2020-10010
CVE-2020-9941
CVE-2020-9988
CVE-2020-9989
CVE-2020-10011
CVE-2020-13524
CVE-2020-10004
CVE-2020-9996
CVE-2020-27901
CVE-2020-27900
CVE-2019-20838
CVE-2020-14155
CVE-2020-10007
CVE-2020-27896
CVE-2020-9963
CVE-2020-10012
CVE-2020-10663
CVE-2020-9945
CVE-2020-9977
CVE-2020-9942
CVE-2020-9987
CVE-2021-1803
CVE-2020-9969
CVE-2020-27893
CVE-2021-1755
CVE-2020-10005
CVE-2020-9991
CVE-2020-9849
CVE-2020-15358
CVE-2020-13631
CVE-2020-13434
CVE-2020-13435
CVE-2020-13630
CVE-2020-27899
CVE-2020-10009
CVE-2020-10008
CVE-2020-27918
CVE-2020-9947
CVE-2020-9950
CVE-2020-27898
CVE-2020-27935
CVE-2020-10006
CVE-2020-9958
CVE-2020-9979
CVE-2020-9954
CVE-2020-9773
CVE-2020-9992
CVE-2020-36521
CVE-2020-9961
CVE-2020-9964
CVE-2020-9976
CVE-2020-9981
CVE-2020-13520
CVE-2020-6147
CVE-2020-9972
CVE-2020-9973
CVE-2020-9946
CVE-2020-9993
CVE-2020-9968
CVE-2020-9959
CVE-2020-9951
CVE-2020-9983
CVE-2020-9952
CVE-2020-10013

Frequently Asked Questions

What is CVE-2020-9996?

CVE-2020-9996 is a vulnerability in NetworkExtension that allows for a use after free issue, which has been addressed with improved memory management.

Which software versions are affected by CVE-2020-9996?