{"cve":{"cve_id":"CVE-2020-9907","is_kev":true,"kev_date_added":"2022-06-27","kev_vendor_project":"Apple","kev_product":"Multiple Products","kev_vulnerability_name":"Apple Multiple Products Memory Corruption Vulnerability","kev_short_description":"Apple iOS, iPadOS, and tvOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges.","kev_required_action":"Apply updates per vendor instructions.","kev_due_date":"2022-07-18","kev_known_ransomware":false,"kev_notes":"https://nvd.nist.gov/vuln/detail/CVE-2020-9907","kev_cwes":["CWE-787"],"epss_score":0.03738,"epss_percentile":0.88428,"epss_as_of":"2026-06-23","description":"A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An application may be able to execute arbitrary code with kernel privileges.","published_at":"2020-10-16T16:43:32Z","last_modified_at":null,"cvss_v3_score":7.8,"cvss_v3_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"active","ssvc_automatable":false,"ssvc_technical_impact":"total","cwes":["CWE-787"],"nvd_references":["https://support.apple.com/HT211288","https://support.apple.com/HT211290"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:31.350578Z","updated_at":"2026-06-28T23:14:42.328229Z"},"effective_severity":"HIGH","badges":["kev"],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"L","value_label":"Local"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"R","value_label":"Required"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"apple","vendor_name":"Apple","product_slug":"ios","product_name":"iOS","version_start":"unspecified","version_start_inclusive":true,"version_end":"iOS 13.6 and iPadOS 13.6","version_end_inclusive":false,"cpe23_uri":"cve5:apple:ios:unspecified:iOS 13.6 and iPadOS 13.6"},{"vendor_slug":"apple","vendor_name":"Apple","product_slug":"tvos","product_name":"tvOS","version_start":"unspecified","version_start_inclusive":true,"version_end":"tvOS 13.4.8","version_end_inclusive":false,"cpe23_uri":"cve5:apple:tvos:unspecified:tvOS 13.4.8"}],"exploit_refs":[],"news":[],"references":[{"url":"https://support.apple.com/HT211288","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://support.apple.com/HT211290","source_type":"VENDOR_ADVISORY","tags":["advisory"]}],"timeline":[{"type":"published","at":"2020-10-16T16:43:32Z","label":"CVE published","source":null},{"type":"cisa_reported","at":"2022-06-27T00:00:00Z","label":"Added to CISA KEV catalog","source":"kev"},{"type":"ssvc_changed","at":"2026-06-24T00:31:35.223313Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:35.223313Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:35.223313Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:35.223313Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:35.223313Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:35.223313Z","label":"CVSS score revised","source":"vulnrichment"}]}