CVE-2020-7463: 
Apple iCloud vulnerability analysis and mitigation

CVE-2020-7463 is a use-after-free vulnerability discovered in FreeBSD's SCTP (Stream Control Transmission Protocol) implementation and later found to affect multiple Apple products. The vulnerability was first identified in January 2020 and affects FreeBSD versions 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13 (FreeBSD Advisory).

The vulnerability stems from improper handling in the kernel that can trigger a use-after-free condition when sending large user messages from multiple threads on the same SCTP socket. This memory management issue was addressed with improved memory management in subsequent patches (Apple Support).

When exploited, the vulnerability may result in unintended kernel behavior including kernel panic. On affected systems, a remote attacker may be able to cause unexpected system termination or corrupt kernel memory (FreeBSD Advisory).

The vulnerability has been patched in FreeBSD through security updates r364644 (12.1-STABLE), r364651 (11.4-STABLE), and corresponding release versions. Apple has addressed the issue in iOS 14.5, iPadOS 14.5, macOS Big Sur 11.3, Safari 14.1, iCloud for Windows 12.3, and iTunes 12.11.3 for Windows through improved memory management (Apple Support, FreeBSD Advisory).