CVE-2020-9785: 
macOS vulnerability analysis and mitigation

CVE-2020-9785 is a kernel vulnerability discovered in Apple's operating systems that was fixed in iOS 13.4, iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, and watchOS 6.2, released on March 24, 2020. The vulnerability was identified by Proteas of Qihoo 360 Nirvan Team and involves multiple memory corruption issues in the kernel that were addressed with improved state management (Apple Security).

The vulnerability is classified as a memory corruption issue affecting the kernel component of Apple's operating systems. It received a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access is required but no privileges are needed, and user interaction is required. The vulnerability is also associated with CWE-787 (Out-of-bounds Write) (NVD).

If exploited, this vulnerability could allow a malicious application to execute arbitrary code with kernel privileges, potentially giving an attacker complete control over the affected device (Apple Security).

Apple addressed this vulnerability by implementing improved state management in the kernel. The fix was released in iOS 13.4, iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, and watchOS 6.2. Users should update their devices to these versions or later to protect against this vulnerability (Apple Security).