Select Page

On July 24, 2020, Apple released the security content of iOS 13.6 and iPadOS 13.6. The Hillstone Security Research team made a discovery of a vulnerability that is of great significance to the optimization of Apple’s ecosystem. YongYue “BigChan” Wang, a member of the Hillstone security research team, discovered the 0-click remote arbitrary file and write vulnerability in the Email component (CVE-2020-9920). Upon notifying Apple, Hillstone received an official thank you note from Apple. Below are the details of the vulnerability.

Description of major vulnerabilities discovered by the Hillstone Network Security Team


CVE-2020-9920: Apple macOS Catalina, Apple iOS, iPadOS could allow a local attacker to overwrite arbitrary files, caused by a path handling issue in the Mail component. An attacker could exploit this vulnerability to allow a malicious mail server to overwrite arbitrary mail files.

Hillstone Security Research Team


As a leading provider of Enterprise Network Security and Risk Management solutions, protecting our customers in a proactive way is our highest goal. Which is why we have dedicated so many security research team members and resources to uncover vulnerabilities in widely used products. We will continue to devote our efforts to safeguard global network security.

Hillstone NGFWs Recognized for 8th Straight Year in Gartner® Magic Quadrant™, Named as a “Visionary”

Hillstone Networks Wins 2021 CybersecAsia Readers’ Choice Award

ZTNA: A Better Way to Control Access, Boost Security

Hillstone sBDS V3.4 Extends Supplementary Detection Capabilities

Kudos to the Hillstone Security Research Team for Being Acknowledge by Microsoft for Vulnerability Discovery

Hillstone Releases iSource, an Extended Detection and Response Platform

Hillstone’s A200W streamlines deployment of cost-effective perimeter solution

Endpoint Detection and Response: Getting from Good to Great

ADC V2.9 delivers traffic and balances links at an unprecedented level