Apple Officially Expresses Gratitude to the Hillstone Security Research Team for Detecting a Vulnerability in Apple iOS and iPadOS

On July 24, 2020, Apple released the security content of iOS 13.6 and iPadOS 13.6. The Hillstone Security Research team made a discovery of a vulnerability that is of great significance to the optimization of Apple’s ecosystem. YongYue “BigChan” Wang, a member of the Hillstone security research team, discovered the 0-click remote arbitrary file and write vulnerability in the Email component (CVE-2020-9920). Upon notifying Apple, Hillstone received an official thank you note from Apple. Below are the details of the vulnerability.

Description of major vulnerabilities discovered by the Hillstone Network Security Team

CVE-2020-9920: Apple macOS Catalina, Apple iOS, iPadOS could allow a local attacker to overwrite arbitrary files, caused by a path handling issue in the Mail component. An attacker could exploit this vulnerability to allow a malicious mail server to overwrite arbitrary mail files.

Hillstone Security Research Team

As a leading provider of Enterprise Network Security and Risk Management solutions, protecting our customers in a proactive way is our highest goal. Which is why we have dedicated so many security research team members and resources to uncover vulnerabilities in widely used products. We will continue to devote our efforts to safeguard global network security.