Kaspersky LabKLA11650KLA11650 Multiple vulnerabilities in Apple iCloud
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
79.4%
Multiple vulnerabilities were found in Apple iCloud. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, perform cross-site scripting attack, bypass security restrictions.
Below is a complete list of vulnerabilities:
- Multiple memory corruption vulnerabilities in WebKit can be exploited to execute arbitrary code.
- A buffer overflow vulnerability in libxml2 can be exploited to execute arbitrary code.
- An out-of-bounds vulnerability in ImageIO can be exploited to execute arbitrary code.
- Multiple memory corruption vulnerabilities in WebKit Page Loading can be exploited to execute arbitrary code.
- A logic vulnerability in WebKit can be exploited to perform cross-site scripting attacks.
- A memory handling vulnerability in WebKit can be exploited to cause a denial of service
- The HTTP referrer header vulnerability in WebKit can be exploited to obtain sensitive information.
- A DOM object context vulnerability in WebKit Page Loading can be exploited to bypass security restrictions.
Original advisories
Related products
CVE list
CVE-2020-3868 critical
CVE-2020-3846 high
CVE-2020-3826 high
CVE-2020-3865 high
CVE-2020-3825 high
CVE-2020-3867 warning
CVE-2020-3862 warning
CVE-2019-8827 warning
CVE-2020-3864 high
Solution
Update to the latest version
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
- XSS/CSS
Cross site scripting. Exploitation of vulnerabilities with this impact can lead to partial interception of information transmitted between user and site.
- SUI
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
Affected Products
- Apple iCloud earlier than 7.17Apple iCloud earlier than 10.9.2
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
79.4%