Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11926
HistoryAug 10, 2020 - 12:00 a.m.

KLA11926 Multiple vulnerabilities in Apple iCloud

2020-08-1000:00:00
Kaspersky Lab
threats.kaspersky.com
48

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.024

Percentile

89.9%

JSON

Multiple vulnerabilities were found in Apple iCloud. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, execute arbitrary code, cause denial of service, perform cross-site scripting attack, spoof user interface.

Below is a complete list of vulnerabilities:

  1. Security vulnerability in WebKit can be exploited to bypass security restrictions and obtain sensitive information.
  2. An out-of-bounds read vulnerability in WebKit can be exploited remotely to cause denial of service and execute arbitrary code.
  3. An out-of-bounds read vulnerability in ImageIO can be exploited via special crafted file to execute arbitrary code.
  4. An out-of-bounds write vulnerability in ImageIO can be eploited via special crafted file to execute arbitrary code.
  5. A buffer overflow vulnerability in ImageIO can be exploited via special crafted file to execute arbitrary code.
  6. An out-of-bounds write vulnerability in ImageIO can be exploited via special crafted file to cause denial of service and execute arbitrary code.
  7. An integer overflow vulnerability in ImageIO can be exploited via special crafted file to execute arbitrary code.
  8. A use after free vulnerability in WebKit can be exploited remotely to cause denial of service and execute arbitrary code.
  9. A command injection vulnerability in WebKit Web Inspector can be exploited to bypass security restrictions.
  10. A logic vulnerability in WebKit can be exploited via special crafted webpage to perform cross-site scripting attacks.
  11. A URL Unicode encoding vulnerability in WebKit Page Loading can be exploited remotely to spoof user interface.
  12. An access issue vulnerability in WebKit can be exploited via special crafted webpage to bypass security restrictions.
  13. A buffer overflow vulnerability in ImageIO can be to execute arbitrary code.
  14. A buffer overflow vulnerability in CoreGraphics can be to execute arbitrary code.
  15. A use after free vulnerability in libxml2 can be exploited via special crafted file to execute arbitrary code.
  16. A memory corruption vulnerability in ImageIO can be exploited via special crafted image to execute arbitrary code.

Original advisories

About the security content of iCloud for Windows 7.20

Related products

Apple-iCloud

CVE list

CVE-2020-9910 critical

CVE-2020-9894 warning

CVE-2020-9938 critical

CVE-2020-9877 critical

CVE-2020-9879 critical

CVE-2020-9871 critical

CVE-2020-9919 critical

CVE-2020-9876 critical

CVE-2020-9875 critical

CVE-2020-9895 critical

CVE-2020-9874 critical

CVE-2020-9936 critical

CVE-2020-9862 critical

CVE-2020-9872 critical

CVE-2020-9873 critical

CVE-2020-9925 high

CVE-2020-9937 critical

CVE-2020-9916 high

CVE-2020-9915 high

CVE-2020-9893 critical

CVE-2020-11760 high

CVE-2020-11758 high

CVE-2020-11764 high

CVE-2020-11765 high

CVE-2020-11761 high

CVE-2020-11762 high

CVE-2020-11759 high

CVE-2020-11763 high

CVE-2020-9984 critical

CVE-2020-9883 critical

CVE-2020-9926 critical

CVE-2020-27933 critical

Solution

Update to the latest version

Download iCloud

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • XSS/CSS

Cross site scripting. Exploitation of vulnerabilities with this impact can lead to partial interception of information transmitted between user and site.

  • SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

  • Apple iCloud earlier than 7.20

Related

apple 16
mageia 1
openvas 21
fedora 4
nessus 29
suse 3
gentoo 2
debian 4
ubuntu 2
osv 4
cloudfoundry 1
googleprojectzero 1
centos 1
redhat 1
amazon 1
oraclelinux 1
ubuntucve 5
cve 20
cvelist 21
nvd 20
prion 21
zdi 5
zdt 1
redhatcve 3
debiancve 4
alpinelinux 4
veracode 3
apple
apple
About the security content of iCloud for Windows 11.3 - Apple Support
2020-12-15 06:02:19
About the security content of iTunes 12.10.8 for Windows - Apple Support
2020-12-15 05:45:32
About the security content of iCloud for Windows 7.20 - Apple Support
2020-12-15 05:23:14
mageia
mageia
Updated openexr packages fix security vulnerabilities
2020-05-05 15:20:37
openvas
openvas
Fedora: Security Advisory for mingw-ilmbase (FEDORA-2020-e244f22a51)
2020-05-18 00:00:00
Fedora: Security Advisory for mingw-OpenEXR (FEDORA-2020-e244f22a51)
2020-05-18 00:00:00
Mageia: Security Advisory (MGASA-2020-0189)
2022-01-28 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: mingw-OpenEXR-2.4.1-1.fc32
2020-05-16 03:40:01
[SECURITY] Fedora 32 Update: mingw-ilmbase-2.4.1-1.fc32
2020-05-16 03:40:00
[SECURITY] Fedora 32 Update: webkit2gtk3-2.28.4-3.fc32
2020-08-04 01:21:10
nessus
nessus
SUSE SLED15 / SLES15 Security Update : openexr (SUSE-SU-2020:1293-1)
2020-05-22 00:00:00
openSUSE Security Update : openexr (openSUSE-2020-682)
2020-05-26 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS : WebKitGTK vulnerabilities (USN-4444-1)
2020-08-04 00:00:00
suse
suse
Security update for openexr (moderate)
2020-05-23 00:00:00
Security update for webkit2gtk3 (important)
2020-08-25 00:00:00
Security update for webkit2gtk3 (important)
2020-08-28 00:00:00
gentoo
gentoo
WebKitGTK+: Multiple vulnerabilities
2020-07-31 00:00:00
OpenEXR: Multiple vulnerabilities
2021-07-11 00:00:00
debian
debian
[SECURITY] [DSA 4739-1] webkit2gtk security update
2020-08-03 15:08:52
[SECURITY] [DSA 4739-1] webkit2gtk security update
2020-08-03 15:08:52
[SECURITY] [DSA 4755-1] openexr security update
2020-08-29 17:35:55
ubuntu
ubuntu
WebKitGTK vulnerabilities
2020-08-03 00:00:00
OpenEXR vulnerabilities
2020-04-27 00:00:00
osv
osv
webkit2gtk - security update
2020-08-03 00:00:00
openexr - security update
2020-08-29 00:00:00
openexr - security update
2020-08-30 00:00:00
cloudfoundry
cloudfoundry
USN-4339-1: OpenEXR vulnerabilities | Cloud Foundry
2020-05-14 00:00:00
googleprojectzero
googleprojectzero
Fuzzing ImageIO
2020-04-28 00:00:00
centos
centos
OpenEXR security update
2020-10-20 18:35:31
redhat
redhat
(RHSA-2020:4039) Moderate: OpenEXR security update
2020-09-29 07:53:49
amazon
amazon
Medium: OpenEXR
2020-10-22 17:15:00
oraclelinux
oraclelinux
OpenEXR security update
2020-10-06 00:00:00
ubuntucve
ubuntucve
CVE-2020-11765
2020-04-14 00:00:00
CVE-2020-9926
2021-04-02 00:00:00
CVE-2020-9925
2020-07-29 00:00:00
cve
cve
CVE-2020-9874
2020-10-22 18:15:14
CVE-2020-9871
2020-10-22 18:15:14
CVE-2020-27933
2021-04-02 18:15:16
cvelist
cvelist
CVE-2020-9926
2021-04-02 17:23:29
CVE-2020-9871
2020-10-22 17:54:49
CVE-2020-9910
2020-10-16 16:44:17
nvd
nvd
CVE-2020-9938
2020-10-22 19:15:15
CVE-2020-9872
2020-10-22 18:15:14
CVE-2020-9871
2020-10-22 18:15:14
prion
prion
Memory corruption
2021-04-02 18:15:00
Input validation
2020-10-22 18:15:00
Design/Logic Flaw
2021-04-02 18:15:00
zdi
zdi
Apple macOS ImageIO EXR Parsing Integer Overflow Remote Code Execution Vulnerability
2020-08-05 00:00:00
Apple macOS ImageIO PIC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
2020-08-05 00:00:00
Apple macOS CoreGraphics JBIG2Bitmap Heap-based Buffer Overflow Remote Code Execution Vulnerability
2020-10-08 00:00:00
zdt
zdt
WebKit On iOS PAC / JIT Hardening Bypass Vulnerability
2020-08-15 00:00:00
redhatcve
redhatcve
CVE-2020-9925
2020-09-16 14:16:55
CVE-2020-9915
2020-09-16 14:17:36
CVE-2020-11765
2020-04-28 17:10:54
debiancve
debiancve
CVE-2020-9925
2020-10-16 17:15:17
CVE-2020-9862
2020-10-16 17:15:15
CVE-2020-9915
2020-10-16 17:15:17
alpinelinux
alpinelinux
CVE-2020-9925
2020-10-16 17:15:17
CVE-2020-11765
2020-04-14 23:15:12
CVE-2020-9915
2020-10-16 17:15:17
veracode
veracode
Arbitrary Code Execution
2020-08-06 21:37:32
OS Command Injection
2020-08-06 21:29:55
Arbitrary Code Execution
2020-08-06 21:37:21

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.024

Percentile

89.9%

JSON
Related for KLA11926
apple16mageia1openvas21fedora4nessus29suse3gentoo2debian4ubuntu2osv4cloudfoundry1googleprojectzero1centos1redhat1amazon1oraclelinux1ubuntucve5cve20cvelist21nvd20prion21zdi5zdt1redhatcve3debiancve4alpinelinux4veracode3