41 matches found
EUVD-2020-2470
Malware in sbrugna...
Cross site scripting
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1. Processing a maliciously crafted font may lead to arbitrary code execution...
Input validation
An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1. Processing a maliciously crafted PDF may lead to arbitrary code execution...
CVE-2020-29629
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to read restricted memory...
CVE-2020-9897
An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1. Processing a maliciously crafted PDF may lead to arbitrary code execution...
CVE-2020-10005
CVE-2020-10005 is an Apple/macOS SMB server vulnerability disclosed by Talos describing a TREE_CONNECT stack buffer overflow caused by unsafe handling of very long share paths, enabling memory corruption and possible code execution. The public description notes a resource exhaustion/denial of ser...
CVE-2020-9971
A logic issue was addressed with improved validation. This issue is fixed in watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.0.1. A malicious application may be able to elevate privileges...
CVE-2020-9960
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted audio file ma...
CVE-2020-27899
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A local attacker may be able to elevate their privileges...
CVE-2020-27893
An issue existed in screen sharing. This issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A user with screen sharing access may be able to view another user's screen...
Design/Logic Flaw
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A local attacker may be able to elevate their privileges...
Design/Logic Flaw
Multiple issues were addressed with improved logic. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A sandboxed process may be able to circumvent sandbox restrictions...
Code injection
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A person with physical access to an iOS device may be able to access contacts from the lock screen...
CVE-2021-1755
CVE-2021-1755 describes a lock-screen access issue that could allow access to contacts on a locked device (iOS and macOS contexts in the sources). The vulnerability is addressed with improved state management and is fixed in macOS Big Sur 11.0.1. Connected records confirm the incident involves lo...
CVE-2020-27935
CVE-2020-27935 is a sandbox-related issue addressed by Apple in macOS Big Sur 11.0.1 and in iOS/iPadOS 14.2, watchOS 7.1, tvOS 14.2. The vulnerability is tied to XNU and allows a sandboxed process to circumvent sandbox restrictions. The vulnerability is discussed alongside a family of related iss...
CVE-2020-27893
An issue existed in screen sharing. This issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A user with screen sharing access may be able to view another user's screen...
CVE-2020-9975
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute...
Apple CoreMedia Buffer Error Vulnerability
Apple CoreMedia is an Apple Inc. core component used in mobile devices for processing media data. Apple CoreMedia suffers from a buffer error vulnerability that exists due to a boundary condition within the CoreMedia component in macOS. A remote attacker could create a specially crafted image and...
Apple CrashReporter Authorization Issues Vulnerability
Apple CrashReporter is a core component of Apple Inc. that is used in mobile devices for monitoring system crash events. An authorization issue vulnerability exists in Apple CrashReporter that stems from the application not properly imposing security restrictions within the Crash Reporter compone...
Apple CoreGraphics Buffer Error Vulnerability
Apple CoreGraphics is a core component from Apple Inc. that is used in mobile devices for graphics drawing. Apple CoreGraphics suffers from a buffer error vulnerability that stems from a boundary error when handling fonts in the CoreGraphics component in macOS. A remote attacker could create a...