8330 matches found
CVE-2020-27933
CVE-2020-27933 is a memory corruption issue affecting Apple ImageIO (notably in iCloud for Windows 7.20 and related macOS/iOS/watchOS/tvOS updates). The root cause is memory corruption when processing a maliciously crafted image, addressed by Apple via improved input validation and memory handlin...
CVE-2020-27931
A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, watchOS 7.0,...
CVE-2020-27922
CVE-2020-27922 is a logic issue in Apple’s font processing pathway (CoreText/FontParser) that could allow arbitrary code execution when parsing a maliciously crafted font file. The issue is fixed in macOS Big Sur 11.1 and corresponding security updates: Catalina 10.15.7 (Security Update 2020-001)...
CVE-2020-27924
CVE-2020-27924 describes an out-of-bounds read vulnerability in image processing that could allow arbitrary code execution when processing a malicious image. Apple confirms fixes across macOS Big Sur 11.1, Catalina 10.15.7 (Security Update 2020-001), Mojave 10.14.6 (Security Update 2020-007), mac...
CVE-2020-27924
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted image may lea...
CVE-2020-27935
Multiple issues were addressed with improved logic. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A sandboxed process may be able to circumvent sandbox restrictions...
CVE-2020-27935
CVE-2020-27935 is a sandbox-related issue addressed by Apple in macOS Big Sur 11.0.1 and in iOS/iPadOS 14.2, watchOS 7.1, tvOS 14.2. The vulnerability is tied to XNU and allows a sandboxed process to circumvent sandbox restrictions. The vulnerability is discussed alongside a family of related iss...
CVE-2020-27920
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing maliciously crafted web content m...
CVE-2020-27908
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted audio file ma...
CVE-2020-27899
CVE-2020-27899 describes a use-after-free vulnerability that was addressed with improved memory management. The issue could allow a local attacker to elevate privileges. Apple confirms fixes in multiple platforms and releases: iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, and tvOS ...
CVE-2020-9975
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute...
CVE-2020-9975
CVE-2020-9975 is a use-after-free memory corruption issue that, if exploited, could allow an attacker to execute arbitrary code with kernel privileges. Public details in the initial description indicate this vulnerability affects macOS kernel (XNU) and related Apple OS components, with root cause...
CVE-2020-9978
This issue was addressed with improved setting propagation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An attacker in a privileged network position may be ab...
CVE-2020-9978
CVE-2020-9978 is an Apple macOS/iOS family issue: a memory/setting-propagation flaw that could allow an attacker in a privileged network position to unexpectedly alter application state. Affected products include macOS Big Sur (11.0.1, 11.1), macOS Catalina (Security Update 2020-001), macOS Mojav...
CVE-2020-9926
CVE-2020-9926 describes a use-after-free in memory management when processing XML, addressed in Apple updates. Affected products include iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, iCloud for Windows 7.20, macOS Catalina 10.15.6, and Security Update 2020-004 for Mojave and High Sierra. ...
CVE-2020-9956
CVE-2020-9956 is an out-of-bounds/memory handling issue affecting Apple font parsing components (FontParser/CoreText) where processing a maliciously crafted font file could lead to arbitrary code execution. The vulnerability is addressed in Apple security updates for macOS Big Sur 11.0.1, macOS B...
CVE-2020-9967
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A remote attacker may be able to...
CVE-2020-9962
CVE-2020-9962 is associated with Apple macOS FontParser. The vulnerability allowed a buffer overflow when processing a malicious font file, due to insufficient size validation in the FontParser component. This could enable arbitrary code execution. The issue is fixed in macOS Big Sur 11.0.1, with...
CVE-2020-9955
CVE-2020-9955 is an ImageIO out-of-bounds write vulnerability in Apple platforms. Apple reports that processing a maliciously crafted image may lead to arbitrary code execution. Concrete details across connected sources show the issue affecting ImageIO on iOS 14.0 / iPadOS 14.0, tvOS 14.0, watchO...
CVE-2020-9960
CVE-2020-9960 affects Apple platforms (macOS Big Sur 11.x, macOS Catalina 10.15.x, tvOS 14.0, watchOS 7.0, iOS 14.0, iPadOS 14.0). The root cause is an out-of-bounds read in the audio processing path, addressed by improved input validation. The vulnerability could allow arbitrary code execution t...