Design/Logic Flaw

A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution...

CVE-2020-9849

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory...

UBUNTU-CVE-2020-9849

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory...

Design/Logic Flaw

A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave...

CVE-2020-27917

CVE-2020-27917 is a use-after-free vulnerability in the libxml2/Web content handling path that could lead to arbitrary code execution when processing maliciously crafted web content. It is fixed in Apple platforms as part of macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, as well as ...

CVE-2020-27917

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to code execution...

CVE-2020-27916

CVE-2020-27916 involves an out-of-bounds write in the Audio subsystem (Apple media/audio stack) that could allow arbitrary code execution when processing a malicious audio file. Apple patched this in macOS Big Sur 11.0.1 and corresponding iOS 14.2/iPadOS 14.2, tvOS 14.2, and watchOS 7.1 by applyi...

CVE-2020-27916

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution...

CVE-2020-27927

CVE-2020-27927 is an Apple font-parsing vulnerability. The issue is described as an out-of-bounds write in the FontParser component that processes malicious font files, leading to arbitrary code execution. Affected platforms include macOS Big Sur 11.0.1 and iOS 14.2 / iPadOS 14.2, tvOS 14.2, and ...

CVE-2020-27925

CVE-2020-27925 affects CallKit in iOS 14.2 / iPadOS 14.2. An issue in handling incoming calls allowed a user to answer two calls simultaneously without indication. Root cause: inadequate state handling; fix implemented via additional state checks. Remediation: update to iOS 14.2 / iPadOS 14.2. CV...

CVE-2020-27911

An integer overflow was addressed through improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A remote attacker may be able to cause unexpected application termination or...

CVE-2020-27911

CVE-2020-27911 is a libxml2-related issue addressed by an integer overflow fix via improved input validation. Publicly documented impact indicates potential remote code execution or application termination, but exploitation status is not detailed in the provided materials. Affected platforms incl...

CVE-2020-27912

CVE-2020-27912: A memory-unsafe out-of-bounds write in ImageIO when processing a maliciously crafted image could lead to arbitrary code execution. Public details in the Apple advisory HT211931/HT211929 indicate the issue affected macOS Big Sur (fixed in 11.0.1) and related iOS/watchOS/iPadOS upda...

CVE-2020-27912

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution...

CVE-2020-27909

CVE-2020-27909 affects Apple CoreAudio across Apple platforms (iOS/iPadOS, macOS/iPadOS/tvOS/watchOS) via processing a maliciously crafted audio file. The issue is an out-of-bounds read that was addressed with improved input validation and is fixed in iOS 14.2 and iPadOS 14.2 (also reflected for ...

CVE-2020-27909

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution...

CVE-2020-27910

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution...

CVE-2020-27910

CVE-2020-27910 affects Apple audio handling across macOS Big Sur 11.0.1 and iOS 14.2/iPadOS 14.2 (also tvOS 14.2, watchOS 7.1). The issue is described as an out-of-bounds read in audio processing, mitigated by improved input validation and addressed in the listed updates. Impact per document: pro...

CVE-2020-27905

CVE-2020-27905 is a memory corruption issue addressed by Apple in iOS 14.2, iPadOS 14.2, tvOS 14.2, and watchOS 7.1. The vulnerability could allow a malicious application to execute arbitrary code with system privileges. The NVD entry notes a local attack vector with low attack complexity and use...

CVE-2020-27905

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to execute arbitrary code with system privileges...