CVE-2020-27902

An authentication issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2. A person with physical access to an iOS device may be able to access stored passwords without authentication...

CVE-2020-27902

CVE-2020-27902 is an Apple iOS/iPadOS vulnerability describing an authentication issue where a user with physical access could access stored passwords without authentication. Apple fixed this issue in iOS 14.2 and iPadOS 14.2 by improving state management. The CVE appears under Keyboard in the Ap...

CVE-2020-10017

CVE-2020-10017 is an out-of-bounds write in Apple's audio handling that could allow arbitrary code execution. Apple’s advisories (HT211929/HT211930) state the issue affects CoreAudio across macOS Big Sur 11.0.x and iOS/iPadOS 14.2 (also tvOS 14.2 and watchOS 7.1), with fixed patches in those OS u...

CVE-2020-10017

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution...

CVE-2020-10016

CVE-2020-10016 is a memory corruption issue addressed via improved state management. It is fixed in macOS Big Sur 11.0.1, iOS 14.2 / iPadOS 14.2, tvOS 14.2, and watchOS 7.1, with potential for arbitrary code execution with kernel privileges as described by Apple advisories and related Red Hat enr...

CVE-2020-10011

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted USD file may lead to unexpected application terminati...

CVE-2020-10011

CVE-2020-10011: An out-of-bounds read vulnerability was fixed by improved bounds checking when processing a maliciously crafted USD file. Affected platforms include iOS 14.2, iPadOS 14.2, macOS Catalina 10.15.7, and Security Update 2020-005 for High Sierra and Mojave. Exploitation could lead to u...

CVE-2020-10003

CVE-2020-10003 affects Apple platforms via a vulnerability in the path validation logic for symlinks, enabling a local privilege escalation. It is fixed in macOS Big Sur 11.0.1, iOS 14.2/iPadOS 14.2, tvOS 14.2, and watchOS 7.1 through improved path sanitization. Affected components are tied to Cr...

CVE-2020-10003

An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges...

CVE-2020-10004

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution...

CVE-2020-10004

CVE-2020-10004 is a logic-issue vulnerability fixed in Apple OS updates: macOS Big Sur 11.0.1, iOS 14.2, and iPadOS 14.2. The issue arises from improved state management and may allow an attacker to cause an application to terminate unexpectedly or execute arbitrary code when a maliciously crafte...

CVE-2020-10013

CVE-2020-10013 is a kernel-privilege escalation tied to a logic issue addressed by Apple in tvOS 14.0, iOS 14.0 and iPadOS 14.0. The issue is described as a logic/state-management defect that could allow an application to execute arbitrary code with kernel privileges. Apple’s advisories (HT211843...

CVE-2020-10013

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges...

CVE-2020-10010

CVE-2020-10010 describes a path handling issue that affects macOS and related Apple OS components, with a local attacker able to elevate privileges due to insufficient path validation. The issue is addressed by improved validation in the code paths involved, and is fixed in Apple platforms as fol...

CVE-2020-10010

A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges...

CVE-2020-9996

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to elevate privileges...

CVE-2020-9996

CVE-2020-9996 is a use-after-free memory-management issue that Apple addressed; the public description states it could allow a malicious app to gain elevated privileges. Apple’s security updates for macOS Big Sur 11.0.1 and iOS/iPadOS 14.0 (HT211931) list this CVE among fixes, indicating a patch ...

CVE-2020-9989

CVE-2020-9989 is a local information‑disclosure issue in Apple Messages where a local user may discover another user’s deleted messages. The CVE entry is represented in Apple advisories for macOS Big Sur 11.0.1 and relevant iOS/iPadOS/watchOS updates, with the issue described as fixed by improved...

CVE-2020-9989

The issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages...

CVE-2020-9974

CVE-2020-9974 is a kernel-level logic issue in the XNU kernel that could allow a malicious app to determine kernel memory layout. Apple fixed it by improved state management, with patches in macOS Big Sur 11.0.1 and iOS/iPadOS 14.2 (as well as tvOS/watchOS updates per HT211930/HT211929).