CVE-2020-9974

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to determine kernel memory layout...

CVE-2020-10002

CVE-2020-10002 is a local-privilege issue described as a logic issue that was fixed by improved state management. Affected software includes macOS Big Sur 11.0.1 and other Apple platforms updated with 14.2 or later, notably iOS 14.2, iPadOS 14.2, watchOS 7.1, tvOS 14.2, iCloud for Windows 11.5, a...

CVE-2020-10002

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A local user may be able to read arbitrary files...

CVE-2020-9993

The issue was addressed with improved UI handling. This issue is fixed in watchOS 7.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Visiting a malicious website may lead to address bar spoofing...

CVE-2020-9965

CVE-2020-9965 is an out-of-bounds read in Disk Images that Apple fixes with improved input validation across macOS Big Sur 11.0.1 and related OS versions (watchOS 7.0, tvOS 14.0, iOS/iPadOS 14.0). The bulletin notes that an affected application may be able to execute arbitrary code with kernel pr...

CVE-2020-9965

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges...

CVE-2020-9969

CVE-2020-9969 affects macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. Description from Apple Security Advisories shows an access issue that allowed a local user to view sensitive information, addressed by applying additional sandbox restrictions. The remediation is upgradi...

CVE-2020-9969

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A local user may be able to view senstive user information...

CVE-2020-9988

CVE-2020-9988 is an Apple macOS/iOS/iPadOS issue where a local user could potentially recover or discover another user’s deleted messages due to an insufficient deletion mechanism. The vulnerability is tied to the Messages component and was addressed by improved deletion logic. Apple’s security e...

CVE-2020-9981

CVE-2020-9981 is a use-after-free vulnerability in Apple platforms, with specifics shown across connected docs: Apple’s watchOS 7.0, iOS 14.0 / iPadOS 14.0, tvOS 14.0, macOS Catalina 10.15.7, and related security updates address the issue by improving memory management. The vulnerability is descr...

CVE-2020-9981

A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave...

CVE-2020-9977

A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to determine a user's open tabs in Safari...

CVE-2020-9977

CVE-2020-9977 involves a validation issue in the entitlement verification for Safari open tabs exposure. According to official Apple advisories, the vulnerability was addressed by improved validation of the process entitlement and is fixed in macOS Big Sur 11.0.1 as well as iOS 14.0 and iPadOS 14...

CVE-2020-9963

CVE-2020-9963 is fixed in macOS Big Sur 11.0.1, iOS 14.0, and iPadOS 14.0. The issue arises from icon-cache handling, where a malicious app could determine whether files exist on the host. The RedHat/Apple documentation attributes the fix to improved handling of icon caches. Practical impact is i...

CVE-2020-9963

The issue was addressed with improved handling of icon caches. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious app may be able to determine the existence of files on the computer...

CVE-2020-9949

CVE-2020-9949 is a use-after-free vulnerability reported by Apple, affecting CoreCapture and related macOS/iOS/watchOS components. It could allow arbitrary code execution with kernel/system privileges. Apple patched this in macOS Big Sur 11.0.1, macOS Catalina 10.15.6 (and Security Update 2020-00...

CVE-2020-9972

CVE-2020-9972 describes a buffer overflow in processing a malicious USD file that affects Apple devices. Root cause: memory handling issue; impact: may terminate the affected app or allow arbitrary code execution. Fix: Apple addressed in iOS 14.0 and iPadOS 14.0. Additional context from connected...

CVE-2020-9972

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution...

CVE-2020-9943

CVE-2020-9943 is an out-of-bounds read in Apple’s Audio stack (CoreAudio) that could allow a malicious app to read restricted memory. It was addressed by improved bounds checking and memory handling. The fixed versions include macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0, watchOS 7.0, and tvOS ...

CVE-2020-9943

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A malicious application may be able to read restricted memory...