CVE-2020-9940

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution...

CVE-2020-9938

CVE-2020-9938: An out-of-bounds read was addressed with improved input validation. Affects Apple platforms and apps processing images: iOS/iPadOS 13.6, macOS Catalina 10.15.x, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3/7.20. Processing a maliciously crafted im...

CVE-2020-9919

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead t...

CVE-2020-9919

CVE-2020-9919 describes a buffer overflow in image processing surfaces across Apple platforms. The issue affects components such as ImageIO and CoreGraphics (and related image-processing paths) and is triggered by processing maliciously crafted images, potentially allowing arbitrary code executio...

CVE-2020-9920

CVE-2020-9920 describes a path handling issue in Apple Mail that could allow a malicious mail server to overwrite arbitrary mail files. The issue is fixed by Apple in iOS 13.6, iPadOS 13.6, macOS Catalina 10.15.6, and watchOS 6.2.8, addressing improper validation of mail file handling. NVD metada...

CVE-2020-9920

A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A malicious mail server may overwrite arbitrary mail files...

CVE-2020-9902

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to determine kernel memory layout...

CVE-2020-9902

CVE-2020-9902 is an out-of-bounds read vulnerability in Apple’s kernel component that could allow a malicious app to determine the kernel memory layout. The issue is fixed in iOS 13.6, iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, and watchOS 6.2.8. Connected Apple advisories cite kernel memo...

CVE-2020-9904

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges...

CVE-2020-9904

CVE-2020-9904 is a memory corruption vulnerability in Apple kernel-related components that could allow an attacker to execute arbitrary code with kernel privileges. The issue was mitigated by improved state management and is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, ...

CVE-2020-9906

CVE-2020-9906 (Apple iOS/macOS/watchOS) - AWDL SyncTree TLV heap overflow, remote kernel impact The issue arises in the iOS/macOS AWDL kernel parser (IO80211AWDLPeer). The SyncTree TLV (type 0x14) length is validated with a 1024-byte upper bound when TLVs are parsed, but the code copies 6-byte MA...

CVE-2020-9906

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory...

CVE-2020-9901

An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A local attacker may be able to elevate their privileges...

CVE-2020-9901

CVE-2020-9901 – Apple platforms : An issue in the path validation logic for symbolic links allowed local privilege elevation. Apple fixed this by improved path sanitization, with patches in iOS 13.6, iPadOS 13.6, macOS Catalina 10.15.6, and tvOS 13.4.8. The vulnerability is local and requires no ...

CVE-2020-9900

CVE-2020-9900 involves a path validation issue in the symlink handling within Apple’s Crash Reporter pathway affecting multiple Apple OS variants (iOS/iPadOS, macOS, tvOS, watchOS). The root cause is improper path sanitization during symlink validation, enabling a local attacker to elevate privil...

CVE-2020-9898

This issue was addressed with improved entitlements. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A sandboxed process may be able to circumvent sandbox restrictions...

CVE-2020-9898

CVE-2020-9898 affects Apple platforms and is a sandbox bypass issue. According to Apple and Red Hat entries, the vulnerability could allow a sandboxed process to circumvent sandbox restrictions. The CVE is fixed in macOS Catalina 10.15.6 and iOS/iPadOS 13.6, with corresponding Apple advisories (H...

CVE-2020-9892

CVE-2020-9892 affects Apple platforms (iOS, iPadOS, macOS Catalina, tvOS, watchOS). Description: memory corruption issues addressed with improved state management, allowing arbitrary code execution with system/kernel privileges if exploited by a malicious app. Remediation: fixed in iOS 13.6/iPadO...

CVE-2020-9892

Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to execute arbitrary code with system privileges...

CVE-2020-9879

CVE-2020-9879 is an out-of-bounds write in Apple ImageIO that could allow arbitrary code execution when processing a malicious image. The vulnerability is documented across multiple Apple advisories and related Product entries, with fixed versions including iOS 13.6 / iPadOS 13.6, macOS Catalina ...