CVE-2020-9959

CVE-2020-9959 describes a lock-screen vulnerability on iOS/iPadOS that could allow a person with physical access to view notification contents from a locked device. Connected documents confirm the issue was addressed with improved state management and that a fix exists in iOS 14.0/iPadOS 14.0. Af...

CVE-2020-9958

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.0 and iPadOS 14.0. An application may be able to cause unexpected system termination or write kernel memory...

CVE-2020-9958

CVE-2020-9958 is an Apple iOS/iPadOS vulnerability described as an out-of-bounds write that could cause an application to terminate unexpectedly or write to kernel memory. According to connected sources, the issue is addressed in iOS 14.0 and iPadOS 14.0, with Apple’s security content confirming ...

CVE-2020-9952

CVE-2020-9952 refers to an input validation issue that could enable a cross-site scripting (XSS) attack when processing maliciously crafted web content. The official guidance states this was addressed with improved input validation and is fixed in Apple software releases: iOS 14.0 and iPadOS 14.0...

CVE-2020-9952

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack...

CVE-2020-9952

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack...

CVE-2020-9952

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack...

CVE-2020-9946

This issue was addressed with improved checks. This issue is fixed in iOS 14.0 and iPadOS 14.0, watchOS 7.0. The screen lock may not engage after the specified time period...

CVE-2020-9946

CVE-2020-9946 affects Apple devices (iOS/iPadOS/watchOS) where the screen lock may not engage after the specified time period. The issue was addressed with improved checks and is fixed in iOS 14.0 / iPadOS 14.0 and watchOS 7.0. The NVD entry notes a local attack vector with low attack complexity ...

CVE-2020-9936

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may...

CVE-2020-9934

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information...

CVE-2020-9934

CVE-2020-9934 describes a local macOS/TCC bypass via environment-variable poisoning. The root issue is how tccd expands HOME/USER home paths to locate the TCC.db, enabling an attacker with local access to plant a malicious TCC database and alter an app’s entitlements (e.g., microphone/camera) wit...

CVE-2020-9933

An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to read sensitive location information...

CVE-2020-9933

CVE-2020-9933 relates to an authorization issue in Apple’s GeoServices component that could allow a malicious app to read sensitive location information. The vulnerability affects multiple Apple platforms (iOS, iPadOS, tvOS, watchOS) and is addressed by state-management improvements, with patches...

CVE-2020-9931

CVE-2020-9931 is an Apple Bluetooth vulnerability affecting iOS/iPadOS that allows a remote attacker to cause a denial of service. The issue stems from an input-validation deficit in Bluetooth handling, and Apple fixed it in iOS 13.6 and iPadOS 13.6. Connected documents also reference Apple’s HT2...

CVE-2020-9931

A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may cause an unexpected application termination...

CVE-2020-9925

CVE-2020-9925 concerns a logic issue in WebKit that affects Safari/WebKit components across Apple platforms. The vulnerability could allow universal cross-site scripting when processing malicious web content. Apple patched this by updating to iOS 13.6/iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safa...

CVE-2020-9925

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal...

CVE-2020-9925

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal...

CVE-2020-9925

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal...