CVE-2020-9923

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, watchOS 6.2.8. A malicious application may be able to execute arbitrary code with system privileges...

CVE-2020-9923

CVE-2020-9923 affects Apple devices (iOS, iPadOS, watchOS) via a kernel memory‑corruption vulnerability in the kernel components. The issue could allow a local attacker to execute arbitrary code with system/kernel privileges. Apple fixed it in iOS 13.6, iPadOS 13.6, and watchOS 6.2.8 by improving...

CVE-2020-9917

This issue was addressed with improved checks. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may be able to cause a denial of service...

CVE-2020-9917

CVE-2020-9917 affects Apple iOS/iPadOS prior to 13.6 in the WiFi component as listed in the CVE entry. The vulnerability led to a potential denial-of-service and was addressed with improved checks; Apple specifies the fix in iOS 13.6 and iPadOS 13.6. Connected sources also document Apple’s securi...

CVE-2020-9916

A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the...

CVE-2020-9916

CVE-2020-9916 is a WebKit Page Loading vulnerability describing a URL Unicode encoding issue that could allow an attacker to conceal the destination of a URL. According to Apple advisories, this was addressed in Safari/WebKit, with fixes implemented in Safari 13.1.2 and related OS updates (iOS 13...

CVE-2020-9915

CVE-2020-9915 is an access issue in WebKit related to Content Security Policy enforcement. The description notes that processing malicious web content may prevent CSP from being enforced. Public details in connected Apple advisories show the vulnerability affecting WebKit components and being mit...

CVE-2020-9915

An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing...

CVE-2020-9914

An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets...

CVE-2020-9911

CVE-2020-9911 is a logic issue in Safari Reader mode that could allow a remote attacker to bypass the Same Origin Policy. Apple fixes indicate the issue is addressed in iOS 13.6, iPadOS 13.6, and Safari 13.1.2. The initial description confirms a Same Origin bypass risk in Safari Reader; connected...

CVE-2020-9911

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy...

CVE-2020-9910

Multiple issues were addressed with improved logic. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker with arbitrary read and write capability may be able t...

CVE-2020-9910

CVE-2020-9910 is a WebKit-related vulnerability that allowed a malicious attacker with arbitrary read and write capability to bypass Pointer Authentication. Apple's security updates indicate this issue affects iOS/iPadOS (13.6), tvOS (13.4.8), watchOS (6.2.8), Safari (13.1.2), and corresponding W...

CVE-2020-9909

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations...

CVE-2020-9909

CVE-2020-9909 represents an Apple kernel vulnerability: an out-of-bounds read fixed in iOS 13.6 / iPadOS 13.6 / tvOS 13.4.8 / watchOS 6.2.8. Root cause: improved bounds checking in the Kernel component; impact: an attacker who already has kernel code execution could potentially bypass kernel memo...

CVE-2020-9907

A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An application may be able to execute arbitrary code with kernel privileges...

CVE-2020-9907

CVE-2020-9907 is an Apple AVEVideoEncoder-related memory corruption vulnerability. The issue was mitigated by removing the vulnerable code and is fixed in iOS 13.6 and iPadOS 13.6, and tvOS 13.4.8. Apple’s entry documents indicate the impact as an application potentially executing arbitrary code ...

CVE-2020-9903

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. A malicious attacker may cause Safari to suggest a password for the wrong domain...

CVE-2020-9903

CVE-2020-9903 is an Apple-specific issue tied to Safari Login AutoFill. The vulnerability is described as a logic issue where an attacker could cause Safari to suggest a password for the wrong domain. It is fixed in iOS 13.6 and iPadOS 13.6, and Safari 13.1.2. Affected components include Safari L...

CVE-2020-9895

CVE-2020-9895 is a use-after-free in memory management that Apple fixed across multiple platforms. Fixed in iOS 13.6, iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, and iCloud for Windows 11.3/7.20. The issue could allow remote code execution or cause arbitrar...