CVE-2020-9895

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected...

CVE-2020-9895

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected...

CVE-2020-9894

CVE-2020-9894 affects WebKit in Windows 10+ (via Microsoft Store) with an out-of-bounds read addressed by improved input validation. Impact: remote termination or arbitrary code execution. Remediation: apply the relevant Apple/Safari security updates (Safari 13.1.2; iOS 13.6/iPadOS 13.6; Safari m...

CVE-2020-9894

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected applicati...

CVE-2020-9893

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected...

CVE-2020-9889

The CVE-2020-9889 entry concerns an out-of-bounds write issue in Apple audio processing that could allow arbitrary code execution when parsing a maliciously crafted audio file. Technical details from connected sources specify this affects multiple Apple platforms (iOS, iPadOS, macOS, tvOS, watchO...

CVE-2020-9888

CVE-2020-9888 affects Apple OS components handling audio on iOS/iPadOS, macOS, tvOS, and watchOS. The root cause is an out-of-bounds read vulnerability in audio processing, mitigated by improved bounds checking. Impact described as potential arbitrary code execution when processing a maliciously ...

CVE-2020-9885

CVE-2020-9885 concerns iMessage tapbacks handling. The issue allowed a removed user from an iMessage group to rejoin the group, and Apple fixed it by adding verification. Affected platforms include iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, and watchOS 6.2.8. Remediation is to...

CVE-2020-9885

An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A user that is removed from an iMessage group could rejoin the group...

CVE-2020-9878

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution...

CVE-2020-9878

CVE-2020-9878 is an Apple Model I/O USD file processing buffer overflow vulnerability. It affects macOS Catalina (10.15.x), iOS 13.6, iPadOS 13.6, tvOS 13.4.8, and watchOS 6.2.8. Processing a malicious USD file could cause an app to terminate or execute arbitrary code. Apple fixed the issue in th...

CVE-2020-9870

CVE-2020-9870 is a WebKit/JavaScriptCore-related logic issue that allowed bypassing exploit mitigations (StructureID randomization, the Gigacage, and PAC/APRR) to achieve arbitrary memory read/write. The published material describes bypassing StructureID checks via crafted JSArray/JSCell headers,...

CVE-2020-9865

A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to break out of its sandbox...

CVE-2020-9865

The CVE-2020-9865 issue is an Apple memory-corruption vulnerability that was mitigated by removing the vulnerable code. It affects multiple Apple platforms and versions: iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, and watchOS 6.2.8. The risk described is that a malicious applic...

CVE-2020-9862

A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web...

CVE-2020-9862

The CVE-2020-9862 entry concerns a command injection vulnerability in Web Inspector (WebKit Web Inspector). The root cause is inadequate escaping when copying a URL from Web Inspector, enabling a potential command injection path. Affected components: Web Inspector/WebKit implementations used in A...

CVE-2020-9862

A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web...

CVE-2020-9934 - macOS Transparency, Consent, and Control (TCC) Framework bypass

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information. Recent assessments: busterb at August 03, 2020 10:42p...

CVE-2020-9907

A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An application may be able to execute arbitrary code with kernel privileges. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

PT-2020-20839 · Apple · Macos Catalina +4

Name of the Vulnerable Software and Affected Versions: Apple iOS versions prior to 13.6 Apple iPadOS versions prior to 13.6 Apple macOS Catalina versions prior to 10.15.6 Apple tvOS versions prior to 13.4.8 Apple watchOS versions prior to 6.2.8 Description: An out-of-bounds write issue was...