Code injection

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code...

Cross site scripting

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to cause arbitrary code execution...

CVE-2020-9850

CVE-2020-9850 is a WebKit logic issue that allowed arbitrary code execution in affected Apple products (iOS 13.5, iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes/iCloud Windows) and upstream WebKit/WebKitGTK. The issue was fixed in WebKit/WebKitGTK versions released around 2020 (Ap...

CVE-2020-9850

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution...

CVE-2020-9850

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution...

CVE-2020-9843

CVE-2020-9843 is a WebKit/WebKitGTK issue described as an input validation weakness that may lead to cross-site scripting when processing malicious web content. The vulnerability is documented across multiple platforms: Apple: WebKit-related entries in iOS 13.5/iPadOS 13.5/watchOS 6.2.5/Safari 13...

CVE-2020-9843

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to ...

CVE-2020-9843

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to ...

CVE-2020-9843

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to ...

CVE-2020-9848

An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5. A person with physical access to an iOS device may be able to view notification contents from the lockscreen...

CVE-2020-9848

CVE-2020-9848 affects Apple iOS/iPadOS notifications: an authorization issue fixed in iOS 13.5 / iPadOS 13.5 due to improved state management. A person with physical access to an iOS device could potentially view notification contents from the lockscreen. The issue is documented across multiple s...

CVE-2020-9844

A double free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory...

CVE-2020-9844

CVE-2020-9844 — Apple OS family : A double-free memory-management issue was fixed in iOS 13.5, iPadOS 13.5, and macOS Catalina 10.15.5. The vulnerability could allow a remote attacker to cause a denial of service or potentially corrupt kernel memory. Affected products include iPhone/iPad/macOS pl...

CVE-2020-9838

CVE-2020-9838 is supported by connected Apple advisories: it is an out-of-bounds read in the Bluetooth component of iOS/iPadOS fixed in 13.5. The Apple bulletin notes a remote attacker could cause arbitrary code execution, and remediation is to update to iOS 13.5/iPadOS 13.5. Other sources corrob...

CVE-2020-9838

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to cause arbitrary code execution...

CVE-2020-9842

An entitlement parsing issue was addressed with improved parsing. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application could interact with system processes to access private information and perform privileged actions...

CVE-2020-9842

CVE-2020-9842 is an entitlement parsing issue in Apple's OS stack. The vulnerability arises when parsing entitlements, allowing a malicious application to interact with system processes and potentially access private information or perform privileged actions. The issue has concrete fixes across m...

CVE-2020-9837

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. A remote attacker may be able to leak memory...

CVE-2020-9839

A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges...

CVE-2020-9839

CVE-2020-9839 is a race-condition vulnerability across Apple platforms that was fixed by state-handling improvements. Public details show impact as potential privilege escalation. Fixes were released in iOS/iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, and watchOS 6.2.5, with System Preferenc...