CVE-2020-3901

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrar...

CVE-2020-9785

Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges...

CVE-2020-9785

CVE-2020-9785 affects Apple platforms including iOS 13.4, iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, and watchOS 6.2. The issue is described as multiple memory corruption problems addressed with improved state management, enabling a malicious application to potentially execute arbitrary code...

CVE-2020-9783

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to code execution...

CVE-2020-9783

CVE-2020-9783 is confirmed with concrete details in connected documents: a use-after-free vulnerability in WebKit-related processing of malicious web content that can lead to code execution. Apple states this was addressed with memory-management improvements and lists affected products/versions: ...

CVE-2020-9780

The issue was resolved by clearing application previews when content is deleted. This issue is fixed in iOS 13.4 and iPadOS 13.4. A local user may be able to view deleted content in the app switcher...

CVE-2020-9780

CVE-2020-9780 affects Apple iOS/iPadOS Mail: a local attacker may view deleted content in the app switcher due to previews not being cleared when content is deleted. Root cause: previews weren’t cleared, allowing visibility of deleted mail content in the app switcher. Impact is limited to a local...

CVE-2020-9781

The issue was addressed by clearing website permission prompts after navigation. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user may grant website permissions to a site they didn't intend to...

CVE-2020-9781

CVE-2020-9781 affects Safari on iOS/iPadOS. Issue: a user may grant website permissions to a site they didn’t intend due to prompt handling; root cause relates to permission prompts not being cleared properly after navigation. Impact stated as potential unintended permission grants; exploits not ...

CVE-2020-9773

CVE-2020-9773 describes an information disclosure in iOS/iPadOS 14.0 where a malicious app may identify other installed apps. The issue is stated to be mitigated by improved handling of icon caches and is fixed in iOS 14.0 and iPadOS 14.0. Connected sources corroborate the effect and resolution, ...

CVE-2020-9773

The issue was addressed with improved handling of icon caches. This issue is fixed in iOS 14.0 and iPadOS 14.0. A malicious application may be able to identify what other applications a user has installed...

CVE-2020-9770

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic...

CVE-2020-9770

The CVE-2020-9770 issue is a logic/state-management bug in Bluetooth handling on Apple devices. According to sources, it allows a user in a privileged network position to intercept Bluetooth traffic, and Apple fixed it in iOS 13.4/iPadOS 13.4 (see Apple HT211102). Remediation is to update to the ...

CVE-2020-9777

CVE-2020-9777 affects Apple’s Mail Attachments component in iOS/iPadOS. The issue is described as a problem in the selection of video files by Mail, which could cause cropped videos to be shared improperly. The vulnerability is addressed by Apple in iOS 13.4 and iPadOS 13.4, where the fix involve...

CVE-2020-9777

An issue existed in the selection of video file by Mail. The issue was fixed by selecting the latest version of a video. This issue is fixed in iOS 13.4 and iPadOS 13.4. Cropped videos may not be shared properly via Mail...

CVE-2020-9775

CVE-2020-9775 affects Safari on iOS/iPadOS; root cause: incorrect handling of tabs displaying picture-in-picture video, leading to potentially exposing a user’s private browsing activity to Screen Time. Apple fixed this in iOS 13.4 and iPadOS 13.4 via improved state handling; remediation is to up...

CVE-2020-9775

An issue existed in the handling of tabs displaying picture in picture video. The issue was corrected with improved state handling. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user's private browsing activity may be unexpectedly saved in Screen Time...

CVE-2020-9768

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to execute arbitrary code with system privileges...

CVE-2020-9768

CVE-2020-9768 is a use-after-free vulnerability in Apple’s Image Processing component that affects iOS 13.4 and iPadOS 13.4 (and related platforms tvOS 13.4, watchOS 6.2). The issue allows an application to execute arbitrary code with system privileges due to memory handling deficiencies; Apple n...

CVE-2020-3919

CVE-2020-3919 corresponds to a memory initialization issue in Apple IOHIDFamily that could allow a malicious application to execute arbitrary code with kernel privileges. Concrete details in connected documents show the vulnerability affecting Apple platforms and components across multiple OS lin...