CVE-2020-3919

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges...

CVE-2020-3910

A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2...

CVE-2020-3917

CVE-2020-3917 affects Apple platforms (iOS 13.4/iPadOS 13.4, tvOS 13.4, watchOS 6.2). A local application could use an SSH client via private frameworks due to an entitlement issue; Apple addressed this with a new entitlement and patched versions. Public references indicate the vulnerability is f...

CVE-2020-3914

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to read restricted memory...

CVE-2020-3911

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2...

CVE-2020-3916

An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. Setting an alternate app icon may disclose a photo without needing permission to access photos...

CVE-2020-3916

Apple fixed CVE-2020-3916 in watchOS 6.2, iOS 13.4 and iPadOS 13.4 by tightening sandbox restrictions. The vulnerability could let an attacker use an alternate app icon to disclose a photo without requiring photo permissions, via the Icons component on Apple Watch/iOS/iPadOS. Reported as an acces...

CVE-2020-3913

CVE-2020-3913 affects Apple platforms (CoreFoundation). A permissions issue allowed a malicious app to elevate privileges. Fixed in iOS 13.4/iPadOS 13.4, macOS Catalina 10.15.4, watchOS 6.2. Connected Apple advisories (HT211100/HT211102/HT211103) confirm the remediation and provide affected famil...

CVE-2020-3909

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2...

CVE-2020-3909

CVE-2020-3909 is a buffer overflow in libxml2 described across Apple advisories as part of multiple libxml2 issues remediated in Apple OS updates. Public details confirm affected platforms include macOS High Sierra 10.13.6, macOS Mojave 10.14.6, and macOS Catalina 10.15.3, with Apple stating fixe...

CVE-2020-3902

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site...

CVE-2020-3902

CVE-2020-3902 is a cross-site scripting (XSS) issue tied to improper input validation in WebKit components. Public mentions cover WebKitGTK+ (Debian/ALSA CentOS advisories) and Apple WebKit entries, all describing processing of malicious web content leading to XSS. The Debian advisory notes the f...

CVE-2020-3902

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site...

CVE-2020-3901

CVE-2020-3901 is a WebKit type-confusion vulnerability addressed by Apple in iOS 13.4 / iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, and related Apple software. The initial description notes a memory-handling related type confusion that could allow arbitrary code execution when processing ma...

CVE-2020-3901

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrar...

CVE-2020-3901

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrar...

CVE-2020-3900

CVE-2020-3900 is a memory corruption vulnerability in WebKitGTK/WebKitGTK+ (WebKit) that may allow arbitrary code execution when processing maliciously crafted web content. The connected advisories confirm affected components (WebKitGTK4/WebKit2GTK) and remediations: upgrading to WebKitGTK4 2.28....

CVE-2020-3900

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to...

CVE-2020-3900

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to...

CVE-2020-3895

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to...