CVE-2020-3895

CVE-2020-3895 is a memory corruption vulnerability in WebKit components (WebKitGTK/WebKit2GTK) where processing malicious web content could lead to arbitrary code execution. Affected: WebKitGTK/WebKit2GTK in multiple distros and Apple platforms. Remediation: update to fixed versions (e.g., WebKit...

CVE-2020-3895

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to...

CVE-2020-3899

CVE-2020-3899 affects WebKitGTK/WebKit2GTK (webkitgtk4) up to upstream 2.28.2. A memory consumption issue may allow a remote attacker to execute arbitrary code via crafted web content. Public advisories confirm upgrade requirements: Arch Linux ASA-202004-23 (webkit2gtk before 2.28.2-1), Debian DS...

CVE-2020-3899

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code...

CVE-2020-3899

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code...

CVE-2020-3894

CVE-2020-3894 describes a race condition in WebKit that could allow an application to read restricted memory. The issue affects Apple WebKit-related components across multiple platforms (iOS, iPadOS, tvOS, Safari, and Windows via iTunes/iCloud) and is fixed in iOS 13.4, iPadOS 13.4, tvOS 13.4, Sa...

CVE-2020-3894

A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory...

CVE-2020-3894

A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory...

CVE-2020-3897

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution...

CVE-2020-3897

CVE-2020-3897 is a type confusion in WebKitGTK/WebKit (WebKitGTK4). The issue could allow a remote attacker to cause arbitrary code execution. Public fixes are in upstream WebKit/WebKitGTK4 2.28.2 (and related downstream advisories) and are reflected in vendor-specific updates (e.g., ALAS2-2020-1...

CVE-2020-3897

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution...

CVE-2020-3891

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. A person with physical access to a locked iOS device may be able to respond to messages even when replies are disabled...

CVE-2020-3891

Affected product: Messages component on Apple iOS/iPadOS/watchOS. Issue: A logic issue in state management allowed a person with physical access to a locked device to respond to messages even when replies were disabled. Root cause: logic/state-management flaw in Messages. Impact: could enable rep...

CVE-2020-3885

CVE-2020-3885 describes a logic issue where a file URL may be incorrectly processed in WebKit-related components. The vulnerability is fixed in Apple platforms (iOS 13.4, iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes/Windows 12.10.5, iCloud for Windows 7.18) and in WebKitGTK/WebKit-based stacks. Pu...

CVE-2020-3885

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed...

CVE-2020-3885

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed...

CVE-2020-3887

CVE-2020-3887 is a legitimate vulnerability tied to multiple Apple products. A download origin could be incorrectly associated due to a logic/restrictions handling issue in WebKit-based components. The CVE is addressed in Apple updates: iOS 13.4 / iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for W...

CVE-2020-3887

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download's origin may be incorrectly associated...

CVE-2020-3890

CVE-2020-3890 affects Apple iOS/iPadOS Messages Composition: a logic/deletion issue allowed deleted message groups to be suggested as autocompletion. Root cause: deletion handling in Messages Composition. Impact: potential leakage of deleted content via autocomplete suggestions. Mitigation: patch...

CVE-2020-3890

The issue was addressed with improved deletion. This issue is fixed in iOS 13.4 and iPadOS 13.4. Deleted messages groups may still be suggested as an autocompletion...