CVE-2020-3857

CVE-2020-3857 is a memory corruption issue in Apple OS components that is fixed in iOS 13.3.1/iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, and watchOS 6.1.2. The description states an application may be able to execute arbitrary code with system privileges due to improved memory handling. ...

CVE-2020-3858

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges...

CVE-2020-3873

This issue was addressed with improved setting propagation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Turning off "Load remote content in messages” may not apply to all mail previews...

CVE-2020-3878

CVE-2020-3878 is an out-of-bounds read vulnerability in Apple’s ImageIO component. According to Apple security updates, it affects iOS 13.5/iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes for Windows, and iCloud for Windows; processing a maliciously crafted image may lead ...

CVE-2020-3870

CVE-2020-3870 relates to an out-of-bounds read in ImageIO that could allow arbitrary code execution when processing a maliciously crafted image. Apple fixed this via input-validation improvements and OS updates including iOS 13.3.1/iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, and watchOS 6...

CVE-2020-3860

CVE-2020-3860 is a memory corruption issue in Apple’s kernel that could allow an attacker to execute arbitrary code with kernel privileges. Root cause: memory corruption due to improper input handling. Affected: Apple devices running iOS 13.x (fixed in iOS 13.3.1 and iPadOS 13.3.1) and watchOS 6....

CVE-2020-3862

A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service...

CVE-2020-3868

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to...

CVE-2020-3867

CVE-2020-3867 is a WebKitGTK/WebKit vulnerability categorized as a logic issue in state management that could enable universal cross-site scripting when processing malicious web content. According to the documents, the issue affects WebKitGTK/WebKit components (notably webkitgtk4) and was fixed i...

CVE-2020-3862

CVE-2020-3862 is a denial-of-service issue affecting WebKit/Safari in Apple ecosystems. The vulnerability stems from memory handling in WebKit that could be triggered by visiting a malicious website, potentially impacting availability. Apple fixed this in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1...

CVE-2020-3867

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site...

CVE-2020-3868

CVE-2020-3868 involves multiple memory corruption issues that are fixed by improved memory handling. The public advisories indicate the vulnerability could allow arbitrary code execution when processing malicious web content. The documented fixes show updates across Apple platforms: iOS 13.3.1 an...

CVE-2020-3865

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to...

CVE-2020-3867

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site...

CVE-2020-3862

A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service...

CVE-2020-3837

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges...

CVE-2020-3840

An off by one issue existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1. Loading a maliciously crafted racoon configuration file may lead to...

CVE-2020-3828

A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. A person with physical access to an iOS device may be able to access contacts from the lock screen...

CVE-2020-3826

CVE-2020-3826 is an out-of-bounds read in Apple’s ImageIO image processing. Processing a maliciously crafted image may lead to arbitrary code execution. Fixed in iOS 13.3.1 / iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2, and corresponding Apple platform updates; iTunes/iCloud...

CVE-2020-3844

CVE-2020-3844 affects Apple iOS/iPadOS Messages: after a user is removed from an iMessage conversation, an attacker may still alter the state of that conversation. This is tied to the Messages component and was fixed by Apple in iOS 13.3.1 / iPadOS 13.3.1 through improved checks and state handlin...