CVE-2020-3838

CVE-2020-3838 affects Apple platforms with a local-privilege escalation via improved permissions logic. The issue allows an application to execute arbitrary code with system/kernel privileges. Fixed in iOS 13.3.1/iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, and watchOS 6.1.2. Connected doc...

CVE-2020-3838

The issue was addressed with improved permissions logic. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with system privileges...

CVE-2020-3859

CVE-2020-3859 describes an inconsistent user interface issue in iOS that could allow a person with physical access to an iPhone or iPad to access contacts from the lock screen. The root cause is stated as ineffective state management; Apple fixed this in iOS 13.3.1 / iPadOS 13.3.1. The Apple advi...

CVE-2020-3842

CVE-2020-3842 is a memory corruption vulnerability affecting Apple platforms (iOS, iPadOS, macOS, tvOS, watchOS) that can allow an application to execute arbitrary code with kernel privileges. The issue is fixed in iOS 13.3.1 / iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, and watchOS 6.1.2...

CVE-2020-3840

CVE-2020-3840 describes an off-by-one error in the handling of racoon configuration files within IPSec-related components. The underlying issue arises from improper bounds checking, which could allow a maliciously crafted racoon config to trigger arbitrary code execution. Apple and Red Hat record...

CVE-2020-3842

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges...

CVE-2020-3831

CVE-2020-3831 describes a race condition in the Apple kernel that could allow an application to execute arbitrary code with kernel privileges. The issue was fixed in iOS 13.3.1 and iPadOS 13.3.1 through improved locking, as documented by Apple (HT210918). Connected entries corroborate a kernel‑le...

CVE-2020-3829

CVE-2020-3829 corresponds to an out-of-bounds read fixed by Apple across multiple platforms. The Apple advisories show the vulnerability contributing to elevated-privilege risk and are mitigated by updates: iOS 13.3.1, iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, and watchOS 6.1.2. In the ...

CVE-2020-3844

This issue was addressed with improved checks. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Users removed from an iMessage conversation may still be able to alter state...

CVE-2020-3859

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. A person with physical access to an iOS device may be able to access contacts from the lock screen...

CVE-2020-3825

CVE-2020-3825 concerns memory corruption in WebKit-based components used by Apple Safari/WebKit across multiple platforms. The Initial document notes that processing maliciously crafted web content may lead to arbitrary code execution. Affected products/areas (from Apple advisories) include Safar...

CVE-2020-3825

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to...

CVE-2020-3841

CVE-2020-3841 affects Safari Login AutoFill. The issue, tied to UI handling, allowed a local user to send a password unencrypted over the network. Apple fixed this with Safari 13.0.5 and iOS/iPadOS 13.3.1 (and related security content), addressing the vulnerability by improved input/UI handling. ...

CVE-2020-3837

CVE-2020-3837 is an Apple memory-corruption issue fixed in iOS 13.3.1, iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, and watchOS 6.1.2, with potential to run arbitrary code with kernel privileges. Connected analysis documents reveal concrete Android exploitation research tied to this CVE fa...

CVE-2020-3831

A race condition was addressed with improved locking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges...

CVE-2020-3837

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges. Recent assessments: Assessed Attacker Value:...

CVE-2020-3865

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to...

CVE-2020-3867

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site...

CVE-2020-3864

A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin...

CVE-2020-3862

A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service...