CVE-2020-3897 — Type Confusion in Apple Icloud FOR Windows

CWE-843 — Type Confusion7 documents7 sources

Severity

8.8HIGHNVD

EPSS

2.5%

top 14.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Icloud FOR Windows Apple IOS Apple Itunes FOR Windows +7 more

Timeline

PublishedApr 1

Latest updateMay 24

Description

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages13 packages

▶CVEListV5apple/icloud_for_windowsunspecified — iCloud for Windows 10.9.3+1

▶CVEListV5apple/itunes_for_windowsunspecified — iTunes for Windows 12.10.5

▶NVDapple/icloud10.0.0 — 10.9.3+1

▶CVEListV5apple/tvosunspecified — tvOS 13.4

▶NVDapple/tvos< 13.4

🔴Vulnerability Details

GHSA

GHSA-gqfj-ph97-xjrx: A type confusion issue was addressed with improved memory handling↗2022-05-24

▶

CVEList

CVE-2020-3897: A type confusion issue was addressed with improved memory handling↗2020-04-01

▶

OSV

CVE-2020-3897: A type confusion issue was addressed with improved memory handling↗2020-04-01

▶

📋Vendor Advisories

Red Hat

webkitgtk: Type confusion leading to arbitrary code execution↗2020-04-27

▶

Debian

CVE-2020-3897: webkit2gtk - A type confusion issue was addressed with improved memory handling. This issue i...↗2020

▶

💬Community

Bugzilla

CVE-2020-3897 webkitgtk: Type confusion leading to arbitrary code execution↗2020-09-07

▶