CVE-2020-9870
published 2020-10-16CVE-2020-9870: A logic issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. An attacker with…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
A logic issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. An attacker with memory write capability may be able to bypass pointer authentication codes and run arbitrary code.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | >= unspecified < iOS 13.6 and iPadOS 13.6 | iOS 13.6 and iPadOS 13.6 |
| apple | ipados | < 13.6 | 13.6 |
| apple | iphone_os | < 13.6 | 13.6 |
| apple | mac_os_x | < 10.15.6 | 10.15.6 |
| apple | macos | >= unspecified < macOS Catalina 10.15.6 | macOS Catalina 10.15.6 |
| apple | macos_catalina_10.15.6_security_update_2020-004_mojave_security_update_2020-004 | — | — |
| apple | tvos | < 13.4.8 | 13.4.8 |
| apple | tvos | >= unspecified < tvOS 13.4.8 | tvOS 13.4.8 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck8.8HIGH