CVE-2020-9895 — Use After Free in Apple Icloud FOR Windows

CWE-416 — Use After Free12 documents9 sources

Severity

9.8CRITICALNVD

EPSS

2.9%

top 13.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Icloud FOR Windows Apple IOS Apple Itunes FOR Windows +7 more

Timeline

PublishedOct 16

Latest updateMay 24

Description

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages13 packages

▶CVEListV5apple/icloud_for_windowsunspecified — iCloud for Windows 11.3+1

▶CVEListV5apple/itunes_for_windowsunspecified — iTunes 12.10.8 for Windows

▶NVDapple/icloud11.0 — 11.3+1

▶CVEListV5apple/tvosunspecified — tvOS 13.4.8

▶NVDapple/tvos< 13.4.8

🔴Vulnerability Details

GHSA

GHSA-j4v5-6jrm-p9fx: A use after free issue was addressed with improved memory management↗2022-05-24

▶

CVEList

CVE-2020-9895: A use after free issue was addressed with improved memory management↗2020-10-16

▶

OSV

CVE-2020-9895: A use after free issue was addressed with improved memory management↗2020-10-16

▶

📋Vendor Advisories

Ubuntu

WebKitGTK vulnerabilities↗2020-08-03

▶

Red Hat

webkitgtk: Use-after-free may lead to application termination or arbitrary code execution↗2020-07-29

▶

Apple

CVE-2020-9895: watchOS 6.2.8↗2020-07-15

▶

Apple

CVE-2020-9895: iOS 13.6 and iPadOS 13.6↗2020-07-15

▶

Apple

CVE-2020-9895: tvOS 13.4.8↗2020-07-15

▶

💬Community

Bugzilla

CVE-2020-9895 webkitgtk: Use-after-free may lead to application termination or arbitrary code execution↗2020-09-16

▶