Apple Ios 14.2 And Ipados vulnerabilities

CVE-2020-27908 [HIGH] CVE-2020-27908: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-27908 Component: CoreAudio Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-27918 [HIGH] CVE-2020-27918: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-27918 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management.

CVE-2020-10004 [HIGH] CVE-2020-10004: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-10004 Component: Model I/O Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management.

CVE-2020-27917 [HIGH] CVE-2020-27917: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-27917 Component: Keyboard Impact: A person with physical access to an iOS device may be able to access stored passwords without authentication Description: An authentication issue was addressed with improved state management.

CVE-2020-10016 [HIGH] CVE-2020-10016: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-10016 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management.

CVE-2020-27905 [HIGH] CVE-2020-27905: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-27905 Component: IOAcceleratorFamily Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved state management.

CVE-2020-10011 [HIGH] CVE-2020-10011: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-10011 Component: Model I/O Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-27926 [HIGH] CVE-2020-27926: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-27926 Component: Keyboard Impact: A person with physical access to an iOS device may be able to access stored passwords without authentication Description: An authentication issue was addressed with improved state management.

CVE-2020-27932 [HIGH] CVE-2020-27932: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-27932 Component: Kernel Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild. Description: A type confusion issue was addressed with improved state handling.

CVE-2020-10003 [HIGH] CVE-2020-10003: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-10003 Component: Crash Reporter Impact: A local attacker may be able to elevate their privileges Description: An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization.

CVE-2020-27930 [HIGH] CVE-2020-27930: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-27930 Component: FontParser Impact: Processing a maliciously crafted font may lead to arbitrary code execution. Apple is aware of reports that an exploit for this issue exists in the wild. Description: A memory corruption issue was addressed with improved input validation.

CVE-2020-27922 [HIGH] CVE-2020-27922: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-27922 Component: CoreText Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A logic issue was addressed with improved state management.

CVE-2020-27910 [HIGH] CVE-2020-27910: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-27910 Component: Audio Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-27911 [HIGH] CVE-2020-27911: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-27911 Component: Keyboard Impact: A person with physical access to an iOS device may be able to access stored passwords without authentication Description: An authentication issue was addressed with improved state management.

CVE-2020-27912 [HIGH] CVE-2020-27912: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-27912 Component: ImageIO Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation.

CVE-2020-27923 [HIGH] CVE-2020-27923: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-27923 Component: ImageIO Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation.

CVE-2020-9897 [HIGH] CVE-2020-9897: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-9897 Component: CoreGraphics Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation.

CVE-2020-10010 [HIGH] CVE-2020-10010: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-10010 Component: Logging Impact: A local attacker may be able to elevate their privileges Description: A path handling issue was addressed with improved validation.

CVE-2020-27924 [HIGH] CVE-2020-27924: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-27924 Component: ImageIO Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-27920 [HIGH] CVE-2020-27920: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-27920 Component: Keyboard Impact: A person with physical access to an iOS device may be able to access stored passwords without authentication Description: An authentication issue was addressed with improved state management.