Apple Ios 14.2 And Ipados vulnerabilities

CVE-2020-27899 [HIGH] CVE-2020-27899: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-27899 Component: Symptom Framework Impact: A local attacker may be able to elevate their privileges Description: A use after free issue was addressed with improved memory management.

CVE-2020-27916 [HIGH] CVE-2020-27916: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-27916 Component: Audio Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation.

CVE-2020-10017 [HIGH] CVE-2020-10017: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-10017 Component: CoreAudio Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation.

CVE-2020-27909 [HIGH] CVE-2020-27909: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-27909 Component: CoreAudio Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-27927 [HIGH] CVE-2020-27927: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-27927 Component: FontParser Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-9974 [MEDIUM] CVE-2020-9974: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-9974 Component: Kernel Impact: A malicious application may be able to determine kernel memory layout Description: A logic issue was addressed with improved state management.

CVE-2020-10002 [MEDIUM] CVE-2020-10002: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-10002 Component: Foundation Impact: A local user may be able to read arbitrary files Description: A logic issue was addressed with improved state management.

CVE-2020-27935 [MEDIUM] CVE-2020-27935: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-27935 Component: XNU Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: Multiple issues were addressed with improved logic.

CVE-2020-27925 [MEDIUM] CVE-2020-27925: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-27925 Component: CallKit Impact: A user may answer two calls simultaneously without indication they have answered a second call Description: An issue existed in the handling of incoming calls. The issue was addressed with additional state checks.

CVE-2020-13524 [MEDIUM] CVE-2020-13524: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-13524 Component: Model I/O Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-27950 [MEDIUM] CVE-2020-27950: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-27950 Component: Kernel Impact: A malicious application may be able to disclose kernel memory. Apple is aware of reports that an exploit for this issue exists in the wild. Description: A memory initialization issue was addressed.

CVE-2020-27902 [MEDIUM] CVE-2020-27902: iOS 14.2 and iPadOS 14.2 Apple Security Update: About the security content of iOS 14.2 and iPadOS 14.2 Product: iOS 14.2 and iPadOS Version: 14.2 CVE: CVE-2020-27902 Component: Keyboard Impact: A person with physical access to an iOS device may be able to access stored passwords without authentication Description: An authentication issue was addressed with improved state management.