Apple iOS vulnerabilities

CVE-2020-3910 [CRITICAL] CWE-120 CVE-2020-3910: A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.4 and i A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.

CVE-2020-9768 [HIGH] CWE-416 CVE-2020-9768: A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13. A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to execute arbitrary code with system privileges.

CVE-2020-3901 [HIGH] CWE-843 CVE-2020-3901: A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2020-3899 [HIGH] CVE-2020-3899: A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 1 A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.

CVE-2020-3897 [HIGH] CWE-843 CVE-2020-3897: A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.

CVE-2020-3900 [HIGH] CWE-787 CVE-2020-3900: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2020-9785 [HIGH] CWE-787 CVE-2020-9785: Multiple memory corruption issues were addressed with improved state management. This issue is fixed Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges.

CVE-2020-3895 [HIGH] CWE-787 CVE-2020-3895: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13 A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2020-3883 [HIGH] CVE-2020-3883: This issue was addressed with improved checks. This issue is fixed in iOS 13.4 and iPadOS 13.4, macO This issue was addressed with improved checks. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to use arbitrary entitlements.

CVE-2020-3919 [HIGH] CWE-665 CVE-2020-3919: A memory initialization issue was addressed with improved memory handling. This issue is fixed in iO A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges.

CVE-2020-9783 [HIGH] CWE-416 CVE-2020-9783: A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13. A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to code execution.

CVE-2020-3913 [HIGH] CVE-2020-3913: A permissions issue existed. This issue was addressed with improved permission validation. This issu A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, watchOS 6.2. A malicious application may be able to elevate privileges.

CVE-2020-9781 [MEDIUM] CWE-281 CVE-2020-9781: The issue was addressed by clearing website permission prompts after navigation. This issue is fixed The issue was addressed by clearing website permission prompts after navigation. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user may grant website permissions to a site they didn't intend to.

CVE-2020-9777 [MEDIUM] CVE-2020-9777: An issue existed in the selection of video file by Mail. The issue was fixed by selecting the latest An issue existed in the selection of video file by Mail. The issue was fixed by selecting the latest version of a video. This issue is fixed in iOS 13.4 and iPadOS 13.4. Cropped videos may not be shared properly via Mail.

CVE-2020-3887 [MEDIUM] CVE-2020-3887: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 1 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download's origin may be incorrectly associated.

CVE-2020-3902 [MEDIUM] CWE-79 CVE-2020-3902: An input validation issue was addressed with improved input validation. This issue is fixed in iOS 1 An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack.

CVE-2020-3916 [MEDIUM] CVE-2020-3916: An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. Setting an alternate app icon may disclose a photo without needing permission to access photos.

CVE-2020-9775 [MEDIUM] CWE-665 CVE-2020-9775: An issue existed in the handling of tabs displaying picture in picture video. The issue was correcte An issue existed in the handling of tabs displaying picture in picture video. The issue was corrected with improved state handling. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user's private browsing activity may be unexpectedly saved in Screen Time.

CVE-2020-9770 [MEDIUM] CVE-2020-9770: A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPad A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic.

CVE-2020-3890 [MEDIUM] CVE-2020-3890: The issue was addressed with improved deletion. This issue is fixed in iOS 13.4 and iPadOS 13.4. Del The issue was addressed with improved deletion. This issue is fixed in iOS 13.4 and iPadOS 13.4. Deleted messages groups may still be suggested as an autocompletion.