Apple watchOS vulnerabilities

CVE-2020-9890 [HIGH] CWE-125 CVE-2020-9890: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 a An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.

CVE-2020-9889 [HIGH] CWE-787 CVE-2020-9889: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.

CVE-2020-9910 [HIGH] CVE-2020-9910: Multiple issues were addressed with improved logic. This issue is fixed in iOS 13.6 and iPadOS 13.6, Multiple issues were addressed with improved logic. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

CVE-2020-9893 [HIGH] CWE-416 CVE-2020-9893: A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13. A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

CVE-2020-9976 [MEDIUM] CVE-2020-9976: A logic issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPad A logic issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0. A malicious application may be able to leak sensitive user information.

CVE-2020-9946 [MEDIUM] CWE-667 CVE-2020-9946: This issue was addressed with improved checks. This issue is fixed in iOS 14.0 and iPadOS 14.0, watc This issue was addressed with improved checks. This issue is fixed in iOS 14.0 and iPadOS 14.0, watchOS 7.0. The screen lock may not engage after the specified time period.

CVE-2020-9909 [MEDIUM] CWE-125 CVE-2020-9909: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 a An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.

CVE-2020-9916 [MEDIUM] CVE-2020-9916: A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iO A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the destination of a URL.

CVE-2020-9894 [MEDIUM] CWE-125 CVE-2020-9894: An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

CVE-2020-9925 [MEDIUM] CWE-79 CVE-2020-9925: A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPad A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting.

CVE-2020-9968 [MEDIUM] CVE-2020-9968: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.0 and iPadOS 1 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.7, tvOS 14.0, watchOS 7.0. A malicious application may be able to access restricted files.

CVE-2020-9885 [MEDIUM] CWE-345 CVE-2020-9885: An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verifi An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A user that is removed from an iMessage group could rejoin the group.

CVE-2020-9915 [MEDIUM] CVE-2020-9915: An access issue existed in Content Security Policy. This issue was addressed with improved access re An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy

CVE-2020-9933 [LOW] CVE-2020-9933: An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.6 An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to read sensitive location information.

CVE-2020-29629 [MEDIUM] CVE-2020-29629: watchOS 7.0 Apple Security Update: About the security content of watchOS 7.0 Product: watchOS Version: 7.0 CVE: CVE-2020-29629 Component: FontParser Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-13435 [MEDIUM] CVE-2020-13435: watchOS 7.0 Apple Security Update: About the security content of watchOS 7.0 Product: watchOS Version: 7.0 CVE: CVE-2020-13435 Component: CVE-2020-13435

CVE-2020-29639 [MEDIUM] CVE-2020-29639: watchOS 7.0 Apple Security Update: About the security content of watchOS 7.0 Product: watchOS Version: 7.0 CVE: CVE-2020-29639 Component: FontParser Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-6514 [MEDIUM] CWE-200 CVE-2020-6514: Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.

CVE-2020-15358 [MEDIUM] CWE-787 CVE-2020-15358: In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectO In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.

CVE-2020-9850 [CRITICAL] CVE-2020-9850: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 1 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.