Total 19 vulnerability patched in its macos including macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra .
Total 29 vulnerability patched in its IOS 13.6 and IPadOS 13.6
Details of macos vulnerability
Audio
Available for: macOS Catalina 10.15.5
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2020-9884: Yu Zhou(@yuzhou6666) of 小鸡帮 working with Trend Micro Zero Day Initiative
CVE-2020-9889: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab
Audio
Available for: macOS Catalina 10.15.5
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-9888: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab
CVE-2020-9890: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab
CVE-2020-9891: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab
Clang
Available for: macOS Catalina 10.15.5
Impact: Clang may generate machine code that does not correctly enforce pointer authentication codes
Description: A logic issue was addressed with improved validation.
CVE-2020-9870: Samuel Groß of Google Project Zero
CoreAudio
Available for: macOS High Sierra 10.13.6
Impact: A buffer overflow may result in arbitrary code execution
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2020-9866: Yu Zhou of 小鸡帮 and Jundong Xie of Ant-financial Light-Year Security Lab
CoreFoundation
Available for: macOS Catalina 10.15.5
Impact: A local user may be able to view sensitive user information
Description: An issue existed in the handling of environment variables. This issue was addressed with improved validation.
CVE-2020-9934: an anonymous researcher
Crash Reporter
Available for: macOS Catalina 10.15.5
Impact: A malicious application may be able to break out of its sandbox
Description: A memory corruption issue was addressed by removing the vulnerable code.
CVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud
Available for: macOS Catalina 10.15.5
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2020-9884: Yu Zhou(@yuzhou6666) of 小鸡帮 working with Trend Micro Zero Day Initiative
CVE-2020-9889: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab
Audio
Available for: macOS Catalina 10.15.5
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-9888: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab
CVE-2020-9890: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab
CVE-2020-9891: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab
Clang
Available for: macOS Catalina 10.15.5
Impact: Clang may generate machine code that does not correctly enforce pointer authentication codes
Description: A logic issue was addressed with improved validation.
CVE-2020-9870: Samuel Groß of Google Project Zero
CoreAudio
Available for: macOS High Sierra 10.13.6
Impact: A buffer overflow may result in arbitrary code execution
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2020-9866: Yu Zhou of 小鸡帮 and Jundong Xie of Ant-financial Light-Year Security Lab
CoreFoundation
Available for: macOS Catalina 10.15.5
Impact: A local user may be able to view sensitive user information
Description: An issue existed in the handling of environment variables. This issue was addressed with improved validation.
CVE-2020-9934: an anonymous researcher
Crash Reporter
Available for: macOS Catalina 10.15.5
Impact: A malicious application may be able to break out of its sandbox
Description: A memory corruption issue was addressed by removing the vulnerable code.
CVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud
Graphics Drivers
Available for: macOS Catalina 10.15.5
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-9799: ABC Research s.r.o.
Heimdal
Available for: macOS Catalina 10.15.5
Impact: A local user may be able to leak sensitive user information
Description: This issue was addressed with improved data protection.
CVE-2020-9913: Cody Thomas of SpecterOps
ImageIO
Available for: macOS Catalina 10.15.5
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2020-9936: Mickey Jin of Trend Micro
Kernel
Available for: macOS Catalina 10.15.5
Impact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel
Description: A routing issue was addressed with improved restrictions.
CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall
Available for: macOS Catalina 10.15.5
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-9799: ABC Research s.r.o.
Heimdal
Available for: macOS Catalina 10.15.5
Impact: A local user may be able to leak sensitive user information
Description: This issue was addressed with improved data protection.
CVE-2020-9913: Cody Thomas of SpecterOps
ImageIO
Available for: macOS Catalina 10.15.5
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2020-9936: Mickey Jin of Trend Micro
Kernel
Available for: macOS Catalina 10.15.5
Impact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel
Description: A routing issue was addressed with improved restrictions.
CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall
Available for: macOS Catalina 10.15.5
Impact: A remote attacker can cause a limited out-of-bounds write, resulting in a denial of service
Description: An input validation issue was addressed.
CVE-2019-19906
Messages
Available for: macOS Catalina 10.15.5
Impact: A user that is removed from an iMessage group could rejoin the group
Description: An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification.
CVE-2020-9885: an anonymous researcher, Suryansh Mansharamani, of WWP High School North (medium.com/@suryanshmansha)
Model I/O
Available for: macOS Catalina 10.15.5
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Description: A buffer overflow issue was addressed with improved memory handling.
CVE-2020-9878: Holger Fuhrmannek of Deutsche Telekom Security
Security
Available for: macOS Catalina 10.15.5
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9864: Alexander Holodny
Vim
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: A remote attacker may be able to cause arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2019-20807: Guilherme de Almeida Suckevicz
Wi-Fi
Available for: macOS Catalina 10.15.5
Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn)
Details of IOS and IPadOS vulnerability
Audio
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-9888: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab
CVE-2020-9890: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab
CVE-2020-9891: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab
Audio
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2020-9889: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab
AVEVideoEncoder
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed by removing the vulnerable code.
CVE-2020-9907: an anonymous researcher
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A remote attacker may cause an unexpected application termination
Description: A denial of service issue was addressed with improved input validation.
CVE-2020-9931: Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab
CoreFoundation
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A local user may be able to view sensitive user information
Description: An issue existed in the handling of environment variables. This issue was addressed with improved validation.
CVE-2020-9934: an anonymous researcher
Crash Reporter
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A malicious application may be able to break out of its sandbox
Description: A memory corruption issue was addressed by removing the vulnerable code.
CVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud
GeoServices
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A malicious application may be able to read sensitive location information
Description: An authorization issue was addressed with improved state management.
CVE-2020-9933: Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc.
iAP
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: An attacker in a privileged network position may be able to execute arbitrary code
Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.
CVE-2020-9914: Andy Davis of NCC Group
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2020-9936: Mickey Jin of Trend Micro
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2020-9923: Proteas
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel
Description: A routing issue was addressed with improved restrictions.
CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-9909: Brandon Azad of Google Project Zero
Mail
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A remote attacker can cause a limited out-of-bounds write, resulting in a denial of service
Description: An input validation issue was addressed.
CVE-2019-19906
Messages
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A user that is removed from an iMessage group could rejoin the group
Description: An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification.
CVE-2020-9885: an anonymous researcher, Suryansh Mansharamani, of WWP High School North (medium.com/@suryanshmansha)
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Description: A buffer overflow issue was addressed with improved memory handling.
CVE-2020-9878: Holger Fuhrmannek of Deutsche Telekom Security
Safari Login AutoFill
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A malicious attacker may cause Safari to suggest a password for the wrong domain
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9903: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)
Safari Reader
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9911: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced
Description: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.
CVE-2020-9915: an anonymous researcher
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
CVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative
CVE-2020-9895: Wen Xu of SSLab, Georgia Tech
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to universal cross site scripting
Description: A logic issue was addressed with improved state management.
CVE-2020-9925: an anonymous researcher
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication
Description: Multiple issues were addressed with improved logic.
CVE-2020-9910: Samuel Groß of Google Project Zero
WebKit Page Loading
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A malicious attacker may be able to conceal the destination of a URL
Description: A URL Unicode encoding issue was addressed with improved state management.
CVE-2020-9916: Rakesh Mane (@RakeshMane10)
WebKit Web Inspector
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Copying a URL from Web Inspector may lead to command injection
Description: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.
CVE-2020-9862: Ophir Lojkine (@lovasoa)
Wi-Fi
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn)
WiFi
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-9917: an anonymous researcher, Pradeep Deokate of Harman
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-9888: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab
CVE-2020-9890: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab
CVE-2020-9891: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab
Audio
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2020-9889: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab
AVEVideoEncoder
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed by removing the vulnerable code.
CVE-2020-9907: an anonymous researcher
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A remote attacker may cause an unexpected application termination
Description: A denial of service issue was addressed with improved input validation.
CVE-2020-9931: Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab
CoreFoundation
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A local user may be able to view sensitive user information
Description: An issue existed in the handling of environment variables. This issue was addressed with improved validation.
CVE-2020-9934: an anonymous researcher
Crash Reporter
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A malicious application may be able to break out of its sandbox
Description: A memory corruption issue was addressed by removing the vulnerable code.
CVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud
GeoServices
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A malicious application may be able to read sensitive location information
Description: An authorization issue was addressed with improved state management.
CVE-2020-9933: Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc.
iAP
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: An attacker in a privileged network position may be able to execute arbitrary code
Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.
CVE-2020-9914: Andy Davis of NCC Group
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2020-9936: Mickey Jin of Trend Micro
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2020-9923: Proteas
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel
Description: A routing issue was addressed with improved restrictions.
CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-9909: Brandon Azad of Google Project Zero
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A remote attacker can cause a limited out-of-bounds write, resulting in a denial of service
Description: An input validation issue was addressed.
CVE-2019-19906
Messages
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A user that is removed from an iMessage group could rejoin the group
Description: An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification.
CVE-2020-9885: an anonymous researcher, Suryansh Mansharamani, of WWP High School North (medium.com/@suryanshmansha)
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Description: A buffer overflow issue was addressed with improved memory handling.
CVE-2020-9878: Holger Fuhrmannek of Deutsche Telekom Security
Safari Login AutoFill
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A malicious attacker may cause Safari to suggest a password for the wrong domain
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9903: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)
Safari Reader
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9911: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced
Description: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.
CVE-2020-9915: an anonymous researcher
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
CVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative
CVE-2020-9895: Wen Xu of SSLab, Georgia Tech
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Processing maliciously crafted web content may lead to universal cross site scripting
Description: A logic issue was addressed with improved state management.
CVE-2020-9925: an anonymous researcher
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication
Description: Multiple issues were addressed with improved logic.
CVE-2020-9910: Samuel Groß of Google Project Zero
WebKit Page Loading
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A malicious attacker may be able to conceal the destination of a URL
Description: A URL Unicode encoding issue was addressed with improved state management.
CVE-2020-9916: Rakesh Mane (@RakeshMane10)
WebKit Web Inspector
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: Copying a URL from Web Inspector may lead to command injection
Description: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.
CVE-2020-9862: Ophir Lojkine (@lovasoa)
Wi-Fi
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn)
WiFi
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-9917: an anonymous researcher, Pradeep Deokate of Harman
No comments:
Post a Comment