Multiple Memory Corruption Issues in Safari and iOS Device Software
CVE-2019-8773

8.8HIGH

Key Information:

Vendor
Apple
Status
iOS And iPad OS
TV OS
Safari
Watch OS
Vendor
CVE Published:
27 October 2020

Summary

This vulnerability involves multiple memory corruption issues that could be exploited by processing maliciously crafted web content, potentially leading to arbitrary code execution on affected devices. Apple addressed the issue with improved memory handling across several of its products, ensuring enhanced security for users. Updates are included in Safari 13.0.1 and the latest versions of iOS, iPadOS, tvOS, watchOS, and iCloud for Windows.

Affected Version(s)

iCloud for Windows < 10.7

iCloud for Windows < 7.14

iOS and iPadOS < 13.1

References

https://support.apple.com/en-us/HT210604
x_refsource_MISC
https://support.apple.com/en-us/HT210607
x_refsource_MISC
https://support.apple.com/en-us/HT210603
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.