Out-of-Bounds Read Vulnerability in Apple iCloud and Other Products
CVE-2020-36521

7.1HIGH

Key Information:

Vendor

Apple
Status
Itunes For Windows
iOS And iPad OS
Icloud For Windows
Watch OS
Vendor
CVE Published:
23 September 2022

What is CVE-2020-36521?

An out-of-bounds read vulnerability has been identified in Apple products, particularly affecting iCloud, iOS, iPadOS, watchOS, tvOS, and iTunes. This vulnerability arises from improper input validation when processing maliciously crafted TIFF files. Exploiting this flaw may lead to a denial-of-service situation, potentially allowing unauthorized disclosure of memory contents. Apple has addressed this issue across multiple versions of its products to enhance security and protect user data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

iCloud for Windows < 11.4

iCloud for Windows < 7.21

iOS and iPadOS < 14.0

References

https://support.apple.com/en-us/HT211843
x_refsource_MISC
https://support.apple.com/en-us/HT211850
x_refsource_MISC
https://support.apple.com/en-us/HT211844
x_refsource_MISC

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.