Out-of-Bounds Read Vulnerability in Apple iCloud and Other Products
CVE-2020-36521

7.1HIGH

Key Information:

Vendor
Apple
Status
Itunes For Windows
iOS And iPad OS
Icloud For Windows
Watch OS
Vendor
CVE Published:
23 September 2022

Summary

An out-of-bounds read vulnerability has been identified in Apple products, particularly affecting iCloud, iOS, iPadOS, watchOS, tvOS, and iTunes. This vulnerability arises from improper input validation when processing maliciously crafted TIFF files. Exploiting this flaw may lead to a denial-of-service situation, potentially allowing unauthorized disclosure of memory contents. Apple has addressed this issue across multiple versions of its products to enhance security and protect user data.

Affected Version(s)

iCloud for Windows < 11.4

iCloud for Windows < 7.21

iOS and iPadOS < 14.0

References

https://support.apple.com/en-us/HT211843
x_refsource_MISC
https://support.apple.com/en-us/HT211850
x_refsource_MISC
https://support.apple.com/en-us/HT211844
x_refsource_MISC

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.