Out-of-Bounds Write Vulnerability in Apple iOS, iPadOS, and macOS
CVE-2020-9789

8.8HIGH

Key Information:

Vendor
Apple
Status
iOS
Mac OS
TV OS
Watch OS
Vendor
CVE Published:
9 June 2020

Summary

A critical out-of-bounds write vulnerability has been identified in multiple Apple products, including iOS, iPadOS, macOS, and associated applications. This flaw can lead to arbitrary code execution when processing a specially crafted image, posing a significant risk to users. Apple has addressed the issue through improved bounds checking in affected versions, emphasizing the need for users to update their software to mitigate potential exploits.

Affected Version(s)

iCloud for Windows < unspecified

iCloud for Windows (Legacy) < unspecified

iOS < unspecified

References

https://support.apple.com/HT211168
x_refsource_MISC
https://support.apple.com/HT211170
x_refsource_MISC
https://support.apple.com/HT211171
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.