Memory Corruption Vulnerability in Apple iOS and Safari
CVE-2020-9807

8.8HIGH

Key Information:

Vendor
Apple
Status
iOS
TV OS
Watch OS
Safari
Vendor
CVE Published:
9 June 2020

Summary

A memory corruption issue was reported in various Apple platforms, allowing processing of maliciously crafted web content that could lead to arbitrary code execution. This vulnerability has been addressed with enhanced state management in the latest software updates, including iOS 13.5, iPadOS 13.5, and others. Users are encouraged to update their devices to mitigate potential risks.

Affected Version(s)

iCloud for Windows < unspecified

iCloud for Windows (Legacy) < unspecified

iOS < unspecified

References

https://support.apple.com/HT211168
x_refsource_MISC
https://support.apple.com/HT211171
x_refsource_MISC
https://support.apple.com/HT211175
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.