Memory Consumption Vulnerability in Apple iOS and watchOS Products
CVE-2020-9819

4.3MEDIUM

Key Information:

Vendor
Apple
Status
iOS
iOS-1
Watch OS
Watch OS-1
Vendor
CVE Published:
9 June 2020

Badges

👾 Exploit Exists🦅 CISA Reported

Summary

A memory consumption vulnerability has been identified in Apple’s iOS and watchOS products, where processing a specially crafted email may lead to heap corruption. This flaw arises from improper memory handling, necessitating attention to ensure that devices running affected versions, including iOS 12.4.7, iOS 13.5, iPadOS 13.5, watchOS 5.3.7, and watchOS 6.2.5, apply the latest updates to mitigate potential exploits.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

Affected Version(s)

iOS < unspecified

iOS-1 < unspecified

watchOS < unspecified

References

https://support.apple.com/HT211168
x_refsource_MISC
https://support.apple.com/HT211175
x_refsource_MISC
https://support.apple.com/HT211169
x_refsource_MISC

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

.