Out-of-Bounds Write Issue in Apple Products Leading to Potential Application Termination
CVE-2020-9876

7.8HIGH

Key Information:

Vendor

Apple
Status
iOS
Mac OS
TV OS
Watch OS
Vendor
CVE Published:
22 October 2020

What is CVE-2020-9876?

An out-of-bounds write vulnerability was identified in various Apple operating systems and applications, which can potentially be exploited through a maliciously crafted PDF file. Successful exploitation may lead to unexpected application termination or allow arbitrary code execution on the affected device. This issue has been addressed in the latest software updates for affected products.

Affected Version(s)

iCloud for Windows < unspecified

iCloud for Windows (Legacy) < unspecified

iOS < unspecified

References

https://support.apple.com/kb/HT211843
x_refsource_CONFIRM
https://support.apple.com/kb/HT211850
x_refsource_CONFIRM
https://support.apple.com/kb/HT211844
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.