URL Unicode Encoding Issue in iOS, iPadOS, and Other Apple Products
CVE-2020-9916

5.3MEDIUM

Key Information:

Vendor
Apple
Status
iOS
TV OS
Watch OS
Safari
Vendor
CVE Published:
16 October 2020

Summary

A significant issue has been identified in Apple products where malicious attackers can exploit a URL Unicode encoding vulnerability. This flaw allows attackers to conceal the true destination of a URL, potentially leading users to phishing sites or other malicious content. The vulnerability has been effectively mitigated in several updates, including iOS 13.6, iPadOS 13.6, and other related products, emphasizing the importance of keeping software up to date to ensure protection against such threats.

Affected Version(s)

iCloud for Windows < unspecified

iCloud for Windows (Legacy) < unspecified

iOS < unspecified

References

https://support.apple.com/HT211288
x_refsource_MISC
https://support.apple.com/HT211290
x_refsource_MISC
https://support.apple.com/HT211291
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.