Logic Issue in Apple Products Exposes Cross-Site Scripting Vulnerability
CVE-2020-9925

6.1MEDIUM

Key Information:

Vendor

Apple
Status
iOS
TV OS
Watch OS
Safari
Vendor
CVE Published:
16 October 2020

What is CVE-2020-9925?

A logic issue in various Apple products has been identified, which is linked to improper state management. This vulnerability can be exploited through maliciously crafted web content, potentially allowing attackers to execute universal cross-site scripting attacks. Users of affected versions should update their software to mitigate these security risks effectively. The issue has been resolved in the latest updates of affected systems.

Affected Version(s)

iCloud for Windows < unspecified

iCloud for Windows (Legacy) < unspecified

iOS < unspecified

References

https://support.apple.com/HT211288
x_refsource_MISC
https://support.apple.com/HT211290
x_refsource_MISC
https://support.apple.com/HT211291
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.