Input Validation Issue in Apple's Safari, iCloud, and Other Products
CVE-2020-9952

7.1HIGH

Key Information:

Vendor
Apple
Status
iOS
TV OS
Watch OS
Safari
Vendor
CVE Published:
16 October 2020

Summary

An input validation issue affects multiple Apple products, including Safari and iCloud, allowing attackers to craft malicious web content that could result in a cross-site scripting (XSS) attack. This vulnerability underscores the importance of secure coding practices and timely updates to mitigate potential security risks. Users are encouraged to update their devices to the latest versions, where this issue has been addressed through improved input validation mechanisms.

Affected Version(s)

iCloud for Windows < unspecified

iCloud for Windows (Legacy) < unspecified

iOS < unspecified

References

https://support.apple.com/HT211850
x_refsource_MISC
https://support.apple.com/HT211844
x_refsource_MISC
https://support.apple.com/HT211845
x_refsource_MISC

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.