Published: 22/10/2020 Updated: 09/01/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple mac os x
apple tvos
apple iphone os
apple icloud
apple itunes
apple watchos
apple ipados

CERT/CC: 'Sensational' bug names spark fear, hype – so we'll give flaws our own labels... like Suggestive Bunny

The Register • Thomas Claburn in San Francisco • 03 Nov 2020

Officials go with randomly selected words with unintentionally hilarious results. Filthy Python, anyone? US-CERT lists the 10 most-exploited security bugs and, yeah, it's mostly Microsoft holes people forgot to patch

Many memorable events get named, whether they're hurricanes, political events, or security incidents like the Morris Worm, which surfaced 32 years ago yesterday. But named security incidents recently have editorialized their own importance with fear-mongering monikers like Heartbleed (2014), Meltdown, Spectre, and Foreshadow (2018), and Fallout and ZombieLoad (2019). Not all do so. There have been less emotionally loaded bug names proposed, like CacheOut, CrossTalk, and RIDL, but name-amplified ...

CVE-2020-9875

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect