Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2020-9910

Published: 16/10/2020 Updated: 09/01/2023
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Summary

Multiple issues were addressed with improved logic. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple tvos

apple iphone os

apple icloud

apple itunes

apple safari

apple watchos

apple ipados

Mailing Lists

Full Disclosure: APPLE-SA-2020-07-15-5 Safari 13.1.2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-07-15-5 Safari 1312 Safari 1312 is now available and addresses the following: Safari Downloads Available for: macOS Mojave and macOS High Sierra, and included in macOS Catalina Impact: A malicious attacker may be able to change the origin of a frame for a download in Safari Reader ...
Full Disclosure: APPLE-SA-2020-07-15-1 iOS 13.6 and iPadOS 13.6
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-07-15-1 iOS 136 and iPadOS 136 iOS 136 and iPadOS 136 are now available and address the following: Audio Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing a maliciously crafted audio file may lead to a ...
Full Disclosure: APPLE-SA-2020-07-15-3 tvOS 13.4.8
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-07-15-3 tvOS 1348 tvOS 1348 is now available and addresses the following: Audio Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved ...
Full Disclosure: APPLE-SA-2020-07-15-4 watchOS 6.2.8
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-07-15-4 watchOS 628 watchOS 628 is now available and addresses the following: Audio Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with i ...

Github Repositories

https://github.com/Chaos192/test

WebKit PoC Exploit for iOS 1341 on iPhone Xs and Safari 131 on macOS 10154 A proof-of-concept exploit for CVE-2020-9802 The exploit targets WebKit on iOS 1341 on an iPhone Xs Vulnerability CVE-2020-9802 allows OOB access on the JSC heap due to incorrect bounds check elimination due to a bug in CSE With some more fiddling, it is possible to read or write out-of-bounds

References

NVD-CWE-noinfohttps://support.apple.com/HT211288https://support.apple.com/HT211290https://support.apple.com/HT211291https://support.apple.com/HT211292https://support.apple.com/HT211293https://support.apple.com/HT211294https://support.apple.com/HT211295https://nvd.nist.govhttps://github.com/Chaos192/testhttp://seclists.org/fulldisclosure/2020/Jul/27
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572CVE-2024-24919CVE-2024-0230CVE-2024-32714HTML injectionlocal file inclusionCVE-2024-31098CVE-2024-31244privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook