Summary
| Detail | |||
|---|---|---|---|
| Vendor | Apple | First view | 2019-12-11 |
| Product | Iphone Os | Last view | 2020-06-09 |
| Version | 12.4 | Type | Os |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:apple:iphone_os | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.8 | 2020-06-09 | CVE-2020-9852 | An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges. |
| 9.8 | 2020-06-09 | CVE-2020-9850 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution. |
| 2.4 | 2020-06-09 | CVE-2020-9848 | An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5. A person with physical access to an iOS device may be able to view notification contents from the lockscreen. |
| 7.5 | 2020-06-09 | CVE-2020-9844 | A double free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. |
| 7.1 | 2020-06-09 | CVE-2020-9843 | An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack. |
| 5.5 | 2020-06-09 | CVE-2020-9842 | This issue was addressed with improved checks. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to use arbitrary entitlements. |
| 7 | 2020-06-09 | CVE-2020-9839 | A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges. |
| 9.8 | 2020-06-09 | CVE-2020-9838 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to cause arbitrary code execution. |
| 7.5 | 2020-06-09 | CVE-2020-9837 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. A remote attacker may be able to leak memory. |
| 5.3 | 2020-06-09 | CVE-2020-9835 | An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 13.5 and iPadOS 13.5. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing. |
| 7.8 | 2020-06-09 | CVE-2020-9830 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges. |
| 6.5 | 2020-06-09 | CVE-2020-9829 | A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted text message may lead to application denial of service. |
| 7.5 | 2020-06-09 | CVE-2020-9827 | A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause a denial of service. |
| 7.5 | 2020-06-09 | CVE-2020-9826 | A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause a denial of service. |
| 7.8 | 2020-06-09 | CVE-2020-9825 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A malicious application may be able to bypass Privacy preferences. |
| 7.5 | 2020-06-09 | CVE-2020-9823 | This issue was addressed with improved checks. This issue is fixed in iOS 13.5 and iPadOS 13.5. Users removed from an iMessage conversation may still be able to alter state. |
| 7.8 | 2020-06-09 | CVE-2020-9821 | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges. |
| 7.5 | 2020-06-09 | CVE-2020-9820 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to modify the file system. |
| 4.3 | 2020-06-09 | CVE-2020-9819 | A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5, watchOS 5.3.7. Processing a maliciously crafted mail message may lead to heap corruption. |
| 8.8 | 2020-06-09 | CVE-2020-9818 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination. |
| 7.8 | 2020-06-09 | CVE-2020-9816 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. |
| 7.8 | 2020-06-09 | CVE-2020-9815 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution. |
| 7.8 | 2020-06-09 | CVE-2020-9814 | A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2020-06-09 | CVE-2020-9813 | A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges. |
| 5.5 | 2020-06-09 | CVE-2020-9812 | An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 36% (45) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 12% (15) | CWE-200 | Information Exposure |
| 8% (11) | CWE-125 | Out-of-bounds Read |
| 8% (10) | CWE-20 | Improper Input Validation |
| 4% (6) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 4% (5) | CWE-787 | Out-of-bounds Write |
| 2% (3) | CWE-668 | Exposure of Resource to Wrong Sphere |
| 2% (3) | CWE-416 | Use After Free |
| 2% (3) | CWE-362 | Race Condition |
| 2% (3) | CWE-287 | Improper Authentication |
| 2% (3) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 1% (2) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 1% (2) | CWE-276 | Incorrect Default Permissions |
| 0% (1) | CWE-670 | Always-Incorrect Control Flow Implementation |
| 0% (1) | CWE-665 | Improper Initialization |
| 0% (1) | CWE-613 | Insufficient Session Expiration |
| 0% (1) | CWE-522 | Insufficiently Protected Credentials |
| 0% (1) | CWE-415 | Double Free |
| 0% (1) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
| 0% (1) | CWE-367 | Time-of-check Time-of-use (TOCTOU) Race Condition |
| 0% (1) | CWE-326 | Inadequate Encryption Strength |
| 0% (1) | CWE-281 | Improper Preservation of Permissions |
| 0% (1) | CWE-269 | Improper Privilege Management |
| 0% (1) | CWE-190 | Integer Overflow or Wraparound |
| 0% (1) | CWE-91 | XML Injection (aka Blind XPath Injection) |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2020-09-02 | WebKit JIT compiler common subexpression elimination out of bounds access att... RuleID : 54666 - Type : BROWSER-WEBKIT - Revision : 2 |
| 2020-09-02 | WebKit JIT compiler common subexpression elimination out of bounds access att... RuleID : 54665 - Type : BROWSER-WEBKIT - Revision : 2 |
| 2020-04-21 | Apple Safari WebKit JavaScript engine type confusion attempt RuleID : 53474 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-04-21 | Apple Safari WebKit JavaScript engine type confusion attempt RuleID : 53473 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-03-19 | Apple Safari WebKit cached page memory corruption attempt RuleID : 53122 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-03-19 | Apple Safari WebKit cached page memory corruption attempt RuleID : 53121 - Type : BROWSER-WEBKIT - Revision : 1 |
