Show vulnerabilities with patch / with exploit

Multiple vulnerabilities in Apple iOS and iPadOS



Published: 2020-03-27
Severity High
Patch available YES
Number of vulnerabilities 30
CVE ID CVE-2020-3917
CVE-2020-3885
CVE-2020-3897
CVE-2020-9783
CVE-2020-3887
CVE-2020-3901
CVE-2020-3900
CVE-2020-3895
CVE-2020-3902
CVE-2020-3899
CVE-2020-3894
CVE-2020-3891
CVE-2020-3883
CVE-2020-3911
CVE-2020-3909
CVE-2020-3910
CVE-2020-9785
CVE-2020-3914
CVE-2020-3919
CVE-2020-9768
CVE-2020-9773
CVE-2020-3916
CVE-2020-3913
CVE-2020-9770
CVE-2020-9780
CVE-2020-9777
CVE-2020-3890
CVE-2020-9775
CVE-2020-9781
CVE-2020-3888
CWE ID CWE-264
CWE-840
CWE-843
CWE-416
CWE-119
CWE-79
CWE-362
CWE-125
CWE-200
CWE-284
CWE-319
CWE-399
Exploitation vector Network
Public exploit Public exploit code for vulnerability #11 is available.
Public exploit code for vulnerability #20 is available.
Public exploit code for vulnerability #29 is available.
Vulnerable software
Subscribe
iPadOS
Operating systems & Components / Operating system

Apple iOS
Operating systems & Components / Operating system

Vendor Apple Inc.

Security Advisory

1) Permissions, Privileges, and Access Controls

Severity: Medium

CVSSv3: 5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3917

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information on the system.

The vulnerability exists due to a security restriction bypass. A remote attacker can trick a victim to install a malicious application, cause the application to be able to use an SSH client provided by private frameworks and gain access to sensitive information on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

Apple iOS: 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

CPE External links

https://support.apple.com/en-hk/HT211102

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Business Logic Errors

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3885

CWE-ID: CWE-840 - Business Logic Errors (3.0)

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to logical errors. A remote attacker can trick a victim to open a specially crafted file or visit a malicious page and cause a file URL may be incorrectly processed.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

Apple iOS: 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

CPE External links

https://support.apple.com/en-hk/HT211102

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Type Confusion

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3897

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error within the object transition cache. A remote attacker can trick a victim to visit a malicisou page or open a specially crafted file, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

Apple iOS: 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

CPE External links

https://support.apple.com/en-hk/HT211102

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9783

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing maliciously crafted web content. A remote attacker can trick a victim to open a specially crafted file or visit a malicious page and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

Apple iOS: 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

CPE External links

https://support.apple.com/en-hk/HT211102

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Business Logic Errors

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3887

CWE-ID: CWE-840 - Business Logic Errors (3.0)

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to logical errors. A remote attacker can trick a victim to open a specially crafted file or visit a malicious page and cause a download's origin may be incorrectly associated.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

Apple iOS: 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

CPE External links

https://support.apple.com/en-hk/HT211102

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Type Confusion

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3901

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error when processing maliciously crafted web content. A remote attacker can trick a victim to open a specially crafted file or visit a malicious page, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

Apple iOS: 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

CPE External links

https://support.apple.com/en-hk/HT211102

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3900

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trick a victim to open a specially crafted file or visit a malicious page, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

Apple iOS: 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

CPE External links

https://support.apple.com/en-hk/HT211102

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Buffer overflow

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3895

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing maliciously crafted web content. A remote attacker can trick a victim to open a specially crafted file or visit a malicious page, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

Apple iOS: 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

CPE External links

https://support.apple.com/en-hk/HT211102

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Cross-site scripting

Severity: Low

CVSSv3: 5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3902

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

Apple iOS: 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

CPE External links

https://support.apple.com/en-hk/HT211102

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer overflow

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3899

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick a victim to open a specially crafted file or visit a malicious page, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

Apple iOS: 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

CPE External links

https://support.apple.com/en-hk/HT211102

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Race condition

Severity: Medium

CVSSv3: 5.9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3894

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: Yes [Search exploit]

Description

The vulnerability allows a remote attacker to gain access to sensitive information on the system.

The vulnerability exists due to a race condition. A remote atacker can trick a victim to open a specially crafted file or visit a malicioous page, exploit the race and gain unauthorized access to sensitive information on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

Apple iOS: 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

CPE External links

https://support.apple.com/en-hk/HT211102

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

12) Business Logic Errors

Severity: Low

CVSSv3: 2.1 [CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3891

CWE-ID: CWE-840 - Business Logic Errors (3.0)

Exploit availability: No

Description

The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to logical errors. A an attacker with physical access to a locked iOS device may be able to respond to messages even when replies are disabled.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

Apple iOS: 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

CPE External links

https://support.apple.com/en-hk/HT211102

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Permissions, Privileges, and Access Controls

Severity: Medium

CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3883

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to improper permission checks in AppleMobileFileIntegrity. A remote attacker can trick a victim to install a malicious application and cause the application to be able to use arbitrary entitlements.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

Apple iOS: 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

CPE External links

https://support.apple.com/en-hk/HT211102

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Buffer overflow

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3911

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in libxml2. A remote attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

Apple iOS: 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

CPE External links

https://support.apple.com/en-hk/HT211102

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Buffer overflow

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3909

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in libxml2. A remote attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

Apple iOS: 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

CPE External links

https://support.apple.com/en-hk/HT211102

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Buffer overflow

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3910

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in libxml2. A remote attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

Apple iOS: 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

CPE External links

https://support.apple.com/en-hk/HT211102

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Buffer overflow

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9785

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

Apple iOS: 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

CPE External links

https://support.apple.com/en-hk/HT211102

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Out-of-bounds read

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3914

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can use a specially crafted application, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

Apple iOS: 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

CPE External links

https://support.apple.com/en-hk/HT211102

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Buffer overflow

Severity: High

CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3919

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can use a specially crafted application, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

Apple iOS: 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

CPE External links

https://support.apple.com/en-hk/HT211102

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use-after-free

Severity: High

CVSSv3: 7.9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9768

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes [Search exploit]

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error. A remote attacker can use a specially crafted application and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

Apple iOS: 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

CPE External links

https://support.apple.com/en-hk/HT211102

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

21) Information disclosure

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9773

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to improper handling of icon caches. A remote attacker can trick a victim to install a malicious application and identify what other applications a user has installed.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

Apple iOS: 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

CPE External links

https://support.apple.com/en-hk/HT211102

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper access control

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3916

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can set an alternate app icon and disclose a photo without needing permission to access photos.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

Apple iOS: 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

CPE External links

https://support.apple.com/en-hk/HT211102

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Permissions, Privileges, and Access Controls

Severity: Medium

CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3913

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to improper permissions check. A remote attacker can trick a victim to install a malicious application and use the application and gain elevated privileges on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

Apple iOS: 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

CPE External links

https://support.apple.com/en-hk/HT211102

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Cleartext transmission of sensitive information

Severity: Low

CVSSv3: 3.1 [CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9770

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote authenticated attacker on the local network with ability to intercept Bluetooth traffic can gain access to sensitive data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

Apple iOS: 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

CPE External links

https://support.apple.com/en-hk/HT211102

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Information disclosure

Severity: Low

CVSSv3: 4.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9780

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to improper cleared application previews when content is deleted. A local user can view deleted content in the app switcher.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

Apple iOS: 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

CPE External links

https://support.apple.com/en-hk/HT211102

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Resource management error

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9777

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information on the system.

The vulnerability exists due to improper selection of video file by Mail. A remote attacker can cause cropped videos may not be shared properly via Mail.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

Apple iOS: 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

CPE External links

https://support.apple.com/en-hk/HT211102

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper access control

Severity: Medium

CVSSv3: 4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3890

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in deletion messages. A remote attacker can cause the deleted messages groups may still be suggested as an autocompletion.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

Apple iOS: 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

CPE External links

https://support.apple.com/en-hk/HT211102

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Information disclosure

Severity: Medium

CVSSv3: 5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9775

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to improper handling of tabs displaying picture in picture video. A remote attacker can cause a user's private browsing activity may be unexpectedly saved in Screen Time.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

Apple iOS: 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

CPE External links

https://support.apple.com/en-hk/HT211102

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Permissions, Privileges, and Access Controls

Severity: Medium

CVSSv3: 5.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-9781

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes [Search exploit]

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to improper website permission prompts after navigation. A remote autuenticated attacker can grant website permissions to a site they didn't intend to.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

Apple iOS: 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

CPE External links

https://support.apple.com/en-hk/HT211102

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

30) Business Logic Errors

Severity: Medium

CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3888

CWE-ID: CWE-840 - Business Logic Errors (3.0)

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to logical errors. A remote attacker can use a specially crafted page to interfere with other web contexts.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

iPadOS: 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

Apple iOS: 13.0, 13.1, 13.1.1, 13.1.2, 13.1.3, 13.2, 13.2.2, 13.2.3, 13.3, 13.3.1

CPE External links

https://support.apple.com/en-hk/HT211102

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.