#VU48062 Buffer overflow


Published: 2020-10-27 | Updated: 2020-11-01

Vulnerability identifier: #VU48062

Vulnerability risk: High

CVSSv3.1:

CVE-ID: CVE-2019-8835

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution.

Mitigation
Install update from vendor's website.

External links
http://support.apple.com/en-us/HT210785
http://support.apple.com/en-us/HT210790
http://support.apple.com/en-us/HT210792
http://support.apple.com/en-us/HT210793
http://support.apple.com/en-us/HT210794
http://support.apple.com/en-us/HT210795


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability