Fwd: [CIAD-2020-0049] Multiple Vulnerabilities in Apple iOS and iPadOS

1 year ago 71

Software Affected

·         Apple iOS and iPadOS versions prior to 13.6

Overview

Multiple vulnerabilities have been reported in Apple iOS and iPadOS which

could allow a remote attacker to execute arbitrary code with kernel

privileges, cause denial of service conditions, access sensitive

information, bypass security restrictions, hijack VPN connections or

perform cross site scripting attacks on a targeted system.

Description

Multiple vulnerabilities exist in Apple iOS and iPadOS due to out-of-bounds

read and write errors, multiple memory corruption issues, improper input

validation, improper state management, improper access restrictions,

insufficient verification and checks, buffer overflow error, use after free

error, improper escaping and other logical errors in Audio,

AVEVideoEncoder, Bluetooth, CoreFoundation, Crash Reporter, GeoServices,

iAP, ImageIO, Kernel, Mail, Messages, Model I/O, Safari Login AutoFill,

Safari Reader, WebKit, WebKit Page Loading, WebKit Web Inspector and Wi-Fi

components of the software.

Successful exploitation of these vulnerabilities could allow the attacker

to execute arbitrary code with kernel privileges, cause denial of service

conditions, access sensitive information, bypass security restrictions,

hijack VPN connections or perform cross site scripting attacks on the

targeted system. 

Solution          

Apply appropriate updates mentioned in the Apple security updates

Vendor Information

Apple

References

CISecurity

cts-could-allow-for-arbitrary-code-execution_2020-098/

CVE Name

CVE-2020-9888

CVE-2020-9889

CVE-2020-9890

CVE-2020-9891

CVE-2020-9907

CVE-2020-9931

CVE-2020-9934

CVE-2020-9865

CVE-2020-9933

CVE-2020-9914

CVE-2020-9936

CVE-2020-9923

CVE-2019-14899

CVE-2020-9909

CVE-2019-19906

CVE-2020-9885

CVE-2020-9878

CVE-2020-9903

CVE-2020-9911

CVE-2020-9894

CVE-2020-9915

CVE-2020-9893

CVE-2020-9895

CVE-2020-9925

CVE-2020-9910

CVE-2020-9916

CVE-2020-9862

CVE-2020-9918

CVE-2020-9917

Read Entire Article