Fwd: [CIAD-2020-0086] Multiple Vulnerabilities in Apple iOS and iPadOS

Software Affected

Apple iOS versions prior to iOS 12.5 (iPhone 5s, iPhone 6, iPhone 6 Plus,

iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation))

Apple iOS versions prior to iOS 14.3 (for iPhone 5s, iPhone 6, iPhone 6

Plus, iPhone 6s and later, iPod touch (6th generation and 7th generation))

Apple iPadOS versions prior to 14.3 (for iPad Air, iPad mini 2, iPad mini

3, iPad Air 2 and later, iPad mini 4 and later)

Overview

Multiple vulnerabilities have been reported in Apple iOS and iPadOS which

could be exploited by an attacker to execute arbitrary code, disclose

sensitive information, bypass security restrictions or display wrong domain

on a targeted system.

Description

These vulnerabilities exist due to improper input validation, improper

state management, improper bound checking or improper memory management

issues in Security, App Store, CoreAudio, FontParser, ImageIO andWebRTC

components of Apple iOS and iPadOS.

Successful exploitation of these vulnerabilities could allow the attacker

to execute arbitrary code, disclose sensitive information, bypass security

restrictions or display wrong domain on a targeted system.

Solution

Apply appropriate updates as mentioned in the Apple Security Updates   

Vendor Information

Apple

References

Apple

CVE Name

CVE-2020-27951

CVE-2020-29613

CVE-2020-27948

CVE-2020-27946

CVE-2020-27943

CVE-2020-27944

CVE-2020-29617

CVE-2020-29619

CVE-2020-29618

CVE-2020-29611

CVE-2020-15969