Severity Rating: High
Software Affected
Apple iOS and iPadOS versions prior to 13.5
Apple iOS versions prior to 12.4.7
Overview
Multiple vulnerabilities have been reported in Apple iOS and iPadOS which
could allow a remote attacker to cause denial of service conditions,
execute arbitrary code with kernel privileges, access sensitive
information, access and modify memory, cause memory corruption, modify the
file system, bypass security restrictions, gain elevated privileges or
perform cross site scripting attacks on a targeted system.
Description
These vulnerabilities exist due to multiple memory corruption issues,
out-of-bounds read and write errors, improper input sanitization, improper
input validation, improper parsing, use of a pseudorandom number generator
(PRNG) with low entropy, insufficient sandbox restrictions, improper state
management, improper memory handling, race condition, integer overflow,
type confusion, use after free, double free and other logical errors in
Accounts, AirDrop, AppleMobileFileIntegrity, Audio, Bluetooth, CoreText,
FaceTime, File System, FontParser, ImageIO, IPSec, Kernel, Mail, Messages,
Notifications, Sandbox, SQLite, System Preferences, USB Audio, WebKit,
WebRTC and Wi-Fi components of iOSand iPadOS.
Successful exploitation of these vulnerabilities could allow the attacker
to cause denial of service conditions, execute arbitrary code with kernel
privileges, access sensitive information, access and modify memory, cause
memory corruption,modify the file system, bypass security restrictions,
gain elevated privileges or perform cross site scripting attacks on the
targeted system.
Solution
Apply appropriate security updates as mentioned in the Apple Security
Updates
Vendor Information
Apple
References
Tenable
CISecurity
cts-could-allow-for-arbitrary-code-execution_2020-072/
CVE Name
CVE-2020-9827
CVE-2020-9826
CVE-2020-9842
CVE-2020-9815
CVE-2020-9791
CVE-2020-6616
CVE-2020-9838
CVE-2020-9829
CVE-2020-9835
CVE-2020-9820
CVE-2020-9816
CVE-2020-3878
CVE-2020-9789
CVE-2020-9790
CVE-2020-9837
CVE-2020-9821
CVE-2020-9797
CVE-2020-9852
CVE-2020-9795
CVE-2020-9808
CVE-2020-9811
CVE-2020-9812
CVE-2020-9813
CVE-2020-9814
CVE-2020-9809
CVE-2020-9819
CVE-2020-9818
CVE-2020-9823
CVE-2020-9848
CVE-2020-9825
CVE-2020-9794
CVE-2020-9839
CVE-2020-9792
CVE-2020-9805
CVE-2020-9802
CVE-2020-9850
CVE-2020-9843
CVE-2020-9803
CVE-2020-9806
CVE-2020-9807
CVE-2020-9800
CVE-2019-20503
CVE-2020-9844
CVE-2020-3843
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.
![Fwd: [CIVN-2020-0199] Information Disclosure Vulnerability in Mozilla Firefox for iOS](http://3.bp.blogspot.com/-ZRo8fwgs65M/UZC2jMJpcLI/AAAAAAAAC5Y/EfoFQsr1wzU/s1600/BS+No+Image.gif )