Severity Rating: High
Software Affected
· Safari prior to 13.1.1
Overview
Multiple vulnerabilities have been reported in Safari and WebKit and WebRTC
components that could allow an attacker to execute arbitrary code, and to
perform universal cross site scripting attacks and memory corruption
attacks on the targeted system.
Description
Vulnerability in Safari (CVE-2020-9801)
This vulnerability exists in Safari due to which a malicious process may
cause Safari to launch an application. Successful exploitation of this
vulnerability could allow the attacker to execute privilege escalation
attacks.
Multiple Vulnerabilities in WebKit (CVE-2020-9802, CVE-2020-9805,
CVE-2020-9800, CVE-2020-9806, CVE-2020-9807, CVE-2020-9850, CVE-2020-9843,
CVE-2020-9803)
These vulnerabilities exist in WebKit which may be exploited by sending
maliciously crafted web content. Successful exploitation of these
vulnerabilities may allow an attacker to execute arbitrary code and perform
cross site scripting attacks on the targeted system.
Vulnerability in WebRTC (CVE-2019-20503)
This vulnerability exists in WebRTC which may be exploited by sending
maliciously crafted web content. Successful exploitation of these could
lead to disclosure of process memory.
Solution
Apply appropriate updates mentioned in the Apple security updates
Vendor Information
Apple
Reference
Apple
Center for Internet Security
cts-could-allow-for-arbitrary-code-execution_2020-072/
CVE Name
CVE-2020-9801
CVE-2020-9802
CVE-2020-9805
CVE-2020-9800
CVE-2020-9806
CVE-2020-9807
CVE-2020-9850
CVE-2020-9843
CVE-2020-9803
CVE-2019-20503
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.
![Fwd: [CIAD-2020-0030] Multiple Vulnerabilities in SAP products](http://3.bp.blogspot.com/-ZRo8fwgs65M/UZC2jMJpcLI/AAAAAAAAC5Y/EfoFQsr1wzU/s1600/BS+No+Image.gif )