Severity Rating: High
Software Affected
· Apple iOS and iPadOS versions prior to 13.6
Overview
Multiple vulnerabilities have been reported in Apple iOS and iPadOS which
could allow a remote attacker to execute arbitrary code with kernel
privileges, cause denial of service conditions, access sensitive
information, bypass security restrictions, hijack VPN connections or
perform cross site scripting attacks on a targeted system.
Description
Multiple vulnerabilities exist in Apple iOS and iPadOS due to out-of-bounds
read and write errors, multiple memory corruption issues, improper input
validation, improper state management, improper access restrictions,
insufficient verification and checks, buffer overflow error, use after free
error, improper escaping and other logical errors in Audio,
AVEVideoEncoder, Bluetooth, CoreFoundation, Crash Reporter, GeoServices,
iAP, ImageIO, Kernel, Mail, Messages, Model I/O, Safari Login AutoFill,
Safari Reader, WebKit, WebKit Page Loading, WebKit Web Inspector and Wi-Fi
components of the software.
Successful exploitation of these vulnerabilities could allow the attacker
to execute arbitrary code with kernel privileges, cause denial of service
conditions, access sensitive information, bypass security restrictions,
hijack VPN connections or perform cross site scripting attacks on the
targeted system.
Solution
Apply appropriate updates mentioned in the Apple security updates
Vendor Information
Apple
References
CISecurity
cts-could-allow-for-arbitrary-code-execution_2020-098/
CVE Name
CVE-2020-9888
CVE-2020-9889
CVE-2020-9890
CVE-2020-9891
CVE-2020-9907
CVE-2020-9931
CVE-2020-9934
CVE-2020-9865
CVE-2020-9933
CVE-2020-9914
CVE-2020-9936
CVE-2020-9923
CVE-2019-14899
CVE-2020-9909
CVE-2019-19906
CVE-2020-9885
CVE-2020-9878
CVE-2020-9903
CVE-2020-9911
CVE-2020-9894
CVE-2020-9915
CVE-2020-9893
CVE-2020-9895
CVE-2020-9925
CVE-2020-9910
CVE-2020-9916
CVE-2020-9862
CVE-2020-9918
CVE-2020-9917
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.