Showing posts with label Apple iOS. Show all posts
Showing posts with label Apple iOS. Show all posts

Ajay Verma , , , , , , , , 01:56
Severity Rating: High
Software Affected
Apple iOS and iPadOS versions prior to 13.5
Apple iOS versions prior to 12.4.7
Overview
Multiple vulnerabilities have been reported in Apple iOS and iPadOS which
could allow a remote attacker to cause denial of service conditions,
execute arbitrary code with kernel privileges, access sensitive
information, access and modify memory, cause memory corruption, modify the
file system, bypass security restrictions, gain elevated privileges or
perform cross site scripting attacks on a targeted system.

Description
These vulnerabilities exist due to multiple memory corruption issues,
out-of-bounds read and write errors, improper input sanitization, improper
input validation, improper parsing, use of a pseudorandom number generator
(PRNG) with low entropy, insufficient sandbox restrictions, improper state
management, improper memory handling, race condition, integer overflow,
type confusion, use after free, double free and other logical errors in
Accounts, AirDrop, AppleMobileFileIntegrity, Audio, Bluetooth, CoreText,
FaceTime, File System, FontParser, ImageIO, IPSec, Kernel, Mail, Messages,
Notifications, Sandbox, SQLite, System Preferences, USB Audio, WebKit,
WebRTC and Wi-Fi components of iOSand iPadOS. 
Successful exploitation of these vulnerabilities could allow the attacker
to cause denial of service conditions, execute arbitrary code with kernel
privileges, access sensitive information, access and modify memory, cause
memory corruption,modify the file system, bypass security restrictions,
gain elevated privileges or perform cross site scripting attacks on the
targeted system.

Solution
Apply appropriate security updates as mentioned in the   Apple Security
Updates

Vendor Information
Apple

References
Tenable

CISecurity
cts-could-allow-for-arbitrary-code-execution_2020-072/

CVE Name
CVE-2020-9827
CVE-2020-9826
CVE-2020-9842
CVE-2020-9815
CVE-2020-9791
CVE-2020-6616
CVE-2020-9838
CVE-2020-9829
CVE-2020-9835
CVE-2020-9820
CVE-2020-9816
CVE-2020-3878
CVE-2020-9789
CVE-2020-9790
CVE-2020-9837
CVE-2020-9821
CVE-2020-9797
CVE-2020-9852
CVE-2020-9795
CVE-2020-9808
CVE-2020-9811
CVE-2020-9812
CVE-2020-9813
CVE-2020-9814
CVE-2020-9809
CVE-2020-9819
CVE-2020-9818
CVE-2020-9823
CVE-2020-9848
CVE-2020-9825
CVE-2020-9794
CVE-2020-9839
CVE-2020-9792
CVE-2020-9805
CVE-2020-9802
CVE-2020-9850
CVE-2020-9843
CVE-2020-9803
CVE-2020-9806
CVE-2020-9807
CVE-2020-9800
CVE-2019-20503
CVE-2020-9844
CVE-2020-3843
Read more [..]

Ajay Verma , , , , , 01:54

Severity Rating: HIGH
Software Affected
Firefox for iOS versions 25.0 and prior
Overview
A vulnerability has been reported in Firefox for iOS that could allow a
remote attacker to access sensitive information on a targeted system.

Description
This vulnerability exists in Firefox for iOS due to improper token handling
in native-to-JS bridging implementation. A remote attacker could exploit
this vulnerability by creating a specially crafted webpage and then
convince the user to download a file hosted on the webpage. 

Successful exploitation of this vulnerability could allow the attacker to
access potentially sensitive information on the targeted system.

Solution
Update to version 26.0 from Apple App Store.
Vendor Information

Mozilla

References
Mozilla

CyberSecurityHelp

CVE Name
CVE-2020-12404
Read more [..]
Subscribe to: Posts ( Atom )

© Copyright 2020. Designed By Templateify

© Copyright 2020. Ud64

Scroll to Top