Vulnerability CVE-2020-9850

Vulnerability CVE-2020-9850

Published: 2020-06-09

Description:

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.

See advisories in our WLB2 database:

	Topic	Author	Date
High	Safari Type Confusion / Sandbox Escape	timwr	01.10.2020

Type:

NVD-CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.5/10	6.4/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Apple -> Icloud
Apple -> Itunes
Apple -> Safari
Apple -> Ipad os
Apple -> Iphone os
Apple -> TVOS
Apple -> Watchos

References:

https://support.apple.com/HT211168

https://support.apple.com/HT211171

https://support.apple.com/HT211175

https://support.apple.com/HT211177

https://support.apple.com/HT211178

https://support.apple.com/HT211179

https://support.apple.com/HT211181

Copyright 2024, cxsecurity.com