Vulnerability CVE-2020-9910
Published: 2020-10-16

Description:
Multiple issues were addressed with improved logic. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

See advisories in our WLB2 database:
Topic
Author
Date
High
WebKit On iOS PAC / JIT Hardening Bypass
saelo
15.08.2020

Type:

CWE-287

 (Improper Authentication)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Apple -> Icloud 
Apple -> Itunes 
Apple -> Safari 
Apple -> Ipad os 
Apple -> Iphone os 
Apple -> TVOS 
Apple -> Watchos 

 References:
https://support.apple.com/HT211288
https://support.apple.com/HT211290
https://support.apple.com/HT211291
https://support.apple.com/HT211292
https://support.apple.com/HT211293
https://support.apple.com/HT211294
https://support.apple.com/HT211295
Copyright 2024, cxsecurity.com

 

Back to Top