cvelistv5 - cve-2020-3887

CVE-2020-3887 (GCVE-0-2020-3887)

Vulnerability from cvelistv5 – Published: 2020-04-01 17:47 – Updated: 2024-08-04 07:52

Summary

Severity ?

No CVSS data available.

CWE

A download's origin may be incorrectly associated

Assigner

apple

References

URL

Tags

	https://support.apple.com/HT211102	x_refsource_MISC
	https://support.apple.com/HT211101	x_refsource_MISC
	https://support.apple.com/HT211104	x_refsource_MISC
	https://support.apple.com/HT211105	x_refsource_MISC
	https://support.apple.com/HT211106	x_refsource_MISC
	https://support.apple.com/HT211107	x_refsource_MISC

Impacted products

Vendor

Product

Version

Apple

iOS

Affected: unspecified , < iOS 13.4 and iPadOS 13.4 (custom)

Apple	tvOS	Affected: unspecified , < tvOS 13.4 (custom)
Apple	Safari	Affected: unspecified , < Safari 13.1 (custom)
Apple	iTunes for Windows	Affected: unspecified , < iTunes for Windows 12.10.5 (custom)
Apple	iCloud for Windows	Affected: unspecified , < iCloud for Windows 10.9.3 (custom)
Apple	iCloud for Windows (Legacy)	Affected: unspecified , < iCloud for Windows 7.18 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:52:19.930Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT211102"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT211101"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT211104"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT211105"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT211106"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT211107"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iOS 13.4 and iPadOS 13.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "tvOS 13.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "Safari 13.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iTunes for Windows",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iTunes for Windows 12.10.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iCloud for Windows",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iCloud for Windows 10.9.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iCloud for Windows (Legacy)",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iCloud for Windows 7.18",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download\u0027s origin may be incorrectly associated."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "A download\u0027s origin may be incorrectly associated",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-16T16:01:37",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT211102"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT211101"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT211104"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT211105"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT211106"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT211107"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2020-3887",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iOS 13.4 and iPadOS 13.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "tvOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "tvOS 13.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Safari",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "Safari 13.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "iTunes for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iTunes for Windows 12.10.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "iCloud for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iCloud for Windows 10.9.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "iCloud for Windows (Legacy)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iCloud for Windows 7.18"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download\u0027s origin may be incorrectly associated."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "A download\u0027s origin may be incorrectly associated"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT211102",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT211102"
            },
            {
              "name": "https://support.apple.com/HT211101",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT211101"
            },
            {
              "name": "https://support.apple.com/HT211104",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT211104"
            },
            {
              "name": "https://support.apple.com/HT211105",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT211105"
            },
            {
              "name": "https://support.apple.com/HT211106",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT211106"
            },
            {
              "name": "https://support.apple.com/HT211107",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT211107"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2020-3887",
    "datePublished": "2020-04-01T17:47:10",
    "dateReserved": "2019-12-18T00:00:00",
    "dateUpdated": "2024-08-04T07:52:19.930Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*\", \"versionEndExcluding\": \"7.18\", \"matchCriteriaId\": \"C0F56F52-3A35-4C68-872B-9DC349664260\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*\", \"versionStartIncluding\": \"10.0.0\", \"versionEndExcluding\": \"10.9.3\", \"matchCriteriaId\": \"9BD7597B-A879-4CDE-AB4E-B664BFF83138\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*\", \"versionEndExcluding\": \"12.10.5\", \"matchCriteriaId\": \"82E6396E-8C78-4EED-88EC-B97C9B4C2DA9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.1\", \"matchCriteriaId\": \"0043E6A5-C84C-4538-A6FB-A64882B0F828\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.4\", \"matchCriteriaId\": \"A754595C-30B0-4E62-8ECF-E671F6C3DC57\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.4\", \"matchCriteriaId\": \"09DD8CD4-AF42-4A2B-8DF0-AED34E43FDD8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"13.4\", \"matchCriteriaId\": \"3D72D358-8126-4B3C-97E9-A01731C38D45\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download\u0027s origin may be incorrectly associated.\"}, {\"lang\": \"es\", \"value\": \"Se abord\\u00f3 un problema l\\u00f3gico con restricciones mejoradas. Este problema es corregido en iOS versi\\u00f3n 13.4 y iPadOS versi\\u00f3n 13.4, tvOS versi\\u00f3n 13.4, Safari versi\\u00f3n 13.1, iTunes para Windows versi\\u00f3n 12.10.5, iCloud para Windows versi\\u00f3n 10.9.3, iCloud para Windows versi\\u00f3n 7.18. El origen de una descarga puede ser asociado incorrectamente.\"}]",
      "id": "CVE-2020-3887",
      "lastModified": "2024-11-21T05:31:54.020",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2020-04-01T18:15:15.880",
      "references": "[{\"url\": \"https://support.apple.com/HT211101\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211102\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211104\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211105\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211106\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211107\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211101\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211102\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211104\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211105\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211106\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/HT211107\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-3887\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2020-04-01T18:15:15.880\",\"lastModified\":\"2024-11-21T05:31:54.020\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download\u0027s origin may be incorrectly associated.\"},{\"lang\":\"es\",\"value\":\"Se abord\u00f3 un problema l\u00f3gico con restricciones mejoradas. Este problema es corregido en iOS versi\u00f3n 13.4 y iPadOS versi\u00f3n 13.4, tvOS versi\u00f3n 13.4, Safari versi\u00f3n 13.1, iTunes para Windows versi\u00f3n 12.10.5, iCloud para Windows versi\u00f3n 10.9.3, iCloud para Windows versi\u00f3n 7.18. El origen de una descarga puede ser asociado incorrectamente.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"7.18\",\"matchCriteriaId\":\"C0F56F52-3A35-4C68-872B-9DC349664260\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.9.3\",\"matchCriteriaId\":\"9BD7597B-A879-4CDE-AB4E-B664BFF83138\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"12.10.5\",\"matchCriteriaId\":\"82E6396E-8C78-4EED-88EC-B97C9B4C2DA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.1\",\"matchCriteriaId\":\"0043E6A5-C84C-4538-A6FB-A64882B0F828\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.4\",\"matchCriteriaId\":\"A754595C-30B0-4E62-8ECF-E671F6C3DC57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.4\",\"matchCriteriaId\":\"09DD8CD4-AF42-4A2B-8DF0-AED34E43FDD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.4\",\"matchCriteriaId\":\"3D72D358-8126-4B3C-97E9-A01731C38D45\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/HT211101\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211102\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211104\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211105\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211106\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211107\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211101\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211102\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211104\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211105\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211106\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211107\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2020-AVI-171

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Apple iCloud pour Windows. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	iCloud pour Windows 10.x versions antérieures à 10.9.3
	Apple	N/A	iCloud pour Windows 7.x versions antérieures à 7.18

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT211106 du 26 mars 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211107 du 26 mars 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "iCloud pour Windows 10.x versions ant\u00e9rieures \u00e0 10.9.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows 7.x versions ant\u00e9rieures \u00e0 7.18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-3887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3887"
    },
    {
      "name": "CVE-2020-3894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3894"
    },
    {
      "name": "CVE-2020-9783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9783"
    },
    {
      "name": "CVE-2020-3910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3910"
    },
    {
      "name": "CVE-2020-3895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3895"
    },
    {
      "name": "CVE-2020-3909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3909"
    },
    {
      "name": "CVE-2020-3885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3885"
    },
    {
      "name": "CVE-2020-3897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3897"
    },
    {
      "name": "CVE-2020-3899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3899"
    },
    {
      "name": "CVE-2020-3902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3902"
    },
    {
      "name": "CVE-2020-3901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3901"
    },
    {
      "name": "CVE-2020-3911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3911"
    },
    {
      "name": "CVE-2020-3900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3900"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-171",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-03-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apple iCloud pour\nWindows. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iCloud pour Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211106 du 26 mars 2020",
      "url": "https://support.apple.com/en-us/HT211106"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211107 du 26 mars 2020",
      "url": "https://support.apple.com/en-us/HT211107"
    }
  ]
}

CERTFR-2020-AVI-170

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	Safari	Safari versions antérieures à 13.1
Apple	N/A	tvOS versions antérieures à 13.4
Apple	N/A	iOS versions antérieures à 13.4
Apple	N/A	watchOS versions antérieures à 6.2
Apple	N/A	iTunes versions antérieures à 12.10.5
Apple	macOS	macOS Catalina versions antérieures à 10.15.4
Apple	N/A	iPadOS versions antérieures à 13.4

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT211102 du 24 mars 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211105 du 24 mars 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211100 du 24 mars 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211103 du 24 mars 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211104 du 24 mars 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211101 du 24 mars 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 13.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 13.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 13.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iTunes versions ant\u00e9rieures \u00e0 12.10.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Catalina versions ant\u00e9rieures \u00e0 10.15.4",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions ant\u00e9rieures \u00e0 13.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-3904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3904"
    },
    {
      "name": "CVE-2020-3887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3887"
    },
    {
      "name": "CVE-2020-3894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3894"
    },
    {
      "name": "CVE-2020-3851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3851"
    },
    {
      "name": "CVE-2020-9783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9783"
    },
    {
      "name": "CVE-2020-3884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3884"
    },
    {
      "name": "CVE-2020-3910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3910"
    },
    {
      "name": "CVE-2020-3895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3895"
    },
    {
      "name": "CVE-2020-3912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3912"
    },
    {
      "name": "CVE-2020-9784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9784"
    },
    {
      "name": "CVE-2020-3909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3909"
    },
    {
      "name": "CVE-2020-3891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3891"
    },
    {
      "name": "CVE-2020-3893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3893"
    },
    {
      "name": "CVE-2020-3917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3917"
    },
    {
      "name": "CVE-2020-3914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3914"
    },
    {
      "name": "CVE-2020-3888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3888"
    },
    {
      "name": "CVE-2020-3916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3916"
    },
    {
      "name": "CVE-2019-19232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19232"
    },
    {
      "name": "CVE-2020-3913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3913"
    },
    {
      "name": "CVE-2020-9780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9780"
    },
    {
      "name": "CVE-2020-3885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3885"
    },
    {
      "name": "CVE-2020-3897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3897"
    },
    {
      "name": "CVE-2020-9781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9781"
    },
    {
      "name": "CVE-2020-3906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3906"
    },
    {
      "name": "CVE-2020-3883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3883"
    },
    {
      "name": "CVE-2020-3905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3905"
    },
    {
      "name": "CVE-2020-9777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9777"
    },
    {
      "name": "CVE-2019-8853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8853"
    },
    {
      "name": "CVE-2020-3892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3892"
    },
    {
      "name": "CVE-2020-3899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3899"
    },
    {
      "name": "CVE-2020-3902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3902"
    },
    {
      "name": "CVE-2020-3901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3901"
    },
    {
      "name": "CVE-2020-3890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3890"
    },
    {
      "name": "CVE-2020-3881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3881"
    },
    {
      "name": "CVE-2020-9785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9785"
    },
    {
      "name": "CVE-2020-3908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3908"
    },
    {
      "name": "CVE-2019-14615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14615"
    },
    {
      "name": "CVE-2020-3889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3889"
    },
    {
      "name": "CVE-2020-9776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9776"
    },
    {
      "name": "CVE-2020-3903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3903"
    },
    {
      "name": "CVE-2020-3911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3911"
    },
    {
      "name": "CVE-2020-9775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9775"
    },
    {
      "name": "CVE-2020-9769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9769"
    },
    {
      "name": "CVE-2020-3900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3900"
    },
    {
      "name": "CVE-2020-3919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3919"
    },
    {
      "name": "CVE-2020-9773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9773"
    },
    {
      "name": "CVE-2020-9768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9768"
    },
    {
      "name": "CVE-2020-3907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3907"
    },
    {
      "name": "CVE-2020-9770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9770"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-170",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-03-25T00:00:00.000000"
    },
    {
      "description": "typographie",
      "revision_date": "2020-03-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211102 du 24 mars 2020",
      "url": "https://support.apple.com/fr-fr/HT211102"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211105 du 24 mars 2020",
      "url": "https://support.apple.com/fr-fr/HT211105"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211100 du 24 mars 2020",
      "url": "https://support.apple.com/fr-fr/HT211100"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211103 du 24 mars 2020",
      "url": "https://support.apple.com/fr-fr/HT211103"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211104 du 24 mars 2020",
      "url": "https://support.apple.com/fr-fr/HT211104"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211101 du 24 mars 2020",
      "url": "https://support.apple.com/fr-fr/HT211101"
    }
  ]
}

CERTFR-2020-AVI-170

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	Safari	Safari versions antérieures à 13.1
Apple	N/A	tvOS versions antérieures à 13.4
Apple	N/A	iOS versions antérieures à 13.4
Apple	N/A	watchOS versions antérieures à 6.2
Apple	N/A	iTunes versions antérieures à 12.10.5
Apple	macOS	macOS Catalina versions antérieures à 10.15.4
Apple	N/A	iPadOS versions antérieures à 13.4

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT211102 du 24 mars 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211105 du 24 mars 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211100 du 24 mars 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211103 du 24 mars 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211104 du 24 mars 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211101 du 24 mars 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 13.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 13.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 13.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iTunes versions ant\u00e9rieures \u00e0 12.10.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Catalina versions ant\u00e9rieures \u00e0 10.15.4",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions ant\u00e9rieures \u00e0 13.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-3904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3904"
    },
    {
      "name": "CVE-2020-3887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3887"
    },
    {
      "name": "CVE-2020-3894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3894"
    },
    {
      "name": "CVE-2020-3851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3851"
    },
    {
      "name": "CVE-2020-9783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9783"
    },
    {
      "name": "CVE-2020-3884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3884"
    },
    {
      "name": "CVE-2020-3910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3910"
    },
    {
      "name": "CVE-2020-3895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3895"
    },
    {
      "name": "CVE-2020-3912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3912"
    },
    {
      "name": "CVE-2020-9784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9784"
    },
    {
      "name": "CVE-2020-3909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3909"
    },
    {
      "name": "CVE-2020-3891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3891"
    },
    {
      "name": "CVE-2020-3893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3893"
    },
    {
      "name": "CVE-2020-3917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3917"
    },
    {
      "name": "CVE-2020-3914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3914"
    },
    {
      "name": "CVE-2020-3888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3888"
    },
    {
      "name": "CVE-2020-3916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3916"
    },
    {
      "name": "CVE-2019-19232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19232"
    },
    {
      "name": "CVE-2020-3913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3913"
    },
    {
      "name": "CVE-2020-9780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9780"
    },
    {
      "name": "CVE-2020-3885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3885"
    },
    {
      "name": "CVE-2020-3897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3897"
    },
    {
      "name": "CVE-2020-9781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9781"
    },
    {
      "name": "CVE-2020-3906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3906"
    },
    {
      "name": "CVE-2020-3883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3883"
    },
    {
      "name": "CVE-2020-3905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3905"
    },
    {
      "name": "CVE-2020-9777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9777"
    },
    {
      "name": "CVE-2019-8853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8853"
    },
    {
      "name": "CVE-2020-3892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3892"
    },
    {
      "name": "CVE-2020-3899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3899"
    },
    {
      "name": "CVE-2020-3902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3902"
    },
    {
      "name": "CVE-2020-3901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3901"
    },
    {
      "name": "CVE-2020-3890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3890"
    },
    {
      "name": "CVE-2020-3881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3881"
    },
    {
      "name": "CVE-2020-9785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9785"
    },
    {
      "name": "CVE-2020-3908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3908"
    },
    {
      "name": "CVE-2019-14615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14615"
    },
    {
      "name": "CVE-2020-3889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3889"
    },
    {
      "name": "CVE-2020-9776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9776"
    },
    {
      "name": "CVE-2020-3903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3903"
    },
    {
      "name": "CVE-2020-3911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3911"
    },
    {
      "name": "CVE-2020-9775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9775"
    },
    {
      "name": "CVE-2020-9769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9769"
    },
    {
      "name": "CVE-2020-3900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3900"
    },
    {
      "name": "CVE-2020-3919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3919"
    },
    {
      "name": "CVE-2020-9773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9773"
    },
    {
      "name": "CVE-2020-9768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9768"
    },
    {
      "name": "CVE-2020-3907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3907"
    },
    {
      "name": "CVE-2020-9770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9770"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-170",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-03-25T00:00:00.000000"
    },
    {
      "description": "typographie",
      "revision_date": "2020-03-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211102 du 24 mars 2020",
      "url": "https://support.apple.com/fr-fr/HT211102"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211105 du 24 mars 2020",
      "url": "https://support.apple.com/fr-fr/HT211105"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211100 du 24 mars 2020",
      "url": "https://support.apple.com/fr-fr/HT211100"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211103 du 24 mars 2020",
      "url": "https://support.apple.com/fr-fr/HT211103"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211104 du 24 mars 2020",
      "url": "https://support.apple.com/fr-fr/HT211104"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211101 du 24 mars 2020",
      "url": "https://support.apple.com/fr-fr/HT211101"
    }
  ]
}

CERTFR-2020-AVI-171

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	iCloud pour Windows 10.x versions antérieures à 10.9.3
	Apple	N/A	iCloud pour Windows 7.x versions antérieures à 7.18

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT211106 du 26 mars 2020	None	vendor-advisory
Bulletin de sécurité Apple HT211107 du 26 mars 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "iCloud pour Windows 10.x versions ant\u00e9rieures \u00e0 10.9.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows 7.x versions ant\u00e9rieures \u00e0 7.18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-3887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3887"
    },
    {
      "name": "CVE-2020-3894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3894"
    },
    {
      "name": "CVE-2020-9783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9783"
    },
    {
      "name": "CVE-2020-3910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3910"
    },
    {
      "name": "CVE-2020-3895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3895"
    },
    {
      "name": "CVE-2020-3909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3909"
    },
    {
      "name": "CVE-2020-3885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3885"
    },
    {
      "name": "CVE-2020-3897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3897"
    },
    {
      "name": "CVE-2020-3899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3899"
    },
    {
      "name": "CVE-2020-3902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3902"
    },
    {
      "name": "CVE-2020-3901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3901"
    },
    {
      "name": "CVE-2020-3911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3911"
    },
    {
      "name": "CVE-2020-3900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3900"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-171",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-03-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apple iCloud pour\nWindows. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple iCloud pour Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211106 du 26 mars 2020",
      "url": "https://support.apple.com/en-us/HT211106"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT211107 du 26 mars 2020",
      "url": "https://support.apple.com/en-us/HT211107"
    }
  ]
}

CNVD-2020-22135

Vulnerability from cnvd - Published: 2020-04-09

Title

多款Apple产品WebKit组件逻辑问题漏洞

Description

Apple iOS等都是美国苹果（Apple）公司的产品。Apple iOS是一套为移动设备所开发的操作系统。Apple tvOS是一套智能电视操作系统。Apple iPadOS是一套用于iPad平板电脑的操作系统。WebKit是其中的一个Web浏览器引擎组件。多款Apple产品中的WebKit组件存在安全漏洞，该漏洞源于程序未能正确关联下载源。目前没有详细的漏洞细节提供。

Severity

中

Patch Name

多款Apple产品WebKit组件逻辑问题漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.apple.com/zh-cn/HT211101 https://support.apple.com/zh-cn/HT211102 https://support.apple.com/zh-cn/HT211104 https://support.apple.com/zh-cn/HT211105 https://support.apple.com/zh-cn/HT211106 https://support.apple.com/zh-cn/HT211107

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-3887

Impacted products

Name
['Apple iOS <13.4', 'Apple iPadOS <13.4', 'Apple tvOS <13.4', 'Apple Safari <13.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-3887"
    }
  },
  "description": "Apple iOS\u7b49\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e00\u5957\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple tvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\u3002Apple iPadOS\u662f\u4e00\u5957\u7528\u4e8eiPad\u5e73\u677f\u7535\u8111\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002WebKit\u662f\u5176\u4e2d\u7684\u4e00\u4e2aWeb\u6d4f\u89c8\u5668\u5f15\u64ce\u7ec4\u4ef6\u3002\n\n\u591a\u6b3eApple\u4ea7\u54c1\u4e2d\u7684WebKit\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5173\u8054\u4e0b\u8f7d\u6e90\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/zh-cn/HT211101\r\nhttps://support.apple.com/zh-cn/HT211102\r\nhttps://support.apple.com/zh-cn/HT211104\r\nhttps://support.apple.com/zh-cn/HT211105\r\nhttps://support.apple.com/zh-cn/HT211106\r\nhttps://support.apple.com/zh-cn/HT211107",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-22135",
  "openTime": "2020-04-09",
  "patchDescription": "Apple iOS\u7b49\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e00\u5957\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple tvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\u3002Apple iPadOS\u662f\u4e00\u5957\u7528\u4e8eiPad\u5e73\u677f\u7535\u8111\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002WebKit\u662f\u5176\u4e2d\u7684\u4e00\u4e2aWeb\u6d4f\u89c8\u5668\u5f15\u64ce\u7ec4\u4ef6\u3002\r\n\r\n\u591a\u6b3eApple\u4ea7\u54c1\u4e2d\u7684WebKit\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5173\u8054\u4e0b\u8f7d\u6e90\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eApple\u4ea7\u54c1WebKit\u7ec4\u4ef6\u903b\u8f91\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple  iOS \u003c13.4",
      "Apple  iPadOS \u003c13.4",
      "Apple  tvOS \u003c13.4",
      "Apple  Safari \u003c13.1"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-3887",
  "serverity": "\u4e2d",
  "submitTime": "2020-03-26",
  "title": "\u591a\u6b3eApple\u4ea7\u54c1WebKit\u7ec4\u4ef6\u903b\u8f91\u95ee\u9898\u6f0f\u6d1e"
}

GSD-2020-3887

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2020-3887

Aliases

CVE-2020-3887

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-3887",
    "description": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download\u0027s origin may be incorrectly associated.",
    "id": "GSD-2020-3887"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-3887"
      ],
      "details": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download\u0027s origin may be incorrectly associated.",
      "id": "GSD-2020-3887",
      "modified": "2023-12-13T01:22:09.831674Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2020-3887",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "iOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "iOS 13.4 and iPadOS 13.4"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "tvOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "tvOS 13.4"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Safari",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "Safari 13.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "iTunes for Windows",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "iTunes for Windows 12.10.5"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "iCloud for Windows",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "iCloud for Windows 10.9.3"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "iCloud for Windows (Legacy)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "iCloud for Windows 7.18"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download\u0027s origin may be incorrectly associated."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "A download\u0027s origin may be incorrectly associated"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT211102",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT211102"
          },
          {
            "name": "https://support.apple.com/HT211101",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT211101"
          },
          {
            "name": "https://support.apple.com/HT211104",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT211104"
          },
          {
            "name": "https://support.apple.com/HT211105",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT211105"
          },
          {
            "name": "https://support.apple.com/HT211106",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT211106"
          },
          {
            "name": "https://support.apple.com/HT211107",
            "refsource": "MISC",
            "url": "https://support.apple.com/HT211107"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.18",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.9.3",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.10.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2020-3887"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download\u0027s origin may be incorrectly associated."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT211101",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT211101"
            },
            {
              "name": "https://support.apple.com/HT211102",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT211102"
            },
            {
              "name": "https://support.apple.com/HT211104",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT211104"
            },
            {
              "name": "https://support.apple.com/HT211105",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT211105"
            },
            {
              "name": "https://support.apple.com/HT211106",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT211106"
            },
            {
              "name": "https://support.apple.com/HT211107",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT211107"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2020-04-03T22:45Z",
      "publishedDate": "2020-04-01T18:15Z"
    }
  }
}

FKIE_CVE-2020-3887

Vulnerability from fkie_nvd - Published: 2020-04-01 18:15 - Updated: 2024-11-21 05:31

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Summary

References

URL	Tags
product-security@apple.com	https://support.apple.com/HT211101	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/HT211102	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/HT211104	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/HT211105	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/HT211106	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/HT211107	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211101	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211102	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211104	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211105	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211106	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211107	Release Notes, Vendor Advisory

Impacted products

Vendor	Product	Version
apple	icloud	*
apple	icloud	*
apple	itunes	*
apple	safari	*
apple	ipad_os	*
apple	iphone_os	*
apple	tvos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "C0F56F52-3A35-4C68-872B-9DC349664260",
              "versionEndExcluding": "7.18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "9BD7597B-A879-4CDE-AB4E-B664BFF83138",
              "versionEndExcluding": "10.9.3",
              "versionStartIncluding": "10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "82E6396E-8C78-4EED-88EC-B97C9B4C2DA9",
              "versionEndExcluding": "12.10.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0043E6A5-C84C-4538-A6FB-A64882B0F828",
              "versionEndExcluding": "13.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A754595C-30B0-4E62-8ECF-E671F6C3DC57",
              "versionEndExcluding": "13.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "09DD8CD4-AF42-4A2B-8DF0-AED34E43FDD8",
              "versionEndExcluding": "13.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D72D358-8126-4B3C-97E9-A01731C38D45",
              "versionEndExcluding": "13.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download\u0027s origin may be incorrectly associated."
    },
    {
      "lang": "es",
      "value": "Se abord\u00f3 un problema l\u00f3gico con restricciones mejoradas. Este problema es corregido en iOS versi\u00f3n 13.4 y iPadOS versi\u00f3n 13.4, tvOS versi\u00f3n 13.4, Safari versi\u00f3n 13.1, iTunes para Windows versi\u00f3n 12.10.5, iCloud para Windows versi\u00f3n 10.9.3, iCloud para Windows versi\u00f3n 7.18. El origen de una descarga puede ser asociado incorrectamente."
    }
  ],
  "id": "CVE-2020-3887",
  "lastModified": "2024-11-21T05:31:54.020",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-01T18:15:15.880",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211101"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211102"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211104"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211105"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211106"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211101"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211102"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211104"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211106"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT211107"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-7RH6-F95M-QWR5

Vulnerability from github – Published: 2022-05-24 17:13 – Updated: 2022-05-24 17:13

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-3887"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-01T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download\u0027s origin may be incorrectly associated.",
  "id": "GHSA-7rh6-f95m-qwr5",
  "modified": "2022-05-24T17:13:07Z",
  "published": "2022-05-24T17:13:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3887"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211101"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211102"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211104"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211105"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211106"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211107"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-202004-1995

Vulnerability from variot - Updated: 2023-12-18 11:03

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download's origin may be incorrectly associated. plural Apple The product contains a logic vulnerability due to a flawed handling of restrictions.Download source may be incorrectly associated. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. WebKit is one of the web browser engine components. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. The following products and versions are affected: Windows-based Apple iCloud versions prior to 7.18 and 10.9.3; Windows-based iTunes versions prior to 12.10.5; iOS versions prior to 13.4; iPadOS versions prior to 13.4; Safari versions prior to 13.1; tvOS Versions prior to 13.4.

Installation note:

Safari 13.1 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2020-03-24-1 iOS 13.4 and iPadOS 13.4

iOS 13.4 and iPadOS 13.4 are now available and address the following:

ActionKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to use an SSH client provided by private frameworks Description: This issue was addressed with a new entitlement. CVE-2020-3917: Steven Troughton-Smith (@stroughtonsmith)

AppleMobileFileIntegrity Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to use arbitrary entitlements Description: This issue was addressed with improved checks. CVE-2020-3883: Linus Henze (pinauten.de)

Bluetooth Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: A logic issue was addressed with improved state management. CVE-2020-9770: Jianliang Wu of PurSec Lab of Purdue University, Xinwen Fu and Yue Zhang of the University of Central Florida

CoreFoundation Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious application may be able to elevate privileges Description: A permissions issue existed. CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG

Icons Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Setting an alternate app icon may disclose a photo without needing permission to access photos Description: An access issue was addressed with additional sandbox restrictions. CVE-2020-3916: Vitaliy Alekseev (@villy21)

Icons Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious application may be able to identify what other applications a user has installed Description: The issue was addressed with improved handling of icon caches. CVE-2020-9773: Chilik Tamir of Zimperium zLabs

Image Processing Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9768: Mohamed Ghannam (@_simo36)

IOHIDFamily Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-3919: an anonymous researcher

Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-3914: pattern-f (@pattern_F_) of WaCai

Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed with improved state management. CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team

libxml2 Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with improved size validation. CVE-2020-3910: LGTM.com

Mail Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A local user may be able to view deleted content in the app switcher Description: The issue was resolved by clearing application previews when content is deleted. CVE-2020-9780: an anonymous researcher, Dimitris Chaintinis

Mail Attachments Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Cropped videos may not be shared properly via Mail Description: An issue existed in the selection of video file by Mail. The issue was fixed by selecting the latest version of a video. CVE-2020-9777

Messages Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A person with physical access to a locked iOS device may be able to respond to messages even when replies are disabled Description: A logic issue was addressed with improved state management. CVE-2020-3891: Peter Scott

Messages Composition Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Deleted messages groups may still be suggested as an autocompletion Description: The issue was addressed with improved deletion. CVE-2020-3890: an anonymous researcher

Safari Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A user's private browsing activity may be unexpectedly saved in Screen Time Description: An issue existed in the handling of tabs displaying picture in picture video. CVE-2020-9775: an anonymous researcher, Marek Wawro (futurefinance.com) and Sambor Wawro of STO64 School Krakow Poland

Safari Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A user may grant website permissions to a site they didn't intend to Description: The issue was addressed by clearing website permission prompts after navigation. CVE-2020-9781: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)

Web App Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A maliciously crafted page may interfere with other web contexts Description: A logic issue was addressed with improved restrictions. CVE-2020-3888: Darren Jones of Dappological Ltd.

WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: An application may be able to read restricted memory Description: A race condition was addressed with additional validation. CVE-2020-3894: Sergei Glazunov of Google Project Zero

WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2020-3899: found by OSS-Fuzz

WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2020-3902: Yiğit Can YILMAZ (@yilmazcanyigit)

WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-3895: grigoritchy CVE-2020-3900: Dongzhuo Zhao working with ADLab of Venustech

WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2020-3901: Benjamin Randazzo (@____benjamin)

WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A download's origin may be incorrectly associated Description: A logic issue was addressed with improved restrictions. CVE-2020-3887: Ryan Pickren (ryanpickren.com)

WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Processing maliciously crafted web content may lead to code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9783: Apple

WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A remote attacker may be able to cause arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro’s Zero Day Initiative

WebKit Page Loading Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: A file URL may be incorrectly processed Description: A logic issue was addressed with improved restrictions. CVE-2020-3885: Ryan Pickren (ryanpickren.com)

Additional recognition

FontParser We would like to acknowledge Matthew Denton of Google Chrome for their assistance.

Kernel We would like to acknowledge Siguza for their assistance.

LinkPresentation We would like to acknowledge Travis for their assistance.

Notes We would like to acknowledge Mike DiLoreto for their assistance.

rapportd We would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of Technische Universität Darmstadt for their assistance.

Safari Reader We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com) for their assistance.

Sidecar We would like to acknowledge Rick Backley (@rback_sec) for their assistance.

SiriKit We would like to acknowledge Ioan Florescu and Ki Ha Nam for their assistance.

WebKit We would like to acknowledge Emilio Cobos Álvarez of Mozilla, Samuel Groß of Google Project Zero, and an anonymous researcher for their assistance.

Installation note:

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About. The version after applying this update will be "iOS 13.4 and iPadOS 13.4".

-----BEGIN PGP SIGNATURE----- Version: BCPG v1.64

iQIcBAEDCAAGBQJeekZMAAoJEAc+Lhnt8tDNKCgP/3pVmWn5xSJ/VS0kgOY3XsuF dy80y4fIR+0y0Gx2t06RY/5fROnZWYpCs7TjWg0ZoWF73wplM6nfR19QaS0evqrK KJq46grrKHnhgrmSqCzNiar5uYm6/S3BLCueikeqAX2osMOI/rmWGy0/BFxgv6vL OS6n9n6NO0V9wQQdnOveWMARi0w9M3S07j86T4OUNEw49Z3dNcndP6HYxagQAP1Y 7O26ls+HkgH7mbHxvUN0WqtmTCaOgB4pXeTCrd4d/ev1LTiO4NH00DcaC6a2adhD c7TZO9Ba5H15XVVpkPQqFfiKVfjvQcPrTmKk0mdaLnDOB2ntUnvKplCeZPTFefGw ZidI9SYUnPWJ4ITxji48PcRhbHALW59PYnhHvRRfxyqYhwsNus9i3UZNXkjm5U0D hdDevEztCnkAsqZWq9hvCwDrsIvvlGrueuCC6jqODSNWucod/inOvGZ2N0/rwc/r UtlGyZtQj9rWvZix0daOEWYnwSoV09XuIhUlcEEG/CU1XlVOCAD01n02zIGcLc2C Rm/61L08KcRDRvBLsNEYDgfnvxj2Lsyi2wf8L0VGpkHJkoDifLh64fPYshjhL6t5 OeKelaH5yPeTdu2bs4ispTmlUJ9NYVHxyDeWGdtz4sfCFAji+pK9uFHFh3woVs6U QZLTM48mlSBSN+txWmsZ =K2in -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1995",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ipad os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.4"
      },
      {
        "model": "icloud",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.9.3"
      },
      {
        "model": "safari",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.1"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.4"
      },
      {
        "model": "icloud",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.0.0"
      },
      {
        "model": "icloud",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.18"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "13.4"
      },
      {
        "model": "itunes",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.10.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.1 \u672a\u6e80 (macos high sierra)"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.1 \u672a\u6e80 (macos mojave)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.4 \u672a\u6e80 (ipod touch \u7b2c 7 \u4e16\u4ee3)"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.1 \u672a\u6e80 (macos catalina)"
      },
      {
        "model": "ipados",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.4 \u672a\u6e80 (ipad air 2 \u4ee5\u964d)"
      },
      {
        "model": "icloud",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "for windows 7.18 \u672a\u6e80 (windows 10 \u4ee5\u964d)"
      },
      {
        "model": "icloud",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "for windows 10.9.3 \u672a\u6e80 (windows 7 \u4ee5\u964d)"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "for windows 12.10.5 \u672a\u6e80 (windows 7 \u4ee5\u964d)"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.4 \u672a\u6e80 (apple tv 4k)"
      },
      {
        "model": "ipados",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.4 \u672a\u6e80 (ipad mini 4 \u4ee5\u964d)"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "6.4 \u672a\u6e80 (apple watch series 1 \u4ee5\u964d)"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.4 \u672a\u6e80 (apple tv hd)"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "13.4  \u672a\u6e80 (iphone 6s \u4ee5\u964d)"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003669"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-3887"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.18",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.9.3",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.10.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-3887"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "156947"
      },
      {
        "db": "PACKETSTORM",
        "id": "156904"
      },
      {
        "db": "PACKETSTORM",
        "id": "156906"
      },
      {
        "db": "PACKETSTORM",
        "id": "156946"
      },
      {
        "db": "PACKETSTORM",
        "id": "156896"
      },
      {
        "db": "PACKETSTORM",
        "id": "156892"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2020-3887",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-003669",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-182012",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "impactScore": 1.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-003669",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-3887",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-003669",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202003-1564",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-182012",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-182012"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003669"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-3887"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-1564"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download\u0027s origin may be incorrectly associated. plural Apple The product contains a logic vulnerability due to a flawed handling of restrictions.Download source may be incorrectly associated. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. WebKit is one of the web browser engine components. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. The following products and versions are affected: Windows-based Apple iCloud versions prior to 7.18 and 10.9.3; Windows-based iTunes versions prior to 12.10.5; iOS versions prior to 13.4; iPadOS versions prior to 13.4; Safari versions prior to 13.1; tvOS Versions prior to 13.4. \n\nInstallation note:\n\nSafari 13.1 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2020-03-24-1 iOS 13.4 and iPadOS 13.4\n\niOS 13.4 and iPadOS 13.4 are now available and address the following:\n\nActionKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to use an SSH client provided by\nprivate frameworks\nDescription: This issue was addressed with a new entitlement. \nCVE-2020-3917: Steven Troughton-Smith (@stroughtonsmith)\n\nAppleMobileFileIntegrity\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to use arbitrary entitlements\nDescription: This issue was addressed with improved checks. \nCVE-2020-3883: Linus Henze (pinauten.de)\n\nBluetooth\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An attacker in a privileged network position may be able to\nintercept Bluetooth traffic\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-9770: Jianliang Wu of PurSec Lab of Purdue University,\nXinwen Fu and Yue Zhang of the University of Central Florida\n\nCoreFoundation\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A malicious application may be able to elevate privileges\nDescription: A permissions issue existed. \nCVE-2020-3913: Timo Christ of Avira Operations GmbH \u0026 Co. KG\n\nIcons\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Setting an alternate app icon may disclose a photo without\nneeding permission to access photos\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2020-3916: Vitaliy Alekseev (@villy21)\n\nIcons\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A malicious application may be able to identify what other\napplications a user has installed\nDescription: The issue was addressed with improved handling of icon\ncaches. \nCVE-2020-9773: Chilik Tamir of Zimperium zLabs\n\nImage Processing\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-9768: Mohamed Ghannam (@_simo36)\n\nIOHIDFamily\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2020-3919: an anonymous researcher\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to read restricted memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2020-3914: pattern-f (@pattern_F_) of WaCai\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: Multiple memory corruption issues were addressed with\nimproved state management. \nCVE-2020-9785: Proteas of Qihoo 360 Nirvan Team\n\nlibxml2\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Multiple issues in libxml2\nDescription: A buffer overflow was addressed with improved size\nvalidation. \nCVE-2020-3910: LGTM.com\n\nlibxml2\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Multiple issues in libxml2\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2020-3909: LGTM.com\nCVE-2020-3911: found by OSS-Fuzz\n\nMail\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A local user may be able to view deleted content in the app\nswitcher\nDescription: The issue was resolved by clearing application previews\nwhen content is deleted. \nCVE-2020-9780: an anonymous researcher, Dimitris Chaintinis\n\nMail Attachments\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Cropped videos may not be shared properly via Mail\nDescription: An issue existed in the selection of video file by Mail. \nThe issue was fixed by selecting the latest version of a video. \nCVE-2020-9777\n\nMessages\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A person with physical access to a locked iOS device may be\nable to respond to messages even when replies are disabled\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-3891: Peter Scott\n\nMessages Composition\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Deleted messages groups may still be suggested as an\nautocompletion\nDescription: The issue was addressed with improved deletion. \nCVE-2020-3890: an anonymous researcher\n\nSafari\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A user\u0027s private browsing activity may be unexpectedly saved\nin Screen Time\nDescription: An issue existed in the handling of tabs displaying\npicture in picture video. \nCVE-2020-9775: an anonymous researcher, Marek Wawro\n(futurefinance.com) and Sambor Wawro of STO64 School Krakow Poland\n\nSafari\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A user may grant website permissions to a site they didn\u0027t\nintend to\nDescription: The issue was addressed by clearing website permission\nprompts after navigation. \nCVE-2020-9781: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)\n\nWeb App\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A maliciously crafted page may interfere with other web\ncontexts\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-3888: Darren Jones of Dappological Ltd. \n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: An application may be able to read restricted memory\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2020-3894: Sergei Glazunov of Google Project Zero\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2020-3899: found by OSS-Fuzz\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing maliciously crafted web content may lead to a\ncross site scripting attack\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2020-3902: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2020-3895: grigoritchy\nCVE-2020-3900: Dongzhuo Zhao working with ADLab of Venustech\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2020-3901: Benjamin Randazzo (@____benjamin)\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A download\u0027s origin may be incorrectly associated\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-3887: Ryan Pickren (ryanpickren.com)\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-9783: Apple\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro\u2019s\nZero Day Initiative\n\nWebKit Page Loading\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch 7th generation\nImpact: A file URL may be incorrectly processed\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-3885: Ryan Pickren (ryanpickren.com)\n\nAdditional recognition\n\nFontParser\nWe would like to acknowledge Matthew Denton of Google Chrome for\ntheir assistance. \n\nKernel\nWe would like to acknowledge Siguza for their assistance. \n\nLinkPresentation\nWe would like to acknowledge Travis for their assistance. \n\nNotes\nWe would like to acknowledge Mike DiLoreto for their assistance. \n\nrapportd\nWe would like to acknowledge Alexander Heinrich (@Sn0wfreeze) of\nTechnische Universit\u00e4t Darmstadt for their assistance. \n\nSafari Reader\nWe would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs\n(payatu.com) for their assistance. \n\nSidecar\nWe would like to acknowledge Rick Backley (@rback_sec) for their\nassistance. \n\nSiriKit\nWe would like to acknowledge Ioan Florescu and Ki Ha Nam for their\nassistance. \n\nWebKit\nWe would like to acknowledge Emilio Cobos \u00c1lvarez of Mozilla, Samuel\nGro\u00df of Google Project Zero, and an anonymous researcher for their\nassistance. \n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"iOS 13.4 and iPadOS 13.4\". \n\n-----BEGIN PGP SIGNATURE-----\nVersion: BCPG v1.64\n\niQIcBAEDCAAGBQJeekZMAAoJEAc+Lhnt8tDNKCgP/3pVmWn5xSJ/VS0kgOY3XsuF\ndy80y4fIR+0y0Gx2t06RY/5fROnZWYpCs7TjWg0ZoWF73wplM6nfR19QaS0evqrK\nKJq46grrKHnhgrmSqCzNiar5uYm6/S3BLCueikeqAX2osMOI/rmWGy0/BFxgv6vL\nOS6n9n6NO0V9wQQdnOveWMARi0w9M3S07j86T4OUNEw49Z3dNcndP6HYxagQAP1Y\n7O26ls+HkgH7mbHxvUN0WqtmTCaOgB4pXeTCrd4d/ev1LTiO4NH00DcaC6a2adhD\nc7TZO9Ba5H15XVVpkPQqFfiKVfjvQcPrTmKk0mdaLnDOB2ntUnvKplCeZPTFefGw\nZidI9SYUnPWJ4ITxji48PcRhbHALW59PYnhHvRRfxyqYhwsNus9i3UZNXkjm5U0D\nhdDevEztCnkAsqZWq9hvCwDrsIvvlGrueuCC6jqODSNWucod/inOvGZ2N0/rwc/r\nUtlGyZtQj9rWvZix0daOEWYnwSoV09XuIhUlcEEG/CU1XlVOCAD01n02zIGcLc2C\nRm/61L08KcRDRvBLsNEYDgfnvxj2Lsyi2wf8L0VGpkHJkoDifLh64fPYshjhL6t5\nOeKelaH5yPeTdu2bs4ispTmlUJ9NYVHxyDeWGdtz4sfCFAji+pK9uFHFh3woVs6U\nQZLTM48mlSBSN+txWmsZ\n=K2in\n-----END PGP SIGNATURE-----\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-3887"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003669"
      },
      {
        "db": "VULHUB",
        "id": "VHN-182012"
      },
      {
        "db": "PACKETSTORM",
        "id": "156947"
      },
      {
        "db": "PACKETSTORM",
        "id": "156904"
      },
      {
        "db": "PACKETSTORM",
        "id": "156906"
      },
      {
        "db": "PACKETSTORM",
        "id": "156946"
      },
      {
        "db": "PACKETSTORM",
        "id": "156896"
      },
      {
        "db": "PACKETSTORM",
        "id": "156892"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-3887",
        "trust": 3.1
      },
      {
        "db": "JVN",
        "id": "JVNVU96545608",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003669",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-1564",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-182012",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "156947",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "156904",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "156906",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "156946",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "156896",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "156892",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-182012"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003669"
      },
      {
        "db": "PACKETSTORM",
        "id": "156947"
      },
      {
        "db": "PACKETSTORM",
        "id": "156904"
      },
      {
        "db": "PACKETSTORM",
        "id": "156906"
      },
      {
        "db": "PACKETSTORM",
        "id": "156946"
      },
      {
        "db": "PACKETSTORM",
        "id": "156896"
      },
      {
        "db": "PACKETSTORM",
        "id": "156892"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-3887"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-1564"
      }
    ]
  },
  "id": "VAR-202004-1995",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-182012"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:03:19.585000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT211107",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht211107"
      },
      {
        "title": "HT211101",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht211101"
      },
      {
        "title": "HT211102",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht211102"
      },
      {
        "title": "HT211104",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht211104"
      },
      {
        "title": "HT211105",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht211105"
      },
      {
        "title": "HT211106",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht211106"
      },
      {
        "title": "HT211101",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht211101"
      },
      {
        "title": "HT211102",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht211102"
      },
      {
        "title": "HT211104",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht211104"
      },
      {
        "title": "HT211105",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht211105"
      },
      {
        "title": "HT211106",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht211106"
      },
      {
        "title": "HT211107",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht211107"
      },
      {
        "title": "Multiple Apple product WebKit Fixes for component security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112976"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003669"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-1564"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003669"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-3887"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3887"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht211101"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht211102"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht211104"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht211105"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht211106"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht211107"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3887"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu96545608/"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3899"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3900"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3901"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3902"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3897"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3894"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3895"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3885"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht211107"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9783"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3911"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3910"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3909"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/ht204283"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3883"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9773"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9768"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3914"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3917"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3919"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9784"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/download/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9785"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9780"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3890"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3888"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9770"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9781"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9777"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3891"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3913"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9775"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3916"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-182012"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003669"
      },
      {
        "db": "PACKETSTORM",
        "id": "156947"
      },
      {
        "db": "PACKETSTORM",
        "id": "156904"
      },
      {
        "db": "PACKETSTORM",
        "id": "156906"
      },
      {
        "db": "PACKETSTORM",
        "id": "156946"
      },
      {
        "db": "PACKETSTORM",
        "id": "156896"
      },
      {
        "db": "PACKETSTORM",
        "id": "156892"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-3887"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-1564"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-182012"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003669"
      },
      {
        "db": "PACKETSTORM",
        "id": "156947"
      },
      {
        "db": "PACKETSTORM",
        "id": "156904"
      },
      {
        "db": "PACKETSTORM",
        "id": "156906"
      },
      {
        "db": "PACKETSTORM",
        "id": "156946"
      },
      {
        "db": "PACKETSTORM",
        "id": "156896"
      },
      {
        "db": "PACKETSTORM",
        "id": "156892"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-3887"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-1564"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-182012"
      },
      {
        "date": "2020-04-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-003669"
      },
      {
        "date": "2020-03-28T14:19:08",
        "db": "PACKETSTORM",
        "id": "156947"
      },
      {
        "date": "2020-03-25T14:34:53",
        "db": "PACKETSTORM",
        "id": "156904"
      },
      {
        "date": "2020-03-25T14:36:33",
        "db": "PACKETSTORM",
        "id": "156906"
      },
      {
        "date": "2020-03-28T14:18:46",
        "db": "PACKETSTORM",
        "id": "156946"
      },
      {
        "date": "2020-03-25T14:25:02",
        "db": "PACKETSTORM",
        "id": "156896"
      },
      {
        "date": "2020-03-25T14:20:32",
        "db": "PACKETSTORM",
        "id": "156892"
      },
      {
        "date": "2020-04-01T18:15:15.880000",
        "db": "NVD",
        "id": "CVE-2020-3887"
      },
      {
        "date": "2020-03-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202003-1564"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-182012"
      },
      {
        "date": "2020-04-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-003669"
      },
      {
        "date": "2020-04-03T22:45:34.617000",
        "db": "NVD",
        "id": "CVE-2020-3887"
      },
      {
        "date": "2021-10-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202003-1564"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-1564"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Apple Product logic vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-003669"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202003-1564"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-3887 (GCVE-0-2020-3887)

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature