var-202004-1964
Vulnerability from variot
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to code execution. plural Apple The product contains a vulnerability related to the use of freed memory due to a flaw in memory management processing.Created maliciously Web Arbitrary code can be executed by processing the content. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. WebKit is one of the web browser engine components. A resource management error vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Windows-based Apple iCloud versions prior to 7.18 and 10.9.3; Windows-based iTunes versions prior to 12.10.5; iOS versions prior to 13.4; iPadOS versions prior to 13.4; Safari versions prior to 13.1; tvOS Versions prior to 13.4.
Installation note:
Safari 13.1 may be obtained from the Mac App Store. -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64
iQIcBAEDCAAGBQJeejDWAAoJEAc+Lhnt8tDN+aYP/2PReUsWsxAK0Xv2Uv6h2jht aBFzq84DKiz26b6xi5/c40bLzCc7zoHySJHIPoHNiUMocQHmyRbOziE6pSWXpmcm rZK5iJ0IF9TAPt58zqkxmUcTr+T/dq1aiVXJNRSp/NolB4rN5Vg8BHywZ8nOYmGl SPDe1Xo15Q1yDBxjaoAo6vMXeu2/DPoVk/WNSceWGcd/ImCqoFpWvmmpuVyJXN0u nFskPkX46KP8SGwf2F9lPWwfLNMGrqSxWh8Wsnevhot/CVjS5hguGlsLvv+5cIE3 DQfDwjMAKXTbJAUXVxcUv4I1k7qoDOPvfaLhZLKaPb2/0TB0Gsovyz9/Dd68Y8a3 bkEoJaM/mnp9p3V//2ITES1LYpibzXL3AUWDWwYvCaIDghllXFn+5tmu7Pd40sIQ Pl/qSzdOQ57OJbjedMsJkhtTX71iuhWbEMvzB+btrKRKKIOcCdnpWYMrYe8Zflil wUWyPiOLNoj18qT/iUfcq2qD98CNPMheYZHr6JWnXDCaRkZ6z7C0yemu/auZOmiD cIeYBa4wnBoYX8Vd1avqyUXAUe2C5gjJOynb7x4TwkKIbcmkrZpMcLM2prNM6h29 G04eqXKH/SODUViPZGn3vahn2SZ4HtN9R7Ae7+pJfbI/0IDjLaA+yzQa6MBBpzNV 9nrxH+hfviekXKwfUo5r =JnUX -----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2020-03-24-3 tvOS 13.4
tvOS 13.4 is now available and addresses the following:
ActionKit Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to use an SSH client provided by private frameworks Description: This issue was addressed with a new entitlement. CVE-2020-3917: Steven Troughton-Smith (@stroughtonsmith)
AppleMobileFileIntegrity Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to use arbitrary entitlements Description: This issue was addressed with improved checks. CVE-2020-3883: Linus Henze (pinauten.de)
Icons Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to identify what other applications a user has installed Description: The issue was addressed with improved handling of icon caches. CVE-2020-9768: Mohamed Ghannam (@_simo36)
IOHIDFamily Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-3919: an anonymous researcher
Kernel Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-3914: pattern-f (@pattern_F_) of WaCai
Kernel Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed with improved state management. CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team
libxml2 Available for: Apple TV 4K and Apple TV HD Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with improved bounds checking. CVE-2020-3909: LGTM.com CVE-2020-3911: found by OSS-Fuzz
libxml2 Available for: Apple TV 4K and Apple TV HD Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with improved size validation. CVE-2020-3895: grigoritchy CVE-2020-3900: Dongzhuo Zhao working with ADLab of Venustech
WebKit Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to read restricted memory Description: A race condition was addressed with additional validation. CVE-2020-3894: Sergei Glazunov of Google Project Zero
WebKit Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2020-3899: found by OSS-Fuzz
WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2020-3901: Benjamin Randazzo (@____benjamin)
WebKit Available for: Apple TV 4K and Apple TV HD Impact: A download's origin may be incorrectly associated Description: A logic issue was addressed with improved restrictions. CVE-2020-9783: Apple
WebKit Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro’s Zero Day Initiative
WebKit Page Loading Available for: Apple TV 4K and Apple TV HD Impact: A file URL may be incorrectly processed Description: A logic issue was addressed with improved restrictions. CVE-2020-3885: Ryan Pickren (ryanpickren.com)
Additional recognition
FontParser We would like to acknowledge Matthew Denton of Google Chrome for their assistance.
Kernel We would like to acknowledge Siguza for their assistance.
LinkPresentation We would like to acknowledge Travis for their assistance.
WebKit We would like to acknowledge Emilio Cobos Álvarez of Mozilla, Samuel Groß of Google Project Zero, and an anonymous researcher for their assistance.
Installation note:
Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software."
To check the current version of software, select "Settings -> General -> About." -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64
iQIcBAEDCAAGBQJeejDRAAoJEAc+Lhnt8tDNZuMQAI9k7Sjmm3XY6UlU2QKZHjVF DvG7/GYla0OrGW2iN8FNVkIAbt49B3s89o1A2G2B09MqhDacoM5HTn4kDBe1UP5e aeLWN3Lb/K3Lbh7hCAyhF2xVf0RuGcMLmdrBiXt0yixk+Enhr7CQgr3Y/c1DYTiz aGj8iHgLT9jEXXEnM65UItxYwWaI99fgMD3lHM2PrvQtrfrGr+od9mECTLtFjjyR 3qKFTD4eFd9OpkL9ATHPzUVfnPQpg0KQW1aFeeKEE9JWtIvkse7nMDGyCzeKUAmy ZtPmoASabzM8tNSzk85FJasNcdiEcNDhNHGNjFvmDjb3e7zAeTT9HSjWwQ2foFYC ZHRkCssrVLV8gW+xZdADk3960yj6QEBTlM2PS/3Mns5yb8v3QGHU9CV/xVhsdOYh +x3hkGDD178hHvJkcYTBqmedWij99m0XhyNv8Hn/xmMm+p36XjwYa8LhhIulmstH l1qW2FptA5gnx1yxLfXZLB3CY2XOMSt9cDqjWyGhnt9hLLshTmLj1lNTiJ3X9KyY DRYDm7bunrFdBCQlu1JJ6POW3jvJjkUa2RmpZlOD/wX8rmli+/q+7LMKQXIor/Ys sB9BoU6xZwBGQK2n9SGeElHsuKPd0e7Ai8sbFESy7QrY56GUXNx6e3hnbg/HsnAz LHsPwi0KWGkdif8r+SvV =Fyl6 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1964",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "icloud",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.9.3"
},
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.1"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.4"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.4"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.4"
},
{
"model": "itunes",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.10.5"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.1 \u672a\u6e80 (macos high sierra)"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.1 \u672a\u6e80 (macos mojave)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.4 \u672a\u6e80 (ipod touch \u7b2c 7 \u4e16\u4ee3)"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.1 \u672a\u6e80 (macos catalina)"
},
{
"model": "ipados",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.4 \u672a\u6e80 (ipad air 2 \u4ee5\u964d)"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 7.18 \u672a\u6e80 (windows 10 \u4ee5\u964d)"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 10.9.3 \u672a\u6e80 (windows 7 \u4ee5\u964d)"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 12.10.5 \u672a\u6e80 (windows 7 \u4ee5\u964d)"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.4 \u672a\u6e80 (apple tv 4k)"
},
{
"model": "ipados",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.4 \u672a\u6e80 (ipad mini 4 \u4ee5\u964d)"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "6.4 \u672a\u6e80 (apple watch series 1 \u4ee5\u964d)"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.4 \u672a\u6e80 (apple tv hd)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.4 \u672a\u6e80 (iphone 6s \u4ee5\u964d)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003557"
},
{
"db": "NVD",
"id": "CVE-2020-9783"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndExcluding": "10.9.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndExcluding": "12.10.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9783"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "156947"
},
{
"db": "PACKETSTORM",
"id": "156904"
},
{
"db": "PACKETSTORM",
"id": "156906"
},
{
"db": "PACKETSTORM",
"id": "156946"
},
{
"db": "PACKETSTORM",
"id": "156896"
}
],
"trust": 0.5
},
"cve": "CVE-2020-9783",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-003557",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-187908",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003557",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-9783",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-003557",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1546",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-187908",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187908"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003557"
},
{
"db": "NVD",
"id": "CVE-2020-9783"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1546"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to code execution. plural Apple The product contains a vulnerability related to the use of freed memory due to a flaw in memory management processing.Created maliciously Web Arbitrary code can be executed by processing the content. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. WebKit is one of the web browser engine components. A resource management error vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Windows-based Apple iCloud versions prior to 7.18 and 10.9.3; Windows-based iTunes versions prior to 12.10.5; iOS versions prior to 13.4; iPadOS versions prior to 13.4; Safari versions prior to 13.1; tvOS Versions prior to 13.4. \n\nInstallation note:\n\nSafari 13.1 may be obtained from the Mac App Store. \n-----BEGIN PGP SIGNATURE-----\nVersion: BCPG v1.64\n\niQIcBAEDCAAGBQJeejDWAAoJEAc+Lhnt8tDN+aYP/2PReUsWsxAK0Xv2Uv6h2jht\naBFzq84DKiz26b6xi5/c40bLzCc7zoHySJHIPoHNiUMocQHmyRbOziE6pSWXpmcm\nrZK5iJ0IF9TAPt58zqkxmUcTr+T/dq1aiVXJNRSp/NolB4rN5Vg8BHywZ8nOYmGl\nSPDe1Xo15Q1yDBxjaoAo6vMXeu2/DPoVk/WNSceWGcd/ImCqoFpWvmmpuVyJXN0u\nnFskPkX46KP8SGwf2F9lPWwfLNMGrqSxWh8Wsnevhot/CVjS5hguGlsLvv+5cIE3\nDQfDwjMAKXTbJAUXVxcUv4I1k7qoDOPvfaLhZLKaPb2/0TB0Gsovyz9/Dd68Y8a3\nbkEoJaM/mnp9p3V//2ITES1LYpibzXL3AUWDWwYvCaIDghllXFn+5tmu7Pd40sIQ\nPl/qSzdOQ57OJbjedMsJkhtTX71iuhWbEMvzB+btrKRKKIOcCdnpWYMrYe8Zflil\nwUWyPiOLNoj18qT/iUfcq2qD98CNPMheYZHr6JWnXDCaRkZ6z7C0yemu/auZOmiD\ncIeYBa4wnBoYX8Vd1avqyUXAUe2C5gjJOynb7x4TwkKIbcmkrZpMcLM2prNM6h29\nG04eqXKH/SODUViPZGn3vahn2SZ4HtN9R7Ae7+pJfbI/0IDjLaA+yzQa6MBBpzNV\n9nrxH+hfviekXKwfUo5r\n=JnUX\n-----END PGP SIGNATURE-----\n\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2020-03-24-3 tvOS 13.4\n\ntvOS 13.4 is now available and addresses the following:\n\nActionKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to use an SSH client provided by\nprivate frameworks\nDescription: This issue was addressed with a new entitlement. \nCVE-2020-3917: Steven Troughton-Smith (@stroughtonsmith)\n\nAppleMobileFileIntegrity\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to use arbitrary entitlements\nDescription: This issue was addressed with improved checks. \nCVE-2020-3883: Linus Henze (pinauten.de)\n\nIcons\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to identify what other\napplications a user has installed\nDescription: The issue was addressed with improved handling of icon\ncaches. \nCVE-2020-9768: Mohamed Ghannam (@_simo36)\n\nIOHIDFamily\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2020-3919: an anonymous researcher\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to read restricted memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2020-3914: pattern-f (@pattern_F_) of WaCai\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: Multiple memory corruption issues were addressed with\nimproved state management. \nCVE-2020-9785: Proteas of Qihoo 360 Nirvan Team\n\nlibxml2\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Multiple issues in libxml2\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2020-3909: LGTM.com\nCVE-2020-3911: found by OSS-Fuzz\n\nlibxml2\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Multiple issues in libxml2\nDescription: A buffer overflow was addressed with improved size\nvalidation. \nCVE-2020-3895: grigoritchy\nCVE-2020-3900: Dongzhuo Zhao working with ADLab of Venustech\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to read restricted memory\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2020-3894: Sergei Glazunov of Google Project Zero\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2020-3899: found by OSS-Fuzz\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing maliciously crafted web content may lead to a\ncross site scripting attack\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2020-3901: Benjamin Randazzo (@____benjamin)\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A download\u0027s origin may be incorrectly associated\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-9783: Apple\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro\u2019s\nZero Day Initiative\n\nWebKit Page Loading\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A file URL may be incorrectly processed\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-3885: Ryan Pickren (ryanpickren.com)\n\nAdditional recognition\n\nFontParser\nWe would like to acknowledge Matthew Denton of Google Chrome for\ntheir assistance. \n\nKernel\nWe would like to acknowledge Siguza for their assistance. \n\nLinkPresentation\nWe would like to acknowledge Travis for their assistance. \n\nWebKit\nWe would like to acknowledge Emilio Cobos \u00c1lvarez of Mozilla, Samuel\nGro\u00df of Google Project Zero, and an anonymous researcher for their\nassistance. \n\nInstallation note:\n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e System -\u003e Software Update -\u003e Update Software.\"\n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About.\"\n-----BEGIN PGP SIGNATURE-----\nVersion: BCPG v1.64\n\niQIcBAEDCAAGBQJeejDRAAoJEAc+Lhnt8tDNZuMQAI9k7Sjmm3XY6UlU2QKZHjVF\nDvG7/GYla0OrGW2iN8FNVkIAbt49B3s89o1A2G2B09MqhDacoM5HTn4kDBe1UP5e\naeLWN3Lb/K3Lbh7hCAyhF2xVf0RuGcMLmdrBiXt0yixk+Enhr7CQgr3Y/c1DYTiz\naGj8iHgLT9jEXXEnM65UItxYwWaI99fgMD3lHM2PrvQtrfrGr+od9mECTLtFjjyR\n3qKFTD4eFd9OpkL9ATHPzUVfnPQpg0KQW1aFeeKEE9JWtIvkse7nMDGyCzeKUAmy\nZtPmoASabzM8tNSzk85FJasNcdiEcNDhNHGNjFvmDjb3e7zAeTT9HSjWwQ2foFYC\nZHRkCssrVLV8gW+xZdADk3960yj6QEBTlM2PS/3Mns5yb8v3QGHU9CV/xVhsdOYh\n+x3hkGDD178hHvJkcYTBqmedWij99m0XhyNv8Hn/xmMm+p36XjwYa8LhhIulmstH\nl1qW2FptA5gnx1yxLfXZLB3CY2XOMSt9cDqjWyGhnt9hLLshTmLj1lNTiJ3X9KyY\nDRYDm7bunrFdBCQlu1JJ6POW3jvJjkUa2RmpZlOD/wX8rmli+/q+7LMKQXIor/Ys\nsB9BoU6xZwBGQK2n9SGeElHsuKPd0e7Ai8sbFESy7QrY56GUXNx6e3hnbg/HsnAz\nLHsPwi0KWGkdif8r+SvV\n=Fyl6\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9783"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003557"
},
{
"db": "VULHUB",
"id": "VHN-187908"
},
{
"db": "PACKETSTORM",
"id": "156947"
},
{
"db": "PACKETSTORM",
"id": "156904"
},
{
"db": "PACKETSTORM",
"id": "156906"
},
{
"db": "PACKETSTORM",
"id": "156946"
},
{
"db": "PACKETSTORM",
"id": "156896"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-9783",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU96545608",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003557",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1546",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "49317",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-187908",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156947",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156904",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156906",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156946",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156896",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187908"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003557"
},
{
"db": "PACKETSTORM",
"id": "156947"
},
{
"db": "PACKETSTORM",
"id": "156904"
},
{
"db": "PACKETSTORM",
"id": "156906"
},
{
"db": "PACKETSTORM",
"id": "156946"
},
{
"db": "PACKETSTORM",
"id": "156896"
},
{
"db": "NVD",
"id": "CVE-2020-9783"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1546"
}
]
},
"id": "VAR-202004-1964",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-187908"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:12:35.985000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT211107",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht211107"
},
{
"title": "HT211101",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht211101"
},
{
"title": "HT211102",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht211102"
},
{
"title": "HT211104",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht211104"
},
{
"title": "HT211105",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht211105"
},
{
"title": "HT211106",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht211106"
},
{
"title": "HT211101",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht211101"
},
{
"title": "HT211102",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht211102"
},
{
"title": "HT211104",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht211104"
},
{
"title": "HT211105",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht211105"
},
{
"title": "HT211106",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht211106"
},
{
"title": "HT211107",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht211107"
},
{
"title": "Multiple Apple product WebKit Fixes for component resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=112958"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003557"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1546"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187908"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003557"
},
{
"db": "NVD",
"id": "CVE-2020-9783"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9783"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht211101"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht211102"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht211104"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht211105"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht211106"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht211107"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9783"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96545608/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/49317"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht211107"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3899"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3900"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3901"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3902"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3897"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3894"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3887"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3895"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3885"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3911"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3910"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3909"
},
{
"trust": 0.2,
"url": "https://support.apple.com/ht204283"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9784"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/download/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3883"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9773"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9768"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3914"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3917"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3919"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187908"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003557"
},
{
"db": "PACKETSTORM",
"id": "156947"
},
{
"db": "PACKETSTORM",
"id": "156904"
},
{
"db": "PACKETSTORM",
"id": "156906"
},
{
"db": "PACKETSTORM",
"id": "156946"
},
{
"db": "PACKETSTORM",
"id": "156896"
},
{
"db": "NVD",
"id": "CVE-2020-9783"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1546"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-187908"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003557"
},
{
"db": "PACKETSTORM",
"id": "156947"
},
{
"db": "PACKETSTORM",
"id": "156904"
},
{
"db": "PACKETSTORM",
"id": "156906"
},
{
"db": "PACKETSTORM",
"id": "156946"
},
{
"db": "PACKETSTORM",
"id": "156896"
},
{
"db": "NVD",
"id": "CVE-2020-9783"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1546"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-01T00:00:00",
"db": "VULHUB",
"id": "VHN-187908"
},
{
"date": "2020-04-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003557"
},
{
"date": "2020-03-28T14:19:08",
"db": "PACKETSTORM",
"id": "156947"
},
{
"date": "2020-03-25T14:34:53",
"db": "PACKETSTORM",
"id": "156904"
},
{
"date": "2020-03-25T14:36:33",
"db": "PACKETSTORM",
"id": "156906"
},
{
"date": "2020-03-28T14:18:46",
"db": "PACKETSTORM",
"id": "156946"
},
{
"date": "2020-03-25T14:25:02",
"db": "PACKETSTORM",
"id": "156896"
},
{
"date": "2020-04-01T18:15:18.067000",
"db": "NVD",
"id": "CVE-2020-9783"
},
{
"date": "2020-03-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1546"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-187908"
},
{
"date": "2020-04-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003557"
},
{
"date": "2020-04-02T20:03:16.393000",
"db": "NVD",
"id": "CVE-2020-9783"
},
{
"date": "2021-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1546"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1546"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Product Corruption Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003557"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1546"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.