var-202010-1503
Vulnerability from variot
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. plural Apple An out-of-bounds write vulnerability exists in the product due to a flaw in the processing related to boundary checks.Arbitrary code can be executed by processing maliciously created images. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the ImageIO framework. Crafted data in a PIC image can trigger a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in the ImageIO component of several Apple products. The following products and versions are affected: Apple iOS prior to 13.6; iPadOS prior to 13.6; tvOS prior to 13.4.8; watchOS prior to 6.2.8; macOS Catalina prior to 10.15.6; Windows-based iTunes prior to 12.10.8 . CVE-2020-9799: ABC Research s.r.o.
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl8PhNUACgkQBz4uGe3y 0M0E+RAAp2U0LzUJ1tDoQZsm0yUZ9aEz1BDuQXKH9wAMV+nHCa9A7PbaLqwwxbni T3jjW35hw5s5II2l4HpN2qtFbm8B2ZLrMRyFTFvlOyLtyWmn5iOPYTdT6Uf4EUgS xXtPdYJ/7lFBeCCGuVuBJ2QnJN9L2MJQFhh5Cvya2YOhxHYsRA5iPNJeehFZ1N0f 42Se8Tcn/0NXLK0+qRl0m8TLa80hQaisGLH9RPQTxCu3vaJVD0fvcQ1eOkH8ETXR dqIO4nsP2kuD8QMjC8DXo3KT9fTFv1iUy0s96zMEl95Ekg4dL0nsBxKwfI2kSyZ5 1vE346GRG23w9on0FU+2qoq4LfXKmJ5HLB4xDxegm/PLdd842tppv2LAmSO8vRZR Qmin4IERfEmGEUGKDsFM4tGH5j34mAlDklgil3/H9Ca0ucchpoIFiP8jmXytNCqy lIafyOfIfInBAqlZizV0/9l37JKXTvispcAuJMg5fb29zvtprOSIP075jN9KMRB3 k3liMFwPgs+kNS5smQsbVVYOWphP1jgbXozjqfoIKUdFxecHjHVfl6e2W3kDPgf6 noQSn3lgPulVYgn3LqzEhL7G3QtRyzEzgqWG1sinlFJCDrmCBC5p+6lESuRVCcAk d3AKO4eyJ9CCcLL9+nBYL1tx94Wb2MyaIHJld3GcLFf3Y+UmtB8= =TFfd -----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2020-07-15-3 tvOS 13.4.8
tvOS 13.4.8 is now available and addresses the following:
Audio Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9889: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab
Audio Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9888: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab CVE-2020-9890: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab CVE-2020-9891: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab
AVEVideoEncoder Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2020-9907: an anonymous researcher
Crash Reporter Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud
GeoServices Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to read sensitive location information Description: An authorization issue was addressed with improved state management. CVE-2020-9933: Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc.
iAP Available for: Apple TV 4K and Apple TV HD Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: An input validation issue existed in Bluetooth. CVE-2020-9914: Andy Davis of NCC Group
ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9936: Mickey Jin of Trend Micro
Kernel Available for: Apple TV 4K and Apple TV HD Impact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel Description: A routing issue was addressed with improved restrictions. CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall
Kernel Available for: Apple TV 4K and Apple TV HD Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9909: Brandon Azad of Google Project Zero
WebKit Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative
WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Description: An access issue existed in Content Security Policy. CVE-2020-9915: an anonymous researcher
WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2020-9925: an anonymous researcher
WebKit Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative CVE-2020-9895: Wen Xu of SSLab, Georgia Tech
WebKit Available for: Apple TV 4K and Apple TV HD Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: Multiple issues were addressed with improved logic. CVE-2020-9910: Samuel Groß of Google Project Zero
WebKit Page Loading Available for: Apple TV 4K and Apple TV HD Impact: A malicious attacker may be able to conceal the destination of a URL Description: A URL Unicode encoding issue was addressed with improved state management. CVE-2020-9916: Rakesh Mane (@RakeshMane10)
WebKit Web Inspector Available for: Apple TV 4K and Apple TV HD Impact: Copying a URL from Web Inspector may lead to command injection Description: A command injection issue existed in Web Inspector. CVE-2020-9862: Ophir Lojkine (@lovasoa)
Wi-Fi Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn)
Additional recognition
Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.
Installation note:
Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software."
To check the current version of software, select "Settings -> General -> About." -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl8PhQUACgkQBz4uGe3y 0M33Vw//fmvay18+s9sn8Gv2VfSgT2VcmDHMNTch9QoYbm7spSflAc8zWdToUOpK fiJAVEHB+adcGy3syi4z+utNf3l1XchVMuaxLKzDyS7LDiDIwczivrr642A+ahlk vrHXcdwQkf0Y3QdQF9DwcOfzyNvaRRJ2eICKlrjm4BrcoP63eoBTGKgcZp6EAOQu c0X5M2F2GcV4VwSmSuzKtsNlkjWlaD55meVWjGZGGUp4d0tk0BtmAWISAXf2NfFF WQyKQ9snXMzzF4SRA3cbWqFFluKDYyPx7Lh2jLB+KcrTRCtuMi+cAu3QQezRwIUD LnKzLbAbOO8Mu67aLjoBdW0IdCHbGpdK6I/aGi0eV029+tBdcn5UOfPIhGT9WDkQ tlDr5RCqWvc02F6e5SetIGRY1YGV6DWqo0U1h6cBdVgnx5g3aIZzXihATMV+4bxj Vijf8iDG5LsO4Bx8g1aekrn37OQnr7WuFHLZrHKZyQejn6IdOQ2fyzH43/0mLiE3 eaoGwghlFXhOpbUx26owjEkDuC5GgboctjefqtJ9Zu7yfSS2GDAq23Qp9IXy/Avf cIIB0bnz9Mk+2qrZ2GDZXBePacLoVSNvaBywyrs6MMANrsi3Ioq3xug8b8WnTozL lMrdAVr64+qTn0YTc6QwNs9golbRQh3z2U6Hk/niQXlWZilaK/s= =+zqK -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-1503",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.6"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.6"
},
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.1.2"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "6.2.8"
},
{
"model": "itunes",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.10.8"
},
{
"model": "icloud",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "7.20"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.4.8"
},
{
"model": "icloud",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.3"
},
{
"model": "icloud",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "7.20 \u672a\u6e80 (windows 7 \u4ee5\u964d)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.6 \u672a\u6e80 (iphone 6s \u4ee5\u964d)"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.15.5"
},
{
"model": "ipados",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.6 \u672a\u6e80 (ipad mini 4 \u4ee5\u964d)"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "6.2.8 \u672a\u6e80 (apple watch series 1 \u4ee5\u964d)"
},
{
"model": "icloud",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "11.3 \u672a\u6e80 (microsoft store \u304b\u3089\u5165\u624b\u3057\u305f windows 10 \u4ee5\u964d)"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.6 \u672a\u6e80 (ipod touch \u7b2c 7 \u4e16\u4ee3)"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.4.8 \u672a\u6e80 (apple tv hd)"
},
{
"model": "ipados",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.6 \u672a\u6e80 (ipad air 2 \u4ee5\u964d)"
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "13.4.8 \u672a\u6e80 (apple tv 4k)"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "for windows 12.10.8 \u672a\u6e80 (windows 7 \u4ee5\u964d)"
},
{
"model": "macos",
"scope": null,
"trust": 0.7,
"vendor": "apple",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-910"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009682"
},
{
"db": "NVD",
"id": "CVE-2020-9936"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.4.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndExcluding": "7.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndExcluding": "11.3",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndExcluding": "12.10.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.1.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.2.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9936"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mickey Jin of Trend Micro Mobile Security Research Team",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-910"
}
],
"trust": 0.7
},
"cve": "CVE-2020-9936",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-009682",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-188061",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-9936",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-009682",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2020-9936",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-9936",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-009682",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2020-9936",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-1096",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-188061",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-9936",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-910"
},
{
"db": "VULHUB",
"id": "VHN-188061"
},
{
"db": "VULMON",
"id": "CVE-2020-9936"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009682"
},
{
"db": "NVD",
"id": "CVE-2020-9936"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1096"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. plural Apple An out-of-bounds write vulnerability exists in the product due to a flaw in the processing related to boundary checks.Arbitrary code can be executed by processing maliciously created images. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the ImageIO framework. Crafted data in a PIC image can trigger a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in the ImageIO component of several Apple products. The following products and versions are affected: Apple iOS prior to 13.6; iPadOS prior to 13.6; tvOS prior to 13.4.8; watchOS prior to 6.2.8; macOS Catalina prior to 10.15.6; Windows-based iTunes prior to 12.10.8 . \nCVE-2020-9799: ABC Research s.r.o. \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl8PhNUACgkQBz4uGe3y\n0M0E+RAAp2U0LzUJ1tDoQZsm0yUZ9aEz1BDuQXKH9wAMV+nHCa9A7PbaLqwwxbni\nT3jjW35hw5s5II2l4HpN2qtFbm8B2ZLrMRyFTFvlOyLtyWmn5iOPYTdT6Uf4EUgS\nxXtPdYJ/7lFBeCCGuVuBJ2QnJN9L2MJQFhh5Cvya2YOhxHYsRA5iPNJeehFZ1N0f\n42Se8Tcn/0NXLK0+qRl0m8TLa80hQaisGLH9RPQTxCu3vaJVD0fvcQ1eOkH8ETXR\ndqIO4nsP2kuD8QMjC8DXo3KT9fTFv1iUy0s96zMEl95Ekg4dL0nsBxKwfI2kSyZ5\n1vE346GRG23w9on0FU+2qoq4LfXKmJ5HLB4xDxegm/PLdd842tppv2LAmSO8vRZR\nQmin4IERfEmGEUGKDsFM4tGH5j34mAlDklgil3/H9Ca0ucchpoIFiP8jmXytNCqy\nlIafyOfIfInBAqlZizV0/9l37JKXTvispcAuJMg5fb29zvtprOSIP075jN9KMRB3\nk3liMFwPgs+kNS5smQsbVVYOWphP1jgbXozjqfoIKUdFxecHjHVfl6e2W3kDPgf6\nnoQSn3lgPulVYgn3LqzEhL7G3QtRyzEzgqWG1sinlFJCDrmCBC5p+6lESuRVCcAk\nd3AKO4eyJ9CCcLL9+nBYL1tx94Wb2MyaIHJld3GcLFf3Y+UmtB8=\n=TFfd\n-----END PGP SIGNATURE-----\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2020-07-15-3 tvOS 13.4.8\n\ntvOS 13.4.8 is now available and addresses the following:\n\nAudio\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9889: JunDong Xie and XingWei Li of Ant-financial Light-Year\nSecurity Lab\n\nAudio\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9888: JunDong Xie and XingWei Li of Ant-financial Light-Year\nSecurity Lab\nCVE-2020-9890: JunDong Xie and XingWei Li of Ant-financial Light-Year\nSecurity Lab\nCVE-2020-9891: JunDong Xie and XingWei Li of Ant-financial Light-Year\nSecurity Lab\n\nAVEVideoEncoder\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed by removing the\nvulnerable code. \nCVE-2020-9907: an anonymous researcher\n\nCrash Reporter\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: A memory corruption issue was addressed by removing the\nvulnerable code. \nCVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360\nBugCloud\n\nGeoServices\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to read sensitive\nlocation information\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2020-9933: Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc. \n\niAP\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An attacker in a privileged network position may be able to\nexecute arbitrary code\nDescription: An input validation issue existed in Bluetooth. \nCVE-2020-9914: Andy Davis of NCC Group\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9936: Mickey Jin of Trend Micro\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An attacker in a privileged network position may be able to\ninject into active connections within a VPN tunnel\nDescription: A routing issue was addressed with improved\nrestrictions. \nCVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. \nCrandall\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An attacker that has already achieved kernel code execution\nmay be able to bypass kernel memory mitigations\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9909: Brandon Azad of Google Project Zero\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing maliciously crafted web content may prevent\nContent Security Policy from being enforced\nDescription: An access issue existed in Content Security Policy. \nCVE-2020-9915: an anonymous researcher\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing maliciously crafted web content may lead to\nuniversal cross site scripting\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-9925: an anonymous researcher\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative\nCVE-2020-9895: Wen Xu of SSLab, Georgia Tech\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious attacker with arbitrary read and write capability\nmay be able to bypass Pointer Authentication\nDescription: Multiple issues were addressed with improved logic. \nCVE-2020-9910: Samuel Gro\u00df of Google Project Zero\n\nWebKit Page Loading\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious attacker may be able to conceal the destination\nof a URL\nDescription: A URL Unicode encoding issue was addressed with improved\nstate management. \nCVE-2020-9916: Rakesh Mane (@RakeshMane10)\n\nWebKit Web Inspector\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Copying a URL from Web Inspector may lead to command\ninjection\nDescription: A command injection issue existed in Web Inspector. \nCVE-2020-9862: Ophir Lojkine (@lovasoa)\n\nWi-Fi\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud\n(bugcloud.360.cn)\n\nAdditional recognition\n\nKernel\nWe would like to acknowledge Brandon Azad of Google Project Zero for\ntheir assistance. \n\nInstallation note:\n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e System -\u003e Software Update -\u003e Update Software.\"\n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About.\"\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl8PhQUACgkQBz4uGe3y\n0M33Vw//fmvay18+s9sn8Gv2VfSgT2VcmDHMNTch9QoYbm7spSflAc8zWdToUOpK\nfiJAVEHB+adcGy3syi4z+utNf3l1XchVMuaxLKzDyS7LDiDIwczivrr642A+ahlk\nvrHXcdwQkf0Y3QdQF9DwcOfzyNvaRRJ2eICKlrjm4BrcoP63eoBTGKgcZp6EAOQu\nc0X5M2F2GcV4VwSmSuzKtsNlkjWlaD55meVWjGZGGUp4d0tk0BtmAWISAXf2NfFF\nWQyKQ9snXMzzF4SRA3cbWqFFluKDYyPx7Lh2jLB+KcrTRCtuMi+cAu3QQezRwIUD\nLnKzLbAbOO8Mu67aLjoBdW0IdCHbGpdK6I/aGi0eV029+tBdcn5UOfPIhGT9WDkQ\ntlDr5RCqWvc02F6e5SetIGRY1YGV6DWqo0U1h6cBdVgnx5g3aIZzXihATMV+4bxj\nVijf8iDG5LsO4Bx8g1aekrn37OQnr7WuFHLZrHKZyQejn6IdOQ2fyzH43/0mLiE3\neaoGwghlFXhOpbUx26owjEkDuC5GgboctjefqtJ9Zu7yfSS2GDAq23Qp9IXy/Avf\ncIIB0bnz9Mk+2qrZ2GDZXBePacLoVSNvaBywyrs6MMANrsi3Ioq3xug8b8WnTozL\nlMrdAVr64+qTn0YTc6QwNs9golbRQh3z2U6Hk/niQXlWZilaK/s=\n=+zqK\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9936"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009682"
},
{
"db": "ZDI",
"id": "ZDI-20-910"
},
{
"db": "VULHUB",
"id": "VHN-188061"
},
{
"db": "VULMON",
"id": "CVE-2020-9936"
},
{
"db": "PACKETSTORM",
"id": "158457"
},
{
"db": "PACKETSTORM",
"id": "158461"
},
{
"db": "PACKETSTORM",
"id": "158458"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-9936",
"trust": 3.6
},
{
"db": "ZDI",
"id": "ZDI-20-910",
"trust": 1.3
},
{
"db": "JVN",
"id": "JVNVU95491800",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94090210",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009682",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11107",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1096",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158461",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "50005",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2432",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-49302",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-188061",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-9936",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158457",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158458",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-910"
},
{
"db": "VULHUB",
"id": "VHN-188061"
},
{
"db": "VULMON",
"id": "CVE-2020-9936"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009682"
},
{
"db": "PACKETSTORM",
"id": "158457"
},
{
"db": "PACKETSTORM",
"id": "158461"
},
{
"db": "PACKETSTORM",
"id": "158458"
},
{
"db": "NVD",
"id": "CVE-2020-9936"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1096"
}
]
},
"id": "VAR-202010-1503",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-188061"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:04:15.145000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT211291",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht211291"
},
{
"title": "HT211293",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht211293"
},
{
"title": "HT211294",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht211294"
},
{
"title": "HT211295",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht211295"
},
{
"title": "HT211288",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht211288"
},
{
"title": "HT211289",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht211289"
},
{
"title": "HT211290",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht211290"
},
{
"title": "HT211293",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht211293"
},
{
"title": "HT211294",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht211294"
},
{
"title": "HT211295",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht211295"
},
{
"title": "HT211288",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht211288"
},
{
"title": "HT211289",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht211289"
},
{
"title": "HT211290",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht211290"
},
{
"title": "HT211291",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/ht211291"
},
{
"title": "Apple has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://support.apple.com/en-gb/ht211289"
},
{
"title": "Multiple Apple product ImageIO Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=124779"
},
{
"title": "Apple: macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=aa30f53f014f01d7a0510a965599d2a9"
},
{
"title": "Apple: iCloud for Windows 7.20",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=50e6b35a047c9702f4cdebdf81483b05"
},
{
"title": "Apple: iCloud for Windows 11.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=947a08401ec7e5f309d5ae26f5006f48"
},
{
"title": "Apple: iOS 13.6 and iPadOS 13.6",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=a82d39d4c9a42fcf07757428b2f562b3"
},
{
"title": null,
"trust": 0.1,
"url": "https://www.theregister.co.uk/2020/07/16/apple_july_updates/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-910"
},
{
"db": "VULMON",
"id": "CVE-2020-9936"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009682"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1096"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-188061"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009682"
},
{
"db": "NVD",
"id": "CVE-2020-9936"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://support.apple.com/ht211288"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht211289"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht211290"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht211291"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht211293"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht211294"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht211295"
},
{
"trust": 1.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9936"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9936"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94090210/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95491800/index.html"
},
{
"trust": 0.7,
"url": "https://support.apple.com/en-gb/ht211289"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-910/"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht211291"
},
{
"trust": 0.6,
"url": "https://support.apple.com/kb/ht211288"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-32847"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/50005"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht211295"
},
{
"trust": 0.6,
"url": "https://support.apple.com/kb/ht211294"
},
{
"trust": 0.6,
"url": "https://support.apple.com/kb/ht211293"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2432/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158461/apple-security-advisory-2020-07-15-4.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9918"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9889"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9888"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9891"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9890"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9865"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14899"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9885"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9915"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9925"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9894"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9909"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9916"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9933"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9910"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9895"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9893"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9862"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/185431"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9878"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9799"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9913"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9864"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9866"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9884"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9934"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9870"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20807"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9923"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9914"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9907"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-910"
},
{
"db": "VULHUB",
"id": "VHN-188061"
},
{
"db": "VULMON",
"id": "CVE-2020-9936"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009682"
},
{
"db": "PACKETSTORM",
"id": "158457"
},
{
"db": "PACKETSTORM",
"id": "158461"
},
{
"db": "PACKETSTORM",
"id": "158458"
},
{
"db": "NVD",
"id": "CVE-2020-9936"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1096"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-20-910"
},
{
"db": "VULHUB",
"id": "VHN-188061"
},
{
"db": "VULMON",
"id": "CVE-2020-9936"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-009682"
},
{
"db": "PACKETSTORM",
"id": "158457"
},
{
"db": "PACKETSTORM",
"id": "158461"
},
{
"db": "PACKETSTORM",
"id": "158458"
},
{
"db": "NVD",
"id": "CVE-2020-9936"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1096"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-21T00:00:00",
"db": "ZDI",
"id": "ZDI-20-910"
},
{
"date": "2020-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-188061"
},
{
"date": "2020-10-16T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9936"
},
{
"date": "2020-11-27T06:28:37",
"db": "JVNDB",
"id": "JVNDB-2020-009682"
},
{
"date": "2020-07-17T19:23:49",
"db": "PACKETSTORM",
"id": "158457"
},
{
"date": "2020-07-17T19:28:19",
"db": "PACKETSTORM",
"id": "158461"
},
{
"date": "2020-07-17T19:24:07",
"db": "PACKETSTORM",
"id": "158458"
},
{
"date": "2020-10-16T17:15:17.700000",
"db": "NVD",
"id": "CVE-2020-9936"
},
{
"date": "2020-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1096"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-21T00:00:00",
"db": "ZDI",
"id": "ZDI-20-910"
},
{
"date": "2023-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-188061"
},
{
"date": "2020-10-20T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9936"
},
{
"date": "2020-11-27T06:28:37",
"db": "JVNDB",
"id": "JVNDB-2020-009682"
},
{
"date": "2023-01-09T16:41:59.350000",
"db": "NVD",
"id": "CVE-2020-9936"
},
{
"date": "2023-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1096"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1096"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Apple Out-of-bounds write vulnerabilities in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-009682"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1096"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.