cnvd - cnvd-2020-52148

cnvd-2020-52148

Vulnerability from cnvd

Title: 多款Apple产品WebKit组件内存损坏漏洞（CNVD-2020-52148）

Description:

Apple iOS等都是美国苹果（Apple）公司的产品。Apple iOS是一套为移动设备所开发的操作系统。Apple tvOS是一套智能电视操作系统。Apple iPadOS是一套用于iPad平板电脑的操作系统。WebKit是其中的一个Web浏览器引擎组件。

多款Apple产品中的WebKit组件存在内存损坏漏洞，攻击者可借助特制Web内容利用该漏洞执行任意代码。

Severity: 中

Patch Name: 多款Apple产品WebKit组件内存损坏漏洞（CNVD-2020-52148）的补丁

Patch Description:

多款Apple产品中的WebKit组件存在内存损坏漏洞，攻击者可借助特制Web内容利用该漏洞执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://support.apple.com/zh-cn/HT211168 https://support.apple.com/zh-cn/HT211171 https://support.apple.com/zh-cn/HT211175 https://support.apple.com/zh-cn/HT211177 https://support.apple.com/zh-cn/HT211178 https://support.apple.com/zh-cn/HT211179 https://support.apple.com/zh-cn/HT211181

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-9806

Impacted products

Name
['Apple iOS <13.5', 'Apple iPadOS <13.5', 'Apple tvOS <13.4.5', 'Apple watchOS <6.2.5', 'Apple Safari <13.1.1', 'Apple iTunes for Windows <12.10.7', 'Apple iCloud for Windows <7.19', 'Apple iCloud for Windows <11.2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-9806"
    }
  },
  "description": "Apple iOS\u7b49\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e00\u5957\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple tvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\u3002Apple iPadOS\u662f\u4e00\u5957\u7528\u4e8eiPad\u5e73\u677f\u7535\u8111\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002WebKit\u662f\u5176\u4e2d\u7684\u4e00\u4e2aWeb\u6d4f\u89c8\u5668\u5f15\u64ce\u7ec4\u4ef6\u3002\n\n\u591a\u6b3eApple\u4ea7\u54c1\u4e2d\u7684WebKit\u7ec4\u4ef6\u5b58\u5728\u5185\u5b58\u635f\u574f\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236Web\u5185\u5bb9\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.apple.com/zh-cn/HT211168\r\nhttps://support.apple.com/zh-cn/HT211171\r\nhttps://support.apple.com/zh-cn/HT211175\r\nhttps://support.apple.com/zh-cn/HT211177\r\nhttps://support.apple.com/zh-cn/HT211178\r\nhttps://support.apple.com/zh-cn/HT211179\r\nhttps://support.apple.com/zh-cn/HT211181",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-52148",
  "openTime": "2020-09-15",
  "patchDescription": "Apple iOS\u7b49\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple iOS\u662f\u4e00\u5957\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple tvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\u3002Apple iPadOS\u662f\u4e00\u5957\u7528\u4e8eiPad\u5e73\u677f\u7535\u8111\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002WebKit\u662f\u5176\u4e2d\u7684\u4e00\u4e2aWeb\u6d4f\u89c8\u5668\u5f15\u64ce\u7ec4\u4ef6\u3002\r\n\r\n\u591a\u6b3eApple\u4ea7\u54c1\u4e2d\u7684WebKit\u7ec4\u4ef6\u5b58\u5728\u5185\u5b58\u635f\u574f\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236Web\u5185\u5bb9\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eApple\u4ea7\u54c1WebKit\u7ec4\u4ef6\u5185\u5b58\u635f\u574f\u6f0f\u6d1e\uff08CNVD-2020-52148\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple  iOS \u003c13.5",
      "Apple  iPadOS \u003c13.5",
      "Apple  tvOS \u003c13.4.5",
      "Apple  watchOS \u003c6.2.5",
      "Apple  Safari \u003c13.1.1",
      "Apple iTunes for Windows \u003c12.10.7",
      "Apple iCloud for Windows \u003c7.19",
      "Apple iCloud for Windows \u003c11.2"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-9806",
  "serverity": "\u4e2d",
  "submitTime": "2020-05-28",
  "title": "\u591a\u6b3eApple\u4ea7\u54c1WebKit\u7ec4\u4ef6\u5185\u5b58\u635f\u574f\u6f0f\u6d1e\uff08CNVD-2020-52148\uff09"
}

CVE-2020-9806 (GCVE-0-2020-9806)

Vulnerability from cvelistv5

Published

2020-06-09 16:07

Modified

2024-08-04 10:43

Severity ?

CWE

Processing maliciously crafted web content may lead to arbitrary code execution

Summary

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

References

▼	URL	Tags
	https://support.apple.com/HT211168	x_refsource_MISC
	https://support.apple.com/HT211171	x_refsource_MISC
	https://support.apple.com/HT211175	x_refsource_MISC
	https://support.apple.com/HT211178	x_refsource_MISC
	https://support.apple.com/HT211179	x_refsource_MISC
	https://support.apple.com/HT211181	x_refsource_MISC
	https://support.apple.com/HT211177	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

Apple

iOS

Version: unspecified < iOS 13.5 and iPadOS 13.5

Apple	tvOS	Version: unspecified < tvOS 13.4.5
Apple	watchOS	Version: unspecified < watchOS 6.2.5
Apple	Safari	Version: unspecified < Safari 13.1.1
Apple	iTunes for Windows	Version: unspecified < iTunes 12.10.7 for Windows
Apple	iCloud for Windows	Version: unspecified < iCloud for Windows 11.2
Apple	iCloud for Windows (Legacy)	Version: unspecified < iCloud for Windows 7.19

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:43:05.087Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT211168"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT211171"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT211175"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT211178"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT211179"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT211181"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT211177"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iOS 13.5 and iPadOS 13.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "tvOS 13.4.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "watchOS 6.2.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "Safari 13.1.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iTunes for Windows",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iTunes 12.10.7 for Windows",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iCloud for Windows",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iCloud for Windows 11.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iCloud for Windows (Legacy)",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "iCloud for Windows 7.19",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may lead to arbitrary code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-16T16:15:24",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT211168"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT211171"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT211175"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT211178"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT211179"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT211181"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/HT211177"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2020-9806",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iOS 13.5 and iPadOS 13.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "tvOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "tvOS 13.4.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "watchOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "watchOS 6.2.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Safari",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "Safari 13.1.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "iTunes for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iTunes 12.10.7 for Windows"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "iCloud for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iCloud for Windows 11.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "iCloud for Windows (Legacy)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "iCloud for Windows 7.19"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Processing maliciously crafted web content may lead to arbitrary code execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT211168",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT211168"
            },
            {
              "name": "https://support.apple.com/HT211171",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT211171"
            },
            {
              "name": "https://support.apple.com/HT211175",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT211175"
            },
            {
              "name": "https://support.apple.com/HT211178",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT211178"
            },
            {
              "name": "https://support.apple.com/HT211179",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT211179"
            },
            {
              "name": "https://support.apple.com/HT211181",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT211181"
            },
            {
              "name": "https://support.apple.com/HT211177",
              "refsource": "MISC",
              "url": "https://support.apple.com/HT211177"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2020-9806",
    "datePublished": "2020-06-09T16:07:46",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-08-04T10:43:05.087Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted