cvelistv5 - cve-2020-9783

cve-2020-9783

Vulnerability from cvelistv5

Published

2020-04-01 17:57

Modified

2024-08-04 10:43

Severity ?

Summary

References

URL	Tags
product-security@apple.com	https://support.apple.com/HT211101	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT211102	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT211104	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT211105	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT211106	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT211107	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211101	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211102	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211104	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211105	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211106	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211107	Vendor Advisory

Impacted products

Vendor

Product

Version

▼

Apple

iOS

Version: unspecified < iOS 13.4 and iPadOS 13.4

Apple	tvOS	Version: unspecified < tvOS 13.4
Apple	Safari	Version: unspecified < Safari 13.1
Apple	iTunes for Windows	Version: unspecified < iTunes for Windows 12.10.5
Apple	iCloud for Windows	Version: unspecified < iCloud for Windows 10.9.3
Apple	iCloud for Windows (Legacy)	Version: unspecified < iCloud for Windows 7.18

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T10:43:04.501Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/HT211102",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/HT211101",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/HT211104",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/HT211105",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/HT211106",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/HT211107",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "iOS",
               vendor: "Apple",
               versions: [
                  {
                     lessThan: "iOS 13.4 and iPadOS 13.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "tvOS",
               vendor: "Apple",
               versions: [
                  {
                     lessThan: "tvOS 13.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "Safari",
               vendor: "Apple",
               versions: [
                  {
                     lessThan: "Safari 13.1",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "iTunes for Windows",
               vendor: "Apple",
               versions: [
                  {
                     lessThan: "iTunes for Windows 12.10.5",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "iCloud for Windows",
               vendor: "Apple",
               versions: [
                  {
                     lessThan: "iCloud for Windows 10.9.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "iCloud for Windows (Legacy)",
               vendor: "Apple",
               versions: [
                  {
                     lessThan: "iCloud for Windows 7.18",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to code execution.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Processing maliciously crafted web content may lead to code execution",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-10-16T16:12:36",
            orgId: "286789f9-fbc2-4510-9f9a-43facdede74c",
            shortName: "apple",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.apple.com/HT211102",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.apple.com/HT211101",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.apple.com/HT211104",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.apple.com/HT211105",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.apple.com/HT211106",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://support.apple.com/HT211107",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "product-security@apple.com",
               ID: "CVE-2020-9783",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "iOS",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "iOS 13.4 and iPadOS 13.4",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "tvOS",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "tvOS 13.4",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Safari",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "Safari 13.1",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "iTunes for Windows",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "iTunes for Windows 12.10.5",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "iCloud for Windows",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "iCloud for Windows 10.9.3",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "iCloud for Windows (Legacy)",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "iCloud for Windows 7.18",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Apple",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to code execution.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Processing maliciously crafted web content may lead to code execution",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.apple.com/HT211102",
                     refsource: "MISC",
                     url: "https://support.apple.com/HT211102",
                  },
                  {
                     name: "https://support.apple.com/HT211101",
                     refsource: "MISC",
                     url: "https://support.apple.com/HT211101",
                  },
                  {
                     name: "https://support.apple.com/HT211104",
                     refsource: "MISC",
                     url: "https://support.apple.com/HT211104",
                  },
                  {
                     name: "https://support.apple.com/HT211105",
                     refsource: "MISC",
                     url: "https://support.apple.com/HT211105",
                  },
                  {
                     name: "https://support.apple.com/HT211106",
                     refsource: "MISC",
                     url: "https://support.apple.com/HT211106",
                  },
                  {
                     name: "https://support.apple.com/HT211107",
                     refsource: "MISC",
                     url: "https://support.apple.com/HT211107",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c",
      assignerShortName: "apple",
      cveId: "CVE-2020-9783",
      datePublished: "2020-04-01T17:57:13",
      dateReserved: "2020-03-02T00:00:00",
      dateUpdated: "2024-08-04T10:43:04.501Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2020-9783\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2020-04-01T18:15:18.067\",\"lastModified\":\"2024-11-21T05:41:16.697\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to code execution.\"},{\"lang\":\"es\",\"value\":\"Se abordó un problema de uso de la memoria previamente liberada con una administración de memoria mejorada . Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4, tvOS versión 13.4, Safari versión 13.1, iTunes para Windows versión 12.10.5, iCloud para Windows versión 10.9.3, iCloud para Windows versión 7.18. Un procesamiento de contenido web diseñado con fines maliciosos puede conllevar a una ejecución de código.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"10.9.3\",\"matchCriteriaId\":\"5699D48B-9BBA-4BED-AFB7-1EB453797EBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"12.10.5\",\"matchCriteriaId\":\"82E6396E-8C78-4EED-88EC-B97C9B4C2DA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.1\",\"matchCriteriaId\":\"0043E6A5-C84C-4538-A6FB-A64882B0F828\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.4\",\"matchCriteriaId\":\"1899DC84-D14F-4D7C-B5BD-1B64404BF4AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.4\",\"matchCriteriaId\":\"09DD8CD4-AF42-4A2B-8DF0-AED34E43FDD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.4\",\"matchCriteriaId\":\"3D72D358-8126-4B3C-97E9-A01731C38D45\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/HT211101\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211102\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211104\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211105\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211106\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211107\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211101\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211102\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211104\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211105\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211106\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/HT211107\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
   },
}

ghsa-hwpw-whxv-42xc

Vulnerability from github

Published

2022-05-24 17:13

Modified

2022-05-24 17:13

Details

Show details on source website

JSON

To clipboard

{
   affected: [],
   aliases: [
      "CVE-2020-9783",
   ],
   database_specific: {
      cwe_ids: [],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2020-04-01T18:15:00Z",
      severity: "MODERATE",
   },
   details: "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to code execution.",
   id: "GHSA-hwpw-whxv-42xc",
   modified: "2022-05-24T17:13:13Z",
   published: "2022-05-24T17:13:13Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2020-9783",
      },
      {
         type: "WEB",
         url: "https://support.apple.com/HT211101",
      },
      {
         type: "WEB",
         url: "https://support.apple.com/HT211102",
      },
      {
         type: "WEB",
         url: "https://support.apple.com/HT211104",
      },
      {
         type: "WEB",
         url: "https://support.apple.com/HT211105",
      },
      {
         type: "WEB",
         url: "https://support.apple.com/HT211106",
      },
      {
         type: "WEB",
         url: "https://support.apple.com/HT211107",
      },
   ],
   schema_version: "1.4.0",
   severity: [],
}

gsd-2020-9783

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2020-9783

Aliases

CVE-2020-9783

JSON

To clipboard

{
   GSD: {
      alias: "CVE-2020-9783",
      description: "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to code execution.",
      id: "GSD-2020-9783",
   },
   gsd: {
      metadata: {
         exploitCode: "unknown",
         remediation: "unknown",
         reportConfidence: "confirmed",
         type: "vulnerability",
      },
      osvSchema: {
         aliases: [
            "CVE-2020-9783",
         ],
         details: "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to code execution.",
         id: "GSD-2020-9783",
         modified: "2023-12-13T01:21:52.776938Z",
         schema_version: "1.4.0",
      },
   },
   namespaces: {
      "cve.org": {
         CVE_data_meta: {
            ASSIGNER: "product-security@apple.com",
            ID: "CVE-2020-9783",
            STATE: "PUBLIC",
         },
         affects: {
            vendor: {
               vendor_data: [
                  {
                     product: {
                        product_data: [
                           {
                              product_name: "iOS",
                              version: {
                                 version_data: [
                                    {
                                       version_affected: "<",
                                       version_value: "iOS 13.4 and iPadOS 13.4",
                                    },
                                 ],
                              },
                           },
                           {
                              product_name: "tvOS",
                              version: {
                                 version_data: [
                                    {
                                       version_affected: "<",
                                       version_value: "tvOS 13.4",
                                    },
                                 ],
                              },
                           },
                           {
                              product_name: "Safari",
                              version: {
                                 version_data: [
                                    {
                                       version_affected: "<",
                                       version_value: "Safari 13.1",
                                    },
                                 ],
                              },
                           },
                           {
                              product_name: "iTunes for Windows",
                              version: {
                                 version_data: [
                                    {
                                       version_affected: "<",
                                       version_value: "iTunes for Windows 12.10.5",
                                    },
                                 ],
                              },
                           },
                           {
                              product_name: "iCloud for Windows",
                              version: {
                                 version_data: [
                                    {
                                       version_affected: "<",
                                       version_value: "iCloud for Windows 10.9.3",
                                    },
                                 ],
                              },
                           },
                           {
                              product_name: "iCloud for Windows (Legacy)",
                              version: {
                                 version_data: [
                                    {
                                       version_affected: "<",
                                       version_value: "iCloud for Windows 7.18",
                                    },
                                 ],
                              },
                           },
                        ],
                     },
                     vendor_name: "Apple",
                  },
               ],
            },
         },
         data_format: "MITRE",
         data_type: "CVE",
         data_version: "4.0",
         description: {
            description_data: [
               {
                  lang: "eng",
                  value: "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to code execution.",
               },
            ],
         },
         problemtype: {
            problemtype_data: [
               {
                  description: [
                     {
                        lang: "eng",
                        value: "Processing maliciously crafted web content may lead to code execution",
                     },
                  ],
               },
            ],
         },
         references: {
            reference_data: [
               {
                  name: "https://support.apple.com/HT211102",
                  refsource: "MISC",
                  url: "https://support.apple.com/HT211102",
               },
               {
                  name: "https://support.apple.com/HT211101",
                  refsource: "MISC",
                  url: "https://support.apple.com/HT211101",
               },
               {
                  name: "https://support.apple.com/HT211104",
                  refsource: "MISC",
                  url: "https://support.apple.com/HT211104",
               },
               {
                  name: "https://support.apple.com/HT211105",
                  refsource: "MISC",
                  url: "https://support.apple.com/HT211105",
               },
               {
                  name: "https://support.apple.com/HT211106",
                  refsource: "MISC",
                  url: "https://support.apple.com/HT211106",
               },
               {
                  name: "https://support.apple.com/HT211107",
                  refsource: "MISC",
                  url: "https://support.apple.com/HT211107",
               },
            ],
         },
      },
      "nvd.nist.gov": {
         configurations: {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                        cpe_name: [],
                        versionEndExcluding: "10.9.3",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
                        cpe_name: [],
                        versionEndExcluding: "12.10.5",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "13.1",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "13.4",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "13.4",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "13.4",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
         cve: {
            CVE_data_meta: {
               ASSIGNER: "product-security@apple.com",
               ID: "CVE-2020-9783",
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "en",
                     value: "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to code execution.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "en",
                           value: "CWE-416",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.apple.com/HT211101",
                     refsource: "MISC",
                     tags: [
                        "Vendor Advisory",
                     ],
                     url: "https://support.apple.com/HT211101",
                  },
                  {
                     name: "https://support.apple.com/HT211102",
                     refsource: "MISC",
                     tags: [
                        "Vendor Advisory",
                     ],
                     url: "https://support.apple.com/HT211102",
                  },
                  {
                     name: "https://support.apple.com/HT211104",
                     refsource: "MISC",
                     tags: [
                        "Vendor Advisory",
                     ],
                     url: "https://support.apple.com/HT211104",
                  },
                  {
                     name: "https://support.apple.com/HT211105",
                     refsource: "MISC",
                     tags: [
                        "Vendor Advisory",
                     ],
                     url: "https://support.apple.com/HT211105",
                  },
                  {
                     name: "https://support.apple.com/HT211106",
                     refsource: "MISC",
                     tags: [
                        "Vendor Advisory",
                     ],
                     url: "https://support.apple.com/HT211106",
                  },
                  {
                     name: "https://support.apple.com/HT211107",
                     refsource: "MISC",
                     tags: [
                        "Vendor Advisory",
                     ],
                     url: "https://support.apple.com/HT211107",
                  },
               ],
            },
         },
         impact: {
            baseMetricV2: {
               acInsufInfo: false,
               cvssV2: {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "PARTIAL",
                  baseScore: 6.8,
                  confidentialityImpact: "PARTIAL",
                  integrityImpact: "PARTIAL",
                  vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               exploitabilityScore: 8.6,
               impactScore: 6.4,
               obtainAllPrivilege: false,
               obtainOtherPrivilege: false,
               obtainUserPrivilege: false,
               severity: "MEDIUM",
               userInteractionRequired: true,
            },
            baseMetricV3: {
               cvssV3: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               exploitabilityScore: 2.8,
               impactScore: 5.9,
            },
         },
         lastModifiedDate: "2020-04-02T20:03Z",
         publishedDate: "2020-04-01T18:15Z",
      },
   },
}

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to code execution. plural Apple The product contains a vulnerability related to the use of freed memory due to a flaw in memory management processing.Created maliciously Web Arbitrary code can be executed by processing the content. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. WebKit is one of the web browser engine components. A resource management error vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Windows-based Apple iCloud versions prior to 7.18 and 10.9.3; Windows-based iTunes versions prior to 12.10.5; iOS versions prior to 13.4; iPadOS versions prior to 13.4; Safari versions prior to 13.1; tvOS Versions prior to 13.4.

Installation note:

Safari 13.1 may be obtained from the Mac App Store. -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64

iQIcBAEDCAAGBQJeejDWAAoJEAc+Lhnt8tDN+aYP/2PReUsWsxAK0Xv2Uv6h2jht aBFzq84DKiz26b6xi5/c40bLzCc7zoHySJHIPoHNiUMocQHmyRbOziE6pSWXpmcm rZK5iJ0IF9TAPt58zqkxmUcTr+T/dq1aiVXJNRSp/NolB4rN5Vg8BHywZ8nOYmGl SPDe1Xo15Q1yDBxjaoAo6vMXeu2/DPoVk/WNSceWGcd/ImCqoFpWvmmpuVyJXN0u nFskPkX46KP8SGwf2F9lPWwfLNMGrqSxWh8Wsnevhot/CVjS5hguGlsLvv+5cIE3 DQfDwjMAKXTbJAUXVxcUv4I1k7qoDOPvfaLhZLKaPb2/0TB0Gsovyz9/Dd68Y8a3 bkEoJaM/mnp9p3V//2ITES1LYpibzXL3AUWDWwYvCaIDghllXFn+5tmu7Pd40sIQ Pl/qSzdOQ57OJbjedMsJkhtTX71iuhWbEMvzB+btrKRKKIOcCdnpWYMrYe8Zflil wUWyPiOLNoj18qT/iUfcq2qD98CNPMheYZHr6JWnXDCaRkZ6z7C0yemu/auZOmiD cIeYBa4wnBoYX8Vd1avqyUXAUe2C5gjJOynb7x4TwkKIbcmkrZpMcLM2prNM6h29 G04eqXKH/SODUViPZGn3vahn2SZ4HtN9R7Ae7+pJfbI/0IDjLaA+yzQa6MBBpzNV 9nrxH+hfviekXKwfUo5r =JnUX -----END PGP SIGNATURE-----

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2020-03-24-3 tvOS 13.4

tvOS 13.4 is now available and addresses the following:

ActionKit Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to use an SSH client provided by private frameworks Description: This issue was addressed with a new entitlement. CVE-2020-3917: Steven Troughton-Smith (@stroughtonsmith)

AppleMobileFileIntegrity Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to use arbitrary entitlements Description: This issue was addressed with improved checks. CVE-2020-3883: Linus Henze (pinauten.de)

Icons Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to identify what other applications a user has installed Description: The issue was addressed with improved handling of icon caches. CVE-2020-9768: Mohamed Ghannam (@_simo36)

IOHIDFamily Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-3919: an anonymous researcher

Kernel Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-3914: pattern-f (@pattern_F_) of WaCai

Kernel Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed with improved state management. CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team

libxml2 Available for: Apple TV 4K and Apple TV HD Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with improved bounds checking. CVE-2020-3909: LGTM.com CVE-2020-3911: found by OSS-Fuzz

libxml2 Available for: Apple TV 4K and Apple TV HD Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with improved size validation. CVE-2020-3895: grigoritchy CVE-2020-3900: Dongzhuo Zhao working with ADLab of Venustech

WebKit Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to read restricted memory Description: A race condition was addressed with additional validation. CVE-2020-3894: Sergei Glazunov of Google Project Zero

WebKit Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2020-3899: found by OSS-Fuzz

WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2020-3901: Benjamin Randazzo (@____benjamin)

WebKit Available for: Apple TV 4K and Apple TV HD Impact: A download's origin may be incorrectly associated Description: A logic issue was addressed with improved restrictions. CVE-2020-9783: Apple

WebKit Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro’s Zero Day Initiative

WebKit Page Loading Available for: Apple TV 4K and Apple TV HD Impact: A file URL may be incorrectly processed Description: A logic issue was addressed with improved restrictions. CVE-2020-3885: Ryan Pickren (ryanpickren.com)

Additional recognition

FontParser We would like to acknowledge Matthew Denton of Google Chrome for their assistance.

Kernel We would like to acknowledge Siguza for their assistance.

LinkPresentation We would like to acknowledge Travis for their assistance.

WebKit We would like to acknowledge Emilio Cobos Álvarez of Mozilla, Samuel Groß of Google Project Zero, and an anonymous researcher for their assistance.

Installation note:

Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software."

To check the current version of software, select "Settings -> General -> About." -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64

iQIcBAEDCAAGBQJeejDRAAoJEAc+Lhnt8tDNZuMQAI9k7Sjmm3XY6UlU2QKZHjVF DvG7/GYla0OrGW2iN8FNVkIAbt49B3s89o1A2G2B09MqhDacoM5HTn4kDBe1UP5e aeLWN3Lb/K3Lbh7hCAyhF2xVf0RuGcMLmdrBiXt0yixk+Enhr7CQgr3Y/c1DYTiz aGj8iHgLT9jEXXEnM65UItxYwWaI99fgMD3lHM2PrvQtrfrGr+od9mECTLtFjjyR 3qKFTD4eFd9OpkL9ATHPzUVfnPQpg0KQW1aFeeKEE9JWtIvkse7nMDGyCzeKUAmy ZtPmoASabzM8tNSzk85FJasNcdiEcNDhNHGNjFvmDjb3e7zAeTT9HSjWwQ2foFYC ZHRkCssrVLV8gW+xZdADk3960yj6QEBTlM2PS/3Mns5yb8v3QGHU9CV/xVhsdOYh +x3hkGDD178hHvJkcYTBqmedWij99m0XhyNv8Hn/xmMm+p36XjwYa8LhhIulmstH l1qW2FptA5gnx1yxLfXZLB3CY2XOMSt9cDqjWyGhnt9hLLshTmLj1lNTiJ3X9KyY DRYDm7bunrFdBCQlu1JJ6POW3jvJjkUa2RmpZlOD/wX8rmli+/q+7LMKQXIor/Ys sB9BoU6xZwBGQK2n9SGeElHsuKPd0e7Ai8sbFESy7QrY56GUXNx6e3hnbg/HsnAz LHsPwi0KWGkdif8r+SvV =Fyl6 -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1964",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "icloud",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "10.9.3",
         },
         {
            model: "itunes",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "12.10.5",
         },
         {
            model: "safari",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.1",
         },
         {
            model: "ipados",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.4",
         },
         {
            model: "tvos",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.4",
         },
         {
            model: "iphone os",
            scope: "lt",
            trust: 1,
            vendor: "apple",
            version: "13.4",
         },
         {
            model: "safari",
            scope: "eq",
            trust: 0.8,
            vendor: "apple",
            version: "13.1 未満 (macos high sierra)",
         },
         {
            model: "safari",
            scope: "eq",
            trust: 0.8,
            vendor: "apple",
            version: "13.1 未満 (macos mojave)",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 0.8,
            vendor: "apple",
            version: "13.4 未満 (ipod touch 第 7 世代)",
         },
         {
            model: "safari",
            scope: "eq",
            trust: 0.8,
            vendor: "apple",
            version: "13.1 未満 (macos catalina)",
         },
         {
            model: "ipados",
            scope: "eq",
            trust: 0.8,
            vendor: "apple",
            version: "13.4 未満 (ipad air 2 以降)",
         },
         {
            model: "icloud",
            scope: "eq",
            trust: 0.8,
            vendor: "apple",
            version: "for windows 7.18 未満 (windows 10 以降)",
         },
         {
            model: "icloud",
            scope: "eq",
            trust: 0.8,
            vendor: "apple",
            version: "for windows 10.9.3 未満 (windows 7 以降)",
         },
         {
            model: "itunes",
            scope: "eq",
            trust: 0.8,
            vendor: "apple",
            version: "for windows 12.10.5 未満 (windows 7 以降)",
         },
         {
            model: "tvos",
            scope: "eq",
            trust: 0.8,
            vendor: "apple",
            version: "13.4 未満 (apple tv 4k)",
         },
         {
            model: "ipados",
            scope: "eq",
            trust: 0.8,
            vendor: "apple",
            version: "13.4 未満 (ipad mini 4 以降)",
         },
         {
            model: "watchos",
            scope: "eq",
            trust: 0.8,
            vendor: "apple",
            version: "6.4 未満 (apple watch series 1 以降)",
         },
         {
            model: "tvos",
            scope: "eq",
            trust: 0.8,
            vendor: "apple",
            version: "13.4 未満 (apple tv hd)",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 0.8,
            vendor: "apple",
            version: "13.4  未満 (iphone 6s 以降)",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-003557",
         },
         {
            db: "NVD",
            id: "CVE-2020-9783",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  cpe_match: [
                     {
                        cpe22Uri: "cpe:/a:apple:icloud",
                        vulnerable: true,
                     },
                     {
                        cpe22Uri: "cpe:/o:apple:iphone_os",
                        vulnerable: true,
                     },
                     {
                        cpe22Uri: "cpe:/o:apple:ipados",
                        vulnerable: true,
                     },
                     {
                        cpe22Uri: "cpe:/a:apple:itunes",
                        vulnerable: true,
                     },
                     {
                        cpe22Uri: "cpe:/a:apple:safari",
                        vulnerable: true,
                     },
                     {
                        cpe22Uri: "cpe:/o:apple:apple_tv",
                        vulnerable: true,
                     },
                     {
                        cpe22Uri: "cpe:/o:apple:watchos",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-003557",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Apple",
      sources: [
         {
            db: "PACKETSTORM",
            id: "156947",
         },
         {
            db: "PACKETSTORM",
            id: "156904",
         },
         {
            db: "PACKETSTORM",
            id: "156906",
         },
         {
            db: "PACKETSTORM",
            id: "156946",
         },
         {
            db: "PACKETSTORM",
            id: "156896",
         },
      ],
      trust: 0.5,
   },
   cve: "CVE-2020-9783",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "nvd@nist.gov",
                  availabilityImpact: "PARTIAL",
                  baseScore: 6.8,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 8.6,
                  id: "CVE-2020-9783",
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  severity: "MEDIUM",
                  trust: 1,
                  vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Partial",
                  baseScore: 6.8,
                  confidentialityImpact: "Partial",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-003557",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "PARTIAL",
                  baseScore: 6.8,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 8.6,
                  id: "VHN-187908",
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  severity: "MEDIUM",
                  trust: 0.1,
                  vectorString: "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "nvd@nist.gov",
                  availabilityImpact: "HIGH",
                  baseScore: 8.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 2.8,
                  id: "CVE-2020-9783",
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 8.8,
                  baseSeverity: "High",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-003557",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "Required",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "nvd@nist.gov",
                  id: "CVE-2020-9783",
                  trust: 1,
                  value: "HIGH",
               },
               {
                  author: "NVD",
                  id: "JVNDB-2020-003557",
                  trust: 0.8,
                  value: "High",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202003-1546",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "VULHUB",
                  id: "VHN-187908",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-187908",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-003557",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202003-1546",
         },
         {
            db: "NVD",
            id: "CVE-2020-9783",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to code execution. plural Apple The product contains a vulnerability related to the use of freed memory due to a flaw in memory management processing.Created maliciously Web Arbitrary code can be executed by processing the content. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. WebKit is one of the web browser engine components. A resource management error vulnerability exists in the WebKit component of several Apple products. The following products and versions are affected: Windows-based Apple iCloud versions prior to 7.18 and 10.9.3; Windows-based iTunes versions prior to 12.10.5; iOS versions prior to 13.4; iPadOS versions prior to 13.4; Safari versions prior to 13.1; tvOS Versions prior to 13.4. \n\nInstallation note:\n\nSafari 13.1 may be obtained from the Mac App Store. \n-----BEGIN PGP SIGNATURE-----\nVersion: BCPG v1.64\n\niQIcBAEDCAAGBQJeejDWAAoJEAc+Lhnt8tDN+aYP/2PReUsWsxAK0Xv2Uv6h2jht\naBFzq84DKiz26b6xi5/c40bLzCc7zoHySJHIPoHNiUMocQHmyRbOziE6pSWXpmcm\nrZK5iJ0IF9TAPt58zqkxmUcTr+T/dq1aiVXJNRSp/NolB4rN5Vg8BHywZ8nOYmGl\nSPDe1Xo15Q1yDBxjaoAo6vMXeu2/DPoVk/WNSceWGcd/ImCqoFpWvmmpuVyJXN0u\nnFskPkX46KP8SGwf2F9lPWwfLNMGrqSxWh8Wsnevhot/CVjS5hguGlsLvv+5cIE3\nDQfDwjMAKXTbJAUXVxcUv4I1k7qoDOPvfaLhZLKaPb2/0TB0Gsovyz9/Dd68Y8a3\nbkEoJaM/mnp9p3V//2ITES1LYpibzXL3AUWDWwYvCaIDghllXFn+5tmu7Pd40sIQ\nPl/qSzdOQ57OJbjedMsJkhtTX71iuhWbEMvzB+btrKRKKIOcCdnpWYMrYe8Zflil\nwUWyPiOLNoj18qT/iUfcq2qD98CNPMheYZHr6JWnXDCaRkZ6z7C0yemu/auZOmiD\ncIeYBa4wnBoYX8Vd1avqyUXAUe2C5gjJOynb7x4TwkKIbcmkrZpMcLM2prNM6h29\nG04eqXKH/SODUViPZGn3vahn2SZ4HtN9R7Ae7+pJfbI/0IDjLaA+yzQa6MBBpzNV\n9nrxH+hfviekXKwfUo5r\n=JnUX\n-----END PGP SIGNATURE-----\n\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2020-03-24-3 tvOS 13.4\n\ntvOS 13.4 is now available and addresses the following:\n\nActionKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to use an SSH client provided by\nprivate frameworks\nDescription: This issue was addressed with a new entitlement. \nCVE-2020-3917: Steven Troughton-Smith (@stroughtonsmith)\n\nAppleMobileFileIntegrity\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to use arbitrary entitlements\nDescription: This issue was addressed with improved checks. \nCVE-2020-3883: Linus Henze (pinauten.de)\n\nIcons\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to identify what other\napplications a user has installed\nDescription: The issue was addressed with improved handling of icon\ncaches. \nCVE-2020-9768: Mohamed Ghannam (@_simo36)\n\nIOHIDFamily\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2020-3919: an anonymous researcher\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to read restricted memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2020-3914: pattern-f (@pattern_F_) of WaCai\n\nKernel\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: Multiple memory corruption issues were addressed with\nimproved state management. \nCVE-2020-9785: Proteas of Qihoo 360 Nirvan Team\n\nlibxml2\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Multiple issues in libxml2\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2020-3909: LGTM.com\nCVE-2020-3911: found by OSS-Fuzz\n\nlibxml2\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Multiple issues in libxml2\nDescription: A buffer overflow was addressed with improved size\nvalidation. \nCVE-2020-3895: grigoritchy\nCVE-2020-3900: Dongzhuo Zhao working with ADLab of Venustech\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: An application may be able to read restricted memory\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2020-3894: Sergei Glazunov of Google Project Zero\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2020-3899: found by OSS-Fuzz\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing maliciously crafted web content may lead to a\ncross site scripting attack\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2020-3901: Benjamin Randazzo (@____benjamin)\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A download's origin may be incorrectly associated\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-9783: Apple\n\nWebKit\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro’s\nZero Day Initiative\n\nWebKit Page Loading\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: A file URL may be incorrectly processed\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-3885: Ryan Pickren (ryanpickren.com)\n\nAdditional recognition\n\nFontParser\nWe would like to acknowledge Matthew Denton of Google Chrome for\ntheir assistance. \n\nKernel\nWe would like to acknowledge Siguza for their assistance. \n\nLinkPresentation\nWe would like to acknowledge Travis for their assistance. \n\nWebKit\nWe would like to acknowledge Emilio Cobos Álvarez of Mozilla, Samuel\nGroß of Google Project Zero, and an anonymous researcher for their\nassistance. \n\nInstallation note:\n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -> System -> Software Update -> Update Software.\"\n\nTo check the current version of software, select\n\"Settings -> General -> About.\"\n-----BEGIN PGP SIGNATURE-----\nVersion: BCPG v1.64\n\niQIcBAEDCAAGBQJeejDRAAoJEAc+Lhnt8tDNZuMQAI9k7Sjmm3XY6UlU2QKZHjVF\nDvG7/GYla0OrGW2iN8FNVkIAbt49B3s89o1A2G2B09MqhDacoM5HTn4kDBe1UP5e\naeLWN3Lb/K3Lbh7hCAyhF2xVf0RuGcMLmdrBiXt0yixk+Enhr7CQgr3Y/c1DYTiz\naGj8iHgLT9jEXXEnM65UItxYwWaI99fgMD3lHM2PrvQtrfrGr+od9mECTLtFjjyR\n3qKFTD4eFd9OpkL9ATHPzUVfnPQpg0KQW1aFeeKEE9JWtIvkse7nMDGyCzeKUAmy\nZtPmoASabzM8tNSzk85FJasNcdiEcNDhNHGNjFvmDjb3e7zAeTT9HSjWwQ2foFYC\nZHRkCssrVLV8gW+xZdADk3960yj6QEBTlM2PS/3Mns5yb8v3QGHU9CV/xVhsdOYh\n+x3hkGDD178hHvJkcYTBqmedWij99m0XhyNv8Hn/xmMm+p36XjwYa8LhhIulmstH\nl1qW2FptA5gnx1yxLfXZLB3CY2XOMSt9cDqjWyGhnt9hLLshTmLj1lNTiJ3X9KyY\nDRYDm7bunrFdBCQlu1JJ6POW3jvJjkUa2RmpZlOD/wX8rmli+/q+7LMKQXIor/Ys\nsB9BoU6xZwBGQK2n9SGeElHsuKPd0e7Ai8sbFESy7QrY56GUXNx6e3hnbg/HsnAz\nLHsPwi0KWGkdif8r+SvV\n=Fyl6\n-----END PGP SIGNATURE-----\n\n\n\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-9783",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-003557",
         },
         {
            db: "VULHUB",
            id: "VHN-187908",
         },
         {
            db: "PACKETSTORM",
            id: "156947",
         },
         {
            db: "PACKETSTORM",
            id: "156904",
         },
         {
            db: "PACKETSTORM",
            id: "156906",
         },
         {
            db: "PACKETSTORM",
            id: "156946",
         },
         {
            db: "PACKETSTORM",
            id: "156896",
         },
      ],
      trust: 2.16,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2020-9783",
            trust: 3,
         },
         {
            db: "JVN",
            id: "JVNVU96545608",
            trust: 0.8,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-003557",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202003-1546",
            trust: 0.7,
         },
         {
            db: "NSFOCUS",
            id: "49317",
            trust: 0.6,
         },
         {
            db: "VULHUB",
            id: "VHN-187908",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "156947",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "156904",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "156906",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "156946",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "156896",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-187908",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-003557",
         },
         {
            db: "PACKETSTORM",
            id: "156947",
         },
         {
            db: "PACKETSTORM",
            id: "156904",
         },
         {
            db: "PACKETSTORM",
            id: "156906",
         },
         {
            db: "PACKETSTORM",
            id: "156946",
         },
         {
            db: "PACKETSTORM",
            id: "156896",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202003-1546",
         },
         {
            db: "NVD",
            id: "CVE-2020-9783",
         },
      ],
   },
   id: "VAR-202004-1964",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-187908",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2024-11-23T19:31:58.669000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "HT211107",
            trust: 0.8,
            url: "https://support.apple.com/en-us/HT211107",
         },
         {
            title: "HT211101",
            trust: 0.8,
            url: "https://support.apple.com/en-us/HT211101",
         },
         {
            title: "HT211102",
            trust: 0.8,
            url: "https://support.apple.com/en-us/HT211102",
         },
         {
            title: "HT211104",
            trust: 0.8,
            url: "https://support.apple.com/en-us/HT211104",
         },
         {
            title: "HT211105",
            trust: 0.8,
            url: "https://support.apple.com/en-us/HT211105",
         },
         {
            title: "HT211106",
            trust: 0.8,
            url: "https://support.apple.com/en-us/HT211106",
         },
         {
            title: "HT211101",
            trust: 0.8,
            url: "https://support.apple.com/ja-jp/HT211101",
         },
         {
            title: "HT211102",
            trust: 0.8,
            url: "https://support.apple.com/ja-jp/HT211102",
         },
         {
            title: "HT211104",
            trust: 0.8,
            url: "https://support.apple.com/ja-jp/HT211104",
         },
         {
            title: "HT211105",
            trust: 0.8,
            url: "https://support.apple.com/ja-jp/HT211105",
         },
         {
            title: "HT211106",
            trust: 0.8,
            url: "https://support.apple.com/ja-jp/HT211106",
         },
         {
            title: "HT211107",
            trust: 0.8,
            url: "https://support.apple.com/ja-jp/HT211107",
         },
         {
            title: "Multiple Apple product WebKit Fixes for component resource management error vulnerabilities",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112958",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-003557",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202003-1546",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-416",
            trust: 1.9,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-187908",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-003557",
         },
         {
            db: "NVD",
            id: "CVE-2020-9783",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.9,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-9783",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/ht211101",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/ht211102",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/ht211104",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/ht211105",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/ht211106",
         },
         {
            trust: 1.7,
            url: "https://support.apple.com/ht211107",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9783",
         },
         {
            trust: 0.8,
            url: "https://jvn.jp/vu/jvnvu96545608/",
         },
         {
            trust: 0.6,
            url: "http://www.nsfocus.net/vulndb/49317",
         },
         {
            trust: 0.6,
            url: "https://support.apple.com/en-us/ht211107",
         },
         {
            trust: 0.5,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-3899",
         },
         {
            trust: 0.5,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-3900",
         },
         {
            trust: 0.5,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-3901",
         },
         {
            trust: 0.5,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-3902",
         },
         {
            trust: 0.5,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-3897",
         },
         {
            trust: 0.5,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-3894",
         },
         {
            trust: 0.5,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-3887",
         },
         {
            trust: 0.5,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-3895",
         },
         {
            trust: 0.5,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-3885",
         },
         {
            trust: 0.4,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-3911",
         },
         {
            trust: 0.4,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-3910",
         },
         {
            trust: 0.4,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-3909",
         },
         {
            trust: 0.2,
            url: "https://support.apple.com/ht204283",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-9784",
         },
         {
            trust: 0.1,
            url: "https://www.apple.com/itunes/download/",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-3883",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-9785",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-9773",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-9768",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-3914",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-3917",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-3919",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-187908",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-003557",
         },
         {
            db: "PACKETSTORM",
            id: "156947",
         },
         {
            db: "PACKETSTORM",
            id: "156904",
         },
         {
            db: "PACKETSTORM",
            id: "156906",
         },
         {
            db: "PACKETSTORM",
            id: "156946",
         },
         {
            db: "PACKETSTORM",
            id: "156896",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202003-1546",
         },
         {
            db: "NVD",
            id: "CVE-2020-9783",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULHUB",
            id: "VHN-187908",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-003557",
         },
         {
            db: "PACKETSTORM",
            id: "156947",
         },
         {
            db: "PACKETSTORM",
            id: "156904",
         },
         {
            db: "PACKETSTORM",
            id: "156906",
         },
         {
            db: "PACKETSTORM",
            id: "156946",
         },
         {
            db: "PACKETSTORM",
            id: "156896",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202003-1546",
         },
         {
            db: "NVD",
            id: "CVE-2020-9783",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-04-01T00:00:00",
            db: "VULHUB",
            id: "VHN-187908",
         },
         {
            date: "2020-04-20T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-003557",
         },
         {
            date: "2020-03-28T14:19:08",
            db: "PACKETSTORM",
            id: "156947",
         },
         {
            date: "2020-03-25T14:34:53",
            db: "PACKETSTORM",
            id: "156904",
         },
         {
            date: "2020-03-25T14:36:33",
            db: "PACKETSTORM",
            id: "156906",
         },
         {
            date: "2020-03-28T14:18:46",
            db: "PACKETSTORM",
            id: "156946",
         },
         {
            date: "2020-03-25T14:25:02",
            db: "PACKETSTORM",
            id: "156896",
         },
         {
            date: "2020-03-25T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202003-1546",
         },
         {
            date: "2020-04-01T18:15:18.067000",
            db: "NVD",
            id: "CVE-2020-9783",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-04-02T00:00:00",
            db: "VULHUB",
            id: "VHN-187908",
         },
         {
            date: "2020-04-20T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-003557",
         },
         {
            date: "2021-10-29T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202003-1546",
         },
         {
            date: "2024-11-21T05:41:16.697000",
            db: "NVD",
            id: "CVE-2020-9783",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202003-1546",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "plural  Apple Product Corruption Vulnerability",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-003557",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "resource management error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202003-1546",
         },
      ],
      trust: 0.6,
   },
}

fkie_cve-2020-9783

Vulnerability from fkie_nvd

Published

2020-04-01 18:15

Modified

2024-11-21 05:41

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
product-security@apple.com	https://support.apple.com/HT211101	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT211102	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT211104	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT211105	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT211106	Vendor Advisory
product-security@apple.com	https://support.apple.com/HT211107	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211101	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211102	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211104	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211105	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211106	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT211107	Vendor Advisory

Impacted products

Vendor	Product	Version
apple	icloud	*
apple	itunes	*
apple	safari	*
apple	ipados	*
apple	iphone_os	*
apple	tvos	*

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "5699D48B-9BBA-4BED-AFB7-1EB453797EBF",
                     versionEndExcluding: "10.9.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "82E6396E-8C78-4EED-88EC-B97C9B4C2DA9",
                     versionEndExcluding: "12.10.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0043E6A5-C84C-4538-A6FB-A64882B0F828",
                     versionEndExcluding: "13.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1899DC84-D14F-4D7C-B5BD-1B64404BF4AC",
                     versionEndExcluding: "13.4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "09DD8CD4-AF42-4A2B-8DF0-AED34E43FDD8",
                     versionEndExcluding: "13.4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D72D358-8126-4B3C-97E9-A01731C38D45",
                     versionEndExcluding: "13.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to code execution.",
      },
      {
         lang: "es",
         value: "Se abordó un problema de uso de la memoria previamente liberada con una administración de memoria mejorada . Este problema es corregido en iOS versión 13.4 y iPadOS versión 13.4, tvOS versión 13.4, Safari versión 13.1, iTunes para Windows versión 12.10.5, iCloud para Windows versión 10.9.3, iCloud para Windows versión 7.18. Un procesamiento de contenido web diseñado con fines maliciosos puede conllevar a una ejecución de código.",
      },
   ],
   id: "CVE-2020-9783",
   lastModified: "2024-11-21T05:41:16.697",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-01T18:15:18.067",
   references: [
      {
         source: "product-security@apple.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/HT211101",
      },
      {
         source: "product-security@apple.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/HT211102",
      },
      {
         source: "product-security@apple.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/HT211104",
      },
      {
         source: "product-security@apple.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/HT211105",
      },
      {
         source: "product-security@apple.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/HT211106",
      },
      {
         source: "product-security@apple.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/HT211107",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/HT211101",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/HT211102",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/HT211104",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/HT211105",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/HT211106",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/HT211107",
      },
   ],
   sourceIdentifier: "product-security@apple.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-416",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2020-9783

Vulnerability from cvelistv5

ghsa-hwpw-whxv-42xc

Vulnerability from github

gsd-2020-9783

Vulnerability from gsd

var-202004-1964

Vulnerability from variot

fkie_cve-2020-9783

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature