Apple iOS/iPadOS up to 13.4.1 Kernel use after free

EntryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, has been found in Apple iOS and iPadOS up to 13.4.1 (Smartphone Operating System). Affected by this issue is some unknown processing of the component Kernel. Upgrading to version 13.5 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field05/30/2020 12:49 AM05/30/2020 12:54 AM10/20/2020 08:30 AM
vendorAppleAppleApple
nameiOS/iPadOSiOS/iPadOSiOS/iPadOS
version<=13.4.1<=13.4.1<=13.4.1
componentKernelKernelKernel
risk222
cvss2_vuldb_basescore6.66.66.6
cvss2_vuldb_tempscore5.75.75.7
cvss2_vuldb_avLLL
cvss2_vuldb_acMMM
cvss2_vuldb_auSSS
cvss2_vuldb_ciCCC
cvss2_vuldb_iiCCC
cvss2_vuldb_aiCCC
cvss3_meta_basescore8.38.38.3
cvss3_meta_tempscore8.08.08.0
cvss3_vuldb_basescore8.88.88.8
cvss3_vuldb_tempscore8.48.48.4
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sCCC
cvss3_vuldb_cHHH
cvss3_vuldb_iHHH
cvss3_vuldb_aHHH
advisoryquoteA use after free issue was addressed with improved memory management.A use after free issue was addressed with improved memory management.A use after free issue was addressed with improved memory management.
date1589932800 (05/20/2020)1589932800 (05/20/2020)1589932800 (05/20/2020)
locationWebsiteWebsiteWebsite
typeAdvisoryAdvisoryAdvisory
urlhttps://support.apple.com/en-us/HT211168https://support.apple.com/en-us/HT211168https://support.apple.com/en-us/HT211168
identifierHT211168HT211168HT211168
person_nameZhuo LiangZhuo LiangZhuo Liang
company_nameQihoo 360 Vulcan TeamQihoo 360 Vulcan TeamQihoo 360 Vulcan Team
disputed000
price_0day$25k-$100k$25k-$100k$25k-$100k
price_trend+++
nameUpgradeUpgradeUpgrade
date1589932800 (05/20/2020)1589932800 (05/20/2020)1589932800 (05/20/2020)
upgrade_version13.513.513.5
cveCVE-2020-9795CVE-2020-9795CVE-2020-9795
seealso155685 155720 155738 155739 155740 155741 155742 155743 155744 155745 155746 155747 155748 155749 155750 155751 155752 155753 155754 155755 155757 155758 155759 155760 155761 155762 155765 155766 155767 155768155685 155720 155738 155739 155740 155741 155742 155743 155744 155745 155746 155747 155748 155749 155750 155751 155752 155753 155754 155755 155757 155758 155759 155760 155761 155762 155765 155766 155767 155768155685 155720 155738 155739 155740 155741 155742 155743 155744 155745 155746 155747 155748 155749 155750 155751 155752 155753 155754 155755 155757 155758 155759 155760 155761 155762 155765 155766 155767 155768
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
cvss3_nvd_basescore7.87.87.8
typeSmartphone Operating SystemSmartphone Operating System
cwe0416 (memory corruption)416 (memory corruption)
cvss2_nvd_avNN
cvss2_nvd_acMM
cvss2_nvd_auNN
cvss2_nvd_ciCC
cvss2_nvd_iiCC
cvss2_nvd_aiCC
cvss3_nvd_avLL
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiRR
cvss3_nvd_sUU
cvss3_nvd_cHH
cvss3_nvd_iHH
cvss3_nvd_aHH
cve_assigned1583103600
cve_nvd_summaryA use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to execute arbitrary code with kernel privileges.

Do you want to use VulDB in your project?

Use the official API to access entries easily!