Apple iOS/iPadOS up to 13.4.1 WebKit memory corruption

EntryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Apple iOS and iPadOS up to 13.4.1 (Smartphone Operating System) and classified as critical. This issue affects some unknown processing of the component WebKit. Upgrading to version 13.5 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field05/30/2020 12:55 AM05/30/2020 01:00 AM10/20/2020 10:32 AM
vendorAppleAppleApple
nameiOS/iPadOSiOS/iPadOSiOS/iPadOS
version<=13.4.1<=13.4.1<=13.4.1
componentWebKitWebKitWebKit
risk222
cvss2_vuldb_basescore6.86.86.8
cvss2_vuldb_tempscore5.95.95.9
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss3_meta_basescore7.57.57.5
cvss3_meta_tempscore7.27.27.2
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore6.06.06.0
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
advisoryquoteA memory corruption issue was addressed with improved state management.A memory corruption issue was addressed with improved state management.A memory corruption issue was addressed with improved state management.
date1589932800 (05/20/2020)1589932800 (05/20/2020)1589932800 (05/20/2020)
locationWebsiteWebsiteWebsite
typeAdvisoryAdvisoryAdvisory
urlhttps://support.apple.com/en-us/HT211168https://support.apple.com/en-us/HT211168https://support.apple.com/en-us/HT211168
identifierHT211168HT211168HT211168
person_nameWen XuWen XuWen Xu
company_nameGeorgia TechGeorgia TechGeorgia Tech
disputed000
price_0day$100k and more$100k and more$100k and more
price_trend+++
nameUpgradeUpgradeUpgrade
date1589932800 (05/20/2020)1589932800 (05/20/2020)1589932800 (05/20/2020)
upgrade_version13.513.513.5
cveCVE-2020-9807CVE-2020-9807CVE-2020-9807
seealso155702 155735 155738 155739 155740 155741 155742 155743 155744 155745 155746 155747 155748 155749 155750 155751 155752 155753 155754 155755 155756 155757 155758 155759 155760 155761 155762 155765 155766 155767155702 155735 155738 155739 155740 155741 155742 155743 155744 155745 155746 155747 155748 155749 155750 155751 155752 155753 155754 155755 155756 155757 155758 155759 155760 155761 155762 155765 155766 155767155702 155735 155738 155739 155740 155741 155742 155743 155744 155745 155746 155747 155748 155749 155750 155751 155752 155753 155754 155755 155756 155757 155758 155759 155760 155761 155762 155765 155766 155767
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
cvss3_nvd_basescore8.88.88.8
typeSmartphone Operating SystemSmartphone Operating System
cwe0119 (memory corruption)119 (memory corruption)
cvss2_nvd_avNN
cvss2_nvd_acMM
cvss2_nvd_auNN
cvss2_nvd_ciPP
cvss2_nvd_iiPP
cvss2_nvd_aiPP
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiRR
cvss3_nvd_sUU
cvss3_nvd_cHH
cvss3_nvd_iHH
cvss3_nvd_aHH
cve_assigned1583103600
cve_nvd_summaryA memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

Want to stay up to date on a daily basis?

Enable the mail alert feature now!