Apple iOS/iPadOS XML use after free

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, was found in Apple iOS and iPadOS (Smartphone Operating System) (the affected version unknown). This affects some unknown processing of the component XML Handler. Upgrading eliminates this vulnerability.

Field04/03/2021 10:39 AM04/08/2021 03:22 PM
vendorAppleApple
nameiOS/iPadOSiOS/iPadOS
componentXML HandlerXML Handler
cwe416 (memory corruption)416 (memory corruption)
risk22
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
nameUpgradeUpgrade
cveCVE-2020-9926CVE-2020-9926
date1617400800 (04/03/2021)1617400800 (04/03/2021)
typeSmartphone Operating SystemSmartphone Operating System
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_eNDND
cvss3_vuldb_eXX
cvss2_vuldb_basescore7.57.5
cvss2_vuldb_tempscore7.56.5
cvss3_vuldb_basescore6.36.3
cvss3_vuldb_tempscore6.36.0
cvss3_meta_basescore6.36.3
cvss3_meta_tempscore6.36.0
price_0day$100k and more$100k and more
price_trend++
cve_assigned1583103600
cve_nvd_summaryA use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, iCloud for Windows 7.20, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.

Interested in the pricing of exploits?

See the underground prices here!