Kaspersky ID:
KLA11926
Detect Date:
08/10/2020
Updated:
01/25/2024

Description

Multiple vulnerabilities were found in Apple iCloud. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, execute arbitrary code, cause denial of service, perform cross-site scripting attack, spoof user interface.

Below is a complete list of vulnerabilities:

  1. Security vulnerability in WebKit can be exploited to bypass security restrictions and obtain sensitive information.
  2. An out-of-bounds read vulnerability in WebKit can be exploited remotely to cause denial of service and execute arbitrary code.
  3. An out-of-bounds read vulnerability in ImageIO can be exploited via special crafted file to execute arbitrary code.
  4. An out-of-bounds write vulnerability in ImageIO can be eploited via special crafted file to execute arbitrary code.
  5. A buffer overflow vulnerability in ImageIO can be exploited via special crafted file to execute arbitrary code.
  6. An out-of-bounds write vulnerability in ImageIO can be exploited via special crafted file to cause denial of service and execute arbitrary code.
  7. An integer overflow vulnerability in ImageIO can be exploited via special crafted file to execute arbitrary code.
  8. A use after free vulnerability in WebKit can be exploited remotely to cause denial of service and execute arbitrary code.
  9. A command injection vulnerability in WebKit Web Inspector can be exploited to bypass security restrictions.
  10. A logic vulnerability in WebKit can be exploited via special crafted webpage to perform cross-site scripting attacks.
  11. A URL Unicode encoding vulnerability in WebKit Page Loading can be exploited remotely to spoof user interface.
  12. An access issue vulnerability in WebKit can be exploited via special crafted webpage to bypass security restrictions.
  13. A buffer overflow vulnerability in ImageIO can be to execute arbitrary code.
  14. A buffer overflow vulnerability in CoreGraphics can be to execute arbitrary code.
  15. A use after free vulnerability in libxml2 can be exploited via special crafted file to execute arbitrary code.
  16. A memory corruption vulnerability in ImageIO can be exploited via special crafted image to execute arbitrary code.

Original advisories

Related products

CVE list

  • CVE-2020-9910
    critical
  • CVE-2020-9894
    warning
  • CVE-2020-9938
    critical
  • CVE-2020-9877
    critical
  • CVE-2020-9879
    critical
  • CVE-2020-9871
    critical
  • CVE-2020-9919
    critical
  • CVE-2020-9876
    critical
  • CVE-2020-9875
    critical
  • CVE-2020-9895
    critical
  • CVE-2020-9874
    critical
  • CVE-2020-9936
    critical
  • CVE-2020-9862
    critical
  • CVE-2020-9872
    critical
  • CVE-2020-9873
    critical
  • CVE-2020-9925
    high
  • CVE-2020-9937
    critical
  • CVE-2020-9916
    high
  • CVE-2020-9915
    high
  • CVE-2020-9893
    critical
  • CVE-2020-11760
    high
  • CVE-2020-11758
    high
  • CVE-2020-11764
    high
  • CVE-2020-11765
    high
  • CVE-2020-11761
    high
  • CVE-2020-11762
    high
  • CVE-2020-11759
    high
  • CVE-2020-11763
    high
  • CVE-2020-9984
    critical
  • CVE-2020-9883
    critical
  • CVE-2020-9926
    critical
  • CVE-2020-27933
    critical

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Confirm changes?
Your message has been sent successfully.