Description
Multiple vulnerabilities were found in Apple iCloud. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, execute arbitrary code, cause denial of service, perform cross-site scripting attack, spoof user interface.
Below is a complete list of vulnerabilities:
- Security vulnerability in WebKit can be exploited to bypass security restrictions and obtain sensitive information.
- An out-of-bounds read vulnerability in WebKit can be exploited remotely to cause denial of service and execute arbitrary code.
- An out-of-bounds read vulnerability in ImageIO can be exploited via special crafted file to execute arbitrary code.
- An out-of-bounds write vulnerability in ImageIO can be eploited via special crafted file to execute arbitrary code.
- A buffer overflow vulnerability in ImageIO can be exploited via special crafted file to execute arbitrary code.
- An out-of-bounds write vulnerability in ImageIO can be exploited via special crafted file to cause denial of service and execute arbitrary code.
- An integer overflow vulnerability in ImageIO can be exploited via special crafted file to execute arbitrary code.
- A use after free vulnerability in WebKit can be exploited remotely to cause denial of service and execute arbitrary code.
- A command injection vulnerability in WebKit Web Inspector can be exploited to bypass security restrictions.
- A logic vulnerability in WebKit can be exploited via special crafted webpage to perform cross-site scripting attacks.
- A URL Unicode encoding vulnerability in WebKit Page Loading can be exploited remotely to spoof user interface.
- An access issue vulnerability in WebKit can be exploited via special crafted webpage to bypass security restrictions.
- A buffer overflow vulnerability in ImageIO can be to execute arbitrary code.
- A buffer overflow vulnerability in CoreGraphics can be to execute arbitrary code.
- A use after free vulnerability in libxml2 can be exploited via special crafted file to execute arbitrary code.
- A memory corruption vulnerability in ImageIO can be exploited via special crafted image to execute arbitrary code.
Original advisories
Related products
CVE list
- CVE-2020-9910 critical
- CVE-2020-9894 warning
- CVE-2020-9938 critical
- CVE-2020-9877 critical
- CVE-2020-9879 critical
- CVE-2020-9871 critical
- CVE-2020-9919 critical
- CVE-2020-9876 critical
- CVE-2020-9875 critical
- CVE-2020-9895 critical
- CVE-2020-9874 critical
- CVE-2020-9936 critical
- CVE-2020-9862 critical
- CVE-2020-9872 critical
- CVE-2020-9873 critical
- CVE-2020-9925 high
- CVE-2020-9937 critical
- CVE-2020-9916 high
- CVE-2020-9915 high
- CVE-2020-9893 critical
- CVE-2020-11760 high
- CVE-2020-11758 high
- CVE-2020-11764 high
- CVE-2020-11765 high
- CVE-2020-11761 high
- CVE-2020-11762 high
- CVE-2020-11759 high
- CVE-2020-11763 high
- CVE-2020-9984 critical
- CVE-2020-9883 critical
- CVE-2020-9926 critical
- CVE-2020-27933 critical
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!