ID

VAR-202010-1278


CVE

CVE-2020-9876


TITLE

plural Apple Out-of-bounds write vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-010568

DESCRIPTION

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the ImageIO framework. Crafted data in a TIF image can trigger a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iTunes for Windows is a media player application based on the Windows platform. Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in the ImageIO component of several Apple products. The following products and versions are affected: Apple iOS prior to 13.6; iPadOS prior to 13.6; macOS Catalina prior to 10.15.6; iTunes for Windows prior to 12.10.8; tvOS prior to 13.4.8; watchOS prior to 6.2.8. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0 iOS 14.0 and iPadOS 14.0 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT211850. AppleAVD Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An application may be able to cause unexpected system termination or write kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9958: Mohamed Ghannam (@_simo36) Assets Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An attacker may be able to misuse a trust relationship to download malicious content Description: A trust issue was addressed by removing a legacy API. CVE-2020-9979: CodeColorist of LightYear Security Lab of AntGroup Entry updated November 12, 2020 Audio Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9943: JunDong Xie of Ant Group Light-Year Security Lab Entry added November 12, 2020 Audio Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9944: JunDong Xie of Ant Group Light-Year Security Lab Entry added November 12, 2020 CoreAudio Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Playing a malicious audio file may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2020-9954: Francis working with Trend Micro Zero Day Initiative, JunDong Xie of Ant Group Light-Year Security Lab Entry added November 12, 2020 CoreCapture Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9949: Proteas Entry added November 12, 2020 Disk Images Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9965: Proteas CVE-2020-9966: Proteas Entry added November 12, 2020 Icons Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to identify what other applications a user has installed Description: The issue was addressed with improved handling of icon caches. CVE-2020-9773: Chilik Tamir of Zimperium zLabs IDE Device Support Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network Description: This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. CVE-2020-9992: Dany Lisiansky (@DanyL931), Nikias Bassen of Zimperium zLabs Entry updated September 17, 2020 ImageIO Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab Entry added November 12, 2020 ImageIO Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9876: Mickey Jin of Trend Micro Entry added November 12, 2020 IOSurfaceAccelerator Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A local user may be able to read kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-9964: Mohamed Ghannam (@_simo36), Tommy Muir (@Muirey03) Kernel Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel Description: A routing issue was addressed with improved restrictions. CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall Entry added November 12, 2020 Keyboard Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved state management. CVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany libxml2 Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9981: found by OSS-Fuzz Entry added November 12, 2020 Mail Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A remote attacker may be able to unexpectedly alter application state Description: This issue was addressed with improved checks. CVE-2020-9941: Fabian Ising of FH Münster University of Applied Sciences and Damian Poddebniak of FH Münster University of Applied Sciences Entry added November 12, 2020 Messages Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A local user may be able to discover a user’s deleted messages Description: The issue was addressed with improved deletion. CVE-2020-9988: William Breuer of the Netherlands CVE-2020-9989: von Brunn Media Entry added November 12, 2020 Model I/O Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-13520: Aleksandar Nikolic of Cisco Talos Entry added November 12, 2020 Model I/O Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2020-6147: Aleksandar Nikolic of Cisco Talos CVE-2020-9972: Aleksandar Nikolic of Cisco Talos Entry added November 12, 2020 Model I/O Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9973: Aleksandar Nikolic of Cisco Talos NetworkExtension Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to elevate privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9996: Zhiwei Yuan of Trend Micro iCore Team, Junzhi Lu and Mickey Jin of Trend Micro Entry added November 12, 2020 Phone Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: The screen lock may not engage after the specified time period Description: This issue was addressed with improved checks. CVE-2020-9946: Daniel Larsson of iolight AB Quick Look Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious app may be able to determine the existence of files on the computer Description: The issue was addressed with improved handling of icon caches. CVE-2020-9963: Csaba Fitzl (@theevilbit) of Offensive Security Entry added November 12, 2020 Safari Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to determine a user's open tabs in Safari Description: A validation issue existed in the entitlement verification. CVE-2020-9977: Josh Parnham (@joshparnham) Entry added November 12, 2020 Safari Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Visiting a malicious website may lead to address bar spoofing Description: The issue was addressed with improved UI handling. CVE-2020-9993: Masato Sugiyama (@smasato) of University of Tsukuba, Piotr Duszynski Entry added November 12, 2020 Sandbox Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A local user may be able to view senstive user information Description: An access issue was addressed with additional sandbox restrictions. CVE-2020-9969: Wojciech Reguła of SecuRing (wojciechregula.blog) Entry added November 12, 2020 Sandbox Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A malicious application may be able to access restricted files Description: A logic issue was addressed with improved restrictions. CVE-2020-9968: Adam Chester (@_xpn_) of TrustedSec Entry updated September 17, 2020 Siri Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A person with physical access to an iOS device may be able to view notification contents from the lockscreen Description: A lock screen issue allowed access to messages on a locked device. CVE-2020-9959: an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, Andrew Goldberg The University of Texas at Austin, McCombs School of Business, Meli̇h Kerem Güneş of Li̇v College, Sinan Gulguler SQLite Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-13434 CVE-2020-13435 CVE-2020-9991 Entry added November 12, 2020 SQLite Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A remote attacker may be able to leak memory Description: An information disclosure issue was addressed with improved state management. CVE-2020-9849 Entry added November 12, 2020 SQLite Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Multiple issues in SQLite Description: Multiple issues were addressed by updating SQLite to version 3.32.3. CVE-2020-15358 Entry added November 12, 2020 SQLite Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A maliciously crafted SQL query may lead to data corruption Description: This issue was addressed with improved checks. CVE-2020-13631 Entry added November 12, 2020 SQLite Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2020-13630 Entry added November 12, 2020 WebKit Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9947: cc working with Trend Micro Zero Day Initiative CVE-2020-9950: cc working with Trend Micro Zero Day Initiative CVE-2020-9951: Marcin 'Icewall' Noga of Cisco Talos Entry added November 12, 2020 WebKit Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing maliciously crafted web content may lead to code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9983: zhunki Entry added November 12, 2020 WebKit Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2020-9952: Ryan Pickren (ryanpickren.com) Wi-Fi Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2020-10013: Yu Wang of Didi Research America Entry added November 12, 2020 Additional recognition App Store We would like to acknowledge Giyas Umarov of Holmdel High School for their assistance. Audio We would like to acknowledge JunDong Xie and XingWei Lin of Ant- financial Light-Year Security Lab for their assistance. Entry added November 12, 2020 Bluetooth We would like to acknowledge Andy Davis of NCC Group and Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab for their assistance. CallKit We would like to acknowledge Federico Zanetello for their assistance. CarPlay We would like to acknowledge an anonymous researcher for their assistance. Clang We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. Entry added November 12, 2020 Core Location We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance. debugserver We would like to acknowledge Linus Henze (pinauten.de) for their assistance. iAP We would like to acknowledge Andy Davis of NCC Group for their assistance. iBoot We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. Kernel We would like to acknowledge Brandon Azad of Google Project Zero, Stephen Röttger of Google for their assistance. Entry updated November 12, 2020 libarchive We would like to acknowledge Dzmitry Plotnikau and an anonymous researcher for their assistance. lldb We would like to acknowledge Linus Henze (pinauten.de) for their assistance. Entry added November 12, 2020 Location Framework We would like to acknowledge Nicolas Brunner (linkedin.com/in/nicolas-brunner-651bb4128) for their assistance. Entry updated October 19, 2020 Mail We would like to acknowledge an anonymous researcher for their assistance. Entry added November 12, 2020 Mail Drafts We would like to acknowledge Jon Bottarini of HackerOne for their assistance. Entry added November 12, 2020 Maps We would like to acknowledge Matthew Dolan of Amazon Alexa for their assistance. NetworkExtension We would like to acknowledge Thijs Alkemade of Computest and ‘Qubo Song’ of ‘Symantec, a division of Broadcom’ for their assistance. Phone Keypad We would like to acknowledge Hasan Fahrettin Kaya of Akdeniz University, an anonymous researcher for their assistance. Entry updated November 12, 2020 Safari We would like to acknowledge Andreas Gutmann (@KryptoAndI) of OneSpan's Innovation Centre (onespan.com) and University College London, Steven J. Murdoch (@SJMurdoch) of OneSpan's Innovation Centre (onespan.com) and University College London, Jack Cable of Lightning Security, Ryan Pickren (ryanpickren.com), Yair Amit for their assistance. Entry added November 12, 2020 Safari Reader We would like to acknowledge Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance. Entry added November 12, 2020 Security We would like to acknowledge Christian Starkjohann of Objective Development Software GmbH for their assistance. Entry added November 12, 2020 Status Bar We would like to acknowledge Abdul M. Majumder, Abdullah Fasihallah of Taif university, Adwait Vikas Bhide, Frederik Schmid, Nikita, and an anonymous researcher for their assistance. Telephony We would like to acknowledge Onur Can Bıkmaz, Vodafone Turkey @canbkmaz, Yiğit Can YILMAZ (@yilmazcanyigit), an anonymous researcher for their assistance. Entry updated November 12, 2020 UIKit We would like to acknowledge Borja Marcos of Sarenet, Simon de Vegt, and Talal Haj Bakry (@hajbakri) and Tommy Mysk (@tommymysk) of Mysk Inc for their assistance. Web App We would like to acknowledge Augusto Alvarez of Outcourse Limited for their assistance. WebKit We would like to acknowledge Pawel Wylecial of REDTEAM.PL, Ryan Pickren (ryanpickren.com), Tsubasa FUJII (@reinforchu), Zhiyang Zeng(@Wester) of OPPO ZIWU Security Lab for their assistance. Entry added November 12, 2020 Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 14.0 and iPadOS 14.0". This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl+uxqgACgkQZcsbuWJ6 jjBhIhAAhLzDSjgjVzG0JLzEerhFBcAWQ1G8ogmIdxuC0aQfvxO4V1NriKzUcmsZ UgQCEdN4kzfLsj3KeuwSeq0pg2CX1eZdgY/FyuOBRzljsmGPXJgkyYapJww6mC8n 7jeJazKusiyaRmScLYDwvbOQGlaqCfu6HrM9umMpLfwPGjFqe/gz8jyxohdVZx9t pNC0g9l37dVJIvFRc1mAm9HAnIQoL8CDOEd96jVYiecB8xk0X6CwjZ7nGzYJc5LZ A54EaN0dDz+8q8jgylmAd8xkA8Pgdsxw+LWDr1TxPuu3XIzYa98S1AsItK2eiWx8 pIhrzVZ3fk1w3+W/cSWrgzUq4ouijWcWw9dmVgxmzv9ldL/pS+wIgFsYLJm4xHAp PH+9p3JmMQks9BWgr3h+NEcJwCUm5J7y0PNuCnQL2iKzn4jikqgfCXHZOidkPV3t KjeeIFX30AGI7cUqhRl9GbRn8l5SA4pbd4a0Y5df1PgkDjSXxw91Z1+5S15Qfrzs K8pBlPH37yU3aqMEvxBsN5Fd7vdFdA+pV/aWG5tw4pUlZJC25c50w1ZW0vrnsisg /isPJqXhUWiGAfQ7s5W6W3AMs4PyvRjY+7zzGiHAd+wNkUNwVTbXvKP4W4n/vGH8 uARpQRQsureymLerXpVTwH8ZoeDEeZZwaqNHTQKg/M9ifAZPZUA= =WdqR -----END PGP SIGNATURE----- . Alternatively, on your watch, select "My Watch > General > About"

Trust: 2.7

sources: NVD: CVE-2020-9876 // JVNDB: JVNDB-2020-010568 // ZDI: ZDI-20-1183 // VULHUB: VHN-188001 // VULMON: CVE-2020-9876 // PACKETSTORM: 160061 // PACKETSTORM: 160062 // PACKETSTORM: 160064

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.13.6

Trust: 1.8

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 1.8

vendor:applemodel:icloudscope:ltversion:11.5

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:applemodel:itunesscope:ltversion:12.10.9

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.13.6

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.13

Trust: 1.0

vendor:applemodel:macosscope:lteversion:11.0.1

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:7.20

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.6

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:14.0

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:7.0

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:14.0

Trust: 1.0

vendor:applemodel:icloudscope:gteversion:10.0

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:14.0

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.14.6

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.14

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.5

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:11.0.1 未満 (mac 2014 以降)

Trust: 0.8

vendor:applemodel:icloudscope:eqversion:11.3 未満 (microsoft store から入手した windows 10 以降)

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:11.0.1 未満 (imac pro すべてのモデル)

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:13.6 未満 (ipad air 2 以降)

Trust: 0.8

vendor:applemodel:itunesscope:eqversion:for windows 12.10.9 未満 (windows 7 以降)

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:11.0.1 未満 (macbook pro late 2013 以降)

Trust: 0.8

vendor:applemodel:itunesscope:eqversion:for windows 12.10.8 未満 (windows 7 以降)

Trust: 0.8

vendor:applemodel:icloudscope:eqversion:7.20 未満 (windows 7 以降)

Trust: 0.8

vendor:applemodel:tvosscope:eqversion:14.0 未満 (apple tv 4k)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:14.0 未満 (ipod touch 第 7 世代)

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:13.6 未満 (ipad mini 4 以降)

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:11.0.1 未満 (mac pro 2013 以降)

Trust: 0.8

vendor:applemodel:watchosscope:eqversion:6.2.8 未満 (apple watch series 1 以降)

Trust: 0.8

vendor:applemodel:watchosscope:eqversion:7.0 未満 (apple watch series 3 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:13.6 未満 (iphone 6s 以降)

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:14.0 未満 (ipad air 2 以降)

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:11.0.1 未満 (macbook air 2013 以降)

Trust: 0.8

vendor:applemodel:tvosscope:eqversion:13.4.8 未満 (apple tv 4k)

Trust: 0.8

vendor:applemodel:tvosscope:eqversion:14.0 未満 (apple tv hd)

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:11.0.1 未満 (macbook 2015 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:13.6 未満 (ipod touch 第 7 世代)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:14.0 未満 (iphone 6s 以降)

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:14.0 未満 (ipad mini 4 以降)

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:11.0.1 未満 (mac mini 2014 以降)

Trust: 0.8

vendor:applemodel:icloudscope:eqversion:11.5 未満 (microsoft store から入手した windows 10 以降)

Trust: 0.8

vendor:applemodel:tvosscope:eqversion:13.4.8 未満 (apple tv hd)

Trust: 0.8

vendor:applemodel:macosscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-20-1183 // JVNDB: JVNDB-2020-010568 // NVD: CVE-2020-9876

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9876
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-010568
value: HIGH

Trust: 0.8

ZDI: CVE-2020-9876
value: HIGH

Trust: 0.7

CNNVD: CNNVD-202007-1769
value: HIGH

Trust: 0.6

VULHUB: VHN-188001
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-9876
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9876
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-010568
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-188001
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9876
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-010568
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2020-9876
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-1183 // VULHUB: VHN-188001 // VULMON: CVE-2020-9876 // JVNDB: JVNDB-2020-010568 // CNNVD: CNNVD-202007-1769 // NVD: CVE-2020-9876

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.9

sources: VULHUB: VHN-188001 // JVNDB: JVNDB-2020-010568 // NVD: CVE-2020-9876

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202007-1769

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202007-1769

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-010568

PATCH

title:HT211291url:https://support.apple.com/en-us/HT211291

Trust: 0.8

title:HT211935url:https://support.apple.com/en-us/HT211935

Trust: 0.8

title:HT211293url:https://support.apple.com/en-us/HT211293

Trust: 0.8

title:HT211952url:https://support.apple.com/en-us/HT211952

Trust: 0.8

title:HT211294url:https://support.apple.com/en-us/HT211294

Trust: 0.8

title:HT211295url:https://support.apple.com/en-us/HT211295

Trust: 0.8

title:HT211843url:https://support.apple.com/en-us/HT211843

Trust: 0.8

title:HT211288url:https://support.apple.com/en-us/HT211288

Trust: 0.8

title:HT211844url:https://support.apple.com/en-us/HT211844

Trust: 0.8

title:HT211289url:https://support.apple.com/en-us/HT211289

Trust: 0.8

title:HT211850url:https://support.apple.com/en-us/HT211850

Trust: 0.8

title:HT211290url:https://support.apple.com/en-us/HT211290

Trust: 0.8

title:HT211931url:https://support.apple.com/en-us/HT211931

Trust: 0.8

title:HT211295url:https://support.apple.com/ja-jp/HT211295

Trust: 0.8

title:HT211843url:https://support.apple.com/ja-jp/HT211843

Trust: 0.8

title:HT211844url:https://support.apple.com/ja-jp/HT211844

Trust: 0.8

title:HT211288url:https://support.apple.com/ja-jp/HT211288

Trust: 0.8

title:HT211850url:https://support.apple.com/ja-jp/HT211850

Trust: 0.8

title:HT211289url:https://support.apple.com/ja-jp/HT211289

Trust: 0.8

title:HT211931url:https://support.apple.com/ja-jp/HT211931

Trust: 0.8

title:HT211290url:https://support.apple.com/ja-jp/HT211290

Trust: 0.8

title:HT211935url:https://support.apple.com/ja-jp/HT211935

Trust: 0.8

title:HT211291url:https://support.apple.com/ja-jp/HT211291

Trust: 0.8

title:HT211293url:https://support.apple.com/ja-jp/HT211293

Trust: 0.8

title:HT211952url:https://support.apple.com/ja-jp/HT211952

Trust: 0.8

title:HT211294url:https://support.apple.com/ja-jp/HT211294

Trust: 0.8

title:Apple has issued an update to correct this vulnerability.url:https://support.apple.com/en-gb/HT211293

Trust: 0.7

title:Multiple Apple product ImageIO Fixes for component security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=125950

Trust: 0.6

title:CSAF-Toolurl:https://github.com/anthonyharrison/csaf

Trust: 0.1

title:CVE-T4PDF Table of contents List of CVEs List of Techniquesurl:https://github.com/0xCyberY/CVE-T4PDF

Trust: 0.1

sources: ZDI: ZDI-20-1183 // VULMON: CVE-2020-9876 // JVNDB: JVNDB-2020-010568 // CNNVD: CNNVD-202007-1769

EXTERNAL IDS

db:NVDid:CVE-2020-9876

Trust: 3.6

db:PACKETSTORMid:160061

Trust: 0.8

db:JVNid:JVNVU99462952

Trust: 0.8

db:JVNid:JVNVU95491800

Trust: 0.8

db:JVNid:JVNVU92546061

Trust: 0.8

db:JVNid:JVNVU94090210

Trust: 0.8

db:JVNid:JVNVU92370378

Trust: 0.8

db:JVNDBid:JVNDB-2020-010568

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-11165

Trust: 0.7

db:ZDIid:ZDI-20-1183

Trust: 0.7

db:CNNVDid:CNNVD-202007-1769

Trust: 0.7

db:NSFOCUSid:50007

Trust: 0.6

db:AUSCERTid:ESB-2020.3181.2

Trust: 0.6

db:AUSCERTid:ESB-2020.4060.2

Trust: 0.6

db:PACKETSTORMid:160064

Trust: 0.2

db:PACKETSTORMid:160062

Trust: 0.2

db:CNVDid:CNVD-2020-49293

Trust: 0.1

db:VULHUBid:VHN-188001

Trust: 0.1

db:VULMONid:CVE-2020-9876

Trust: 0.1

sources: ZDI: ZDI-20-1183 // VULHUB: VHN-188001 // VULMON: CVE-2020-9876 // JVNDB: JVNDB-2020-010568 // PACKETSTORM: 160061 // PACKETSTORM: 160062 // PACKETSTORM: 160064 // CNNVD: CNNVD-202007-1769 // NVD: CVE-2020-9876

REFERENCES

url:https://support.apple.com/kb/ht211293

Trust: 2.4

url:https://support.apple.com/kb/ht211294

Trust: 2.4

url:https://support.apple.com/kb/ht211843

Trust: 1.8

url:https://support.apple.com/kb/ht211844

Trust: 1.8

url:https://support.apple.com/kb/ht211850

Trust: 1.8

url:https://support.apple.com/kb/ht211931

Trust: 1.8

url:https://support.apple.com/kb/ht211935

Trust: 1.8

url:https://support.apple.com/kb/ht211952

Trust: 1.8

url:http://seclists.org/fulldisclosure/2020/nov/20

Trust: 1.8

url:http://seclists.org/fulldisclosure/2020/nov/19

Trust: 1.8

url:http://seclists.org/fulldisclosure/2020/nov/22

Trust: 1.8

url:http://seclists.org/fulldisclosure/2020/dec/32

Trust: 1.8

url:https://support.apple.com/kb/ht211288

Trust: 1.8

url:https://support.apple.com/kb/ht211289

Trust: 1.8

url:https://support.apple.com/kb/ht211290

Trust: 1.8

url:https://support.apple.com/kb/ht211291

Trust: 1.8

url:https://support.apple.com/kb/ht211295

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-9876

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9876

Trust: 0.8

url:http://jvn.jp/vu/jvnvu94090210/index.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu95491800/index.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu92546061/index.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu99462952/index.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu92370378/index.html

Trust: 0.8

url:https://support.apple.com/en-gb/ht211293

Trust: 0.7

url:https://support.apple.com/en-us/ht211935

Trust: 0.6

url:https://packetstormsecurity.com/files/160061/apple-security-advisory-2020-11-13-3.html

Trust: 0.6

url:http://www.nsfocus.net/vulndb/50007

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3181.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4060.2/

Trust: 0.6

url:https://support.apple.com/en-us/ht211844

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-9961

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-13434

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-13435

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-9951

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-9947

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-9944

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-9954

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-13631

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-9943

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-9965

Trust: 0.3

url:https://www.apple.com/support/security/pgp/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-15358

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-13630

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-9949

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-9849

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-9950

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-9952

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-9941

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9946

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-10013

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9983

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9981

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9991

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9976

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9968

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9966

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9969

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://github.com/anthonyharrison/csaf

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.apple.com/itunes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9964

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6147

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9963

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9773

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9958

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14899

Trust: 0.1

url:https://support.apple.com/ht211850.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13520

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9959

Trust: 0.1

url:https://support.apple.com/ht211843.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9979

Trust: 0.1

url:https://support.apple.com/kb/ht204641

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9993

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9989

Trust: 0.1

url:https://support.apple.com/ht211844.

Trust: 0.1

sources: ZDI: ZDI-20-1183 // VULHUB: VHN-188001 // VULMON: CVE-2020-9876 // JVNDB: JVNDB-2020-010568 // PACKETSTORM: 160061 // PACKETSTORM: 160062 // PACKETSTORM: 160064 // CNNVD: CNNVD-202007-1769 // NVD: CVE-2020-9876

CREDITS

Apple

Trust: 0.9

sources: PACKETSTORM: 160061 // PACKETSTORM: 160062 // PACKETSTORM: 160064 // CNNVD: CNNVD-202007-1769

SOURCES

db:ZDIid:ZDI-20-1183
db:VULHUBid:VHN-188001
db:VULMONid:CVE-2020-9876
db:JVNDBid:JVNDB-2020-010568
db:PACKETSTORMid:160061
db:PACKETSTORMid:160062
db:PACKETSTORMid:160064
db:CNNVDid:CNNVD-202007-1769
db:NVDid:CVE-2020-9876

LAST UPDATE DATE

2024-11-23T20:52:50.401000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-20-1183date:2020-09-17T00:00:00
db:VULHUBid:VHN-188001date:2023-01-09T00:00:00
db:VULMONid:CVE-2020-9876date:2023-01-09T00:00:00
db:JVNDBid:JVNDB-2020-010568date:2021-01-27T05:47:07
db:CNNVDid:CNNVD-202007-1769date:2022-10-13T00:00:00
db:NVDid:CVE-2020-9876date:2024-11-21T05:41:27.163

SOURCES RELEASE DATE

db:ZDIid:ZDI-20-1183date:2020-08-05T00:00:00
db:VULHUBid:VHN-188001date:2020-10-22T00:00:00
db:VULMONid:CVE-2020-9876date:2020-10-22T00:00:00
db:JVNDBid:JVNDB-2020-010568date:2021-01-27T05:47:07
db:PACKETSTORMid:160061date:2020-11-13T20:32:22
db:PACKETSTORMid:160062date:2020-11-13T22:22:22
db:PACKETSTORMid:160064date:2020-11-14T12:44:44
db:CNNVDid:CNNVD-202007-1769date:2020-07-30T00:00:00
db:NVDid:CVE-2020-9876date:2020-10-22T18:15:14.690