ID

VAR-202010-1503


CVE

CVE-2020-9936


TITLE

plural Apple Out-of-bounds write vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-009682

DESCRIPTION

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. plural Apple An out-of-bounds write vulnerability exists in the product due to a flaw in the processing related to boundary checks.Arbitrary code can be executed by processing maliciously created images. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the ImageIO framework. Crafted data in a PIC image can trigger a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in the ImageIO component of several Apple products. The following products and versions are affected: Apple iOS prior to 13.6; iPadOS prior to 13.6; tvOS prior to 13.4.8; watchOS prior to 6.2.8; macOS Catalina prior to 10.15.6; Windows-based iTunes prior to 12.10.8 . CVE-2020-9799: ABC Research s.r.o. Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl8PhNUACgkQBz4uGe3y 0M0E+RAAp2U0LzUJ1tDoQZsm0yUZ9aEz1BDuQXKH9wAMV+nHCa9A7PbaLqwwxbni T3jjW35hw5s5II2l4HpN2qtFbm8B2ZLrMRyFTFvlOyLtyWmn5iOPYTdT6Uf4EUgS xXtPdYJ/7lFBeCCGuVuBJ2QnJN9L2MJQFhh5Cvya2YOhxHYsRA5iPNJeehFZ1N0f 42Se8Tcn/0NXLK0+qRl0m8TLa80hQaisGLH9RPQTxCu3vaJVD0fvcQ1eOkH8ETXR dqIO4nsP2kuD8QMjC8DXo3KT9fTFv1iUy0s96zMEl95Ekg4dL0nsBxKwfI2kSyZ5 1vE346GRG23w9on0FU+2qoq4LfXKmJ5HLB4xDxegm/PLdd842tppv2LAmSO8vRZR Qmin4IERfEmGEUGKDsFM4tGH5j34mAlDklgil3/H9Ca0ucchpoIFiP8jmXytNCqy lIafyOfIfInBAqlZizV0/9l37JKXTvispcAuJMg5fb29zvtprOSIP075jN9KMRB3 k3liMFwPgs+kNS5smQsbVVYOWphP1jgbXozjqfoIKUdFxecHjHVfl6e2W3kDPgf6 noQSn3lgPulVYgn3LqzEhL7G3QtRyzEzgqWG1sinlFJCDrmCBC5p+6lESuRVCcAk d3AKO4eyJ9CCcLL9+nBYL1tx94Wb2MyaIHJld3GcLFf3Y+UmtB8= =TFfd -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-07-15-3 tvOS 13.4.8 tvOS 13.4.8 is now available and addresses the following: Audio Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9889: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab Audio Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9888: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab CVE-2020-9890: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab CVE-2020-9891: JunDong Xie and XingWei Li of Ant-financial Light-Year Security Lab AVEVideoEncoder Available for: Apple TV 4K and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2020-9907: an anonymous researcher Crash Reporter Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2020-9865: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud GeoServices Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to read sensitive location information Description: An authorization issue was addressed with improved state management. CVE-2020-9933: Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc. iAP Available for: Apple TV 4K and Apple TV HD Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: An input validation issue existed in Bluetooth. CVE-2020-9914: Andy Davis of NCC Group ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9936: Mickey Jin of Trend Micro Kernel Available for: Apple TV 4K and Apple TV HD Impact: An attacker in a privileged network position may be able to inject into active connections within a VPN tunnel Description: A routing issue was addressed with improved restrictions. CVE-2019-14899: William J. Tolley, Beau Kujath, and Jedidiah R. Crandall Kernel Available for: Apple TV 4K and Apple TV HD Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9909: Brandon Azad of Google Project Zero WebKit Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Description: An access issue existed in Content Security Policy. CVE-2020-9915: an anonymous researcher WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2020-9925: an anonymous researcher WebKit Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative CVE-2020-9895: Wen Xu of SSLab, Georgia Tech WebKit Available for: Apple TV 4K and Apple TV HD Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: Multiple issues were addressed with improved logic. CVE-2020-9910: Samuel Groß of Google Project Zero WebKit Page Loading Available for: Apple TV 4K and Apple TV HD Impact: A malicious attacker may be able to conceal the destination of a URL Description: A URL Unicode encoding issue was addressed with improved state management. CVE-2020-9916: Rakesh Mane (@RakeshMane10) WebKit Web Inspector Available for: Apple TV 4K and Apple TV HD Impact: Copying a URL from Web Inspector may lead to command injection Description: A command injection issue existed in Web Inspector. CVE-2020-9862: Ophir Lojkine (@lovasoa) Wi-Fi Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9918: Jianjun Dai of 360 Alpha Lab working with 360 BugCloud (bugcloud.360.cn) Additional recognition Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl8PhQUACgkQBz4uGe3y 0M33Vw//fmvay18+s9sn8Gv2VfSgT2VcmDHMNTch9QoYbm7spSflAc8zWdToUOpK fiJAVEHB+adcGy3syi4z+utNf3l1XchVMuaxLKzDyS7LDiDIwczivrr642A+ahlk vrHXcdwQkf0Y3QdQF9DwcOfzyNvaRRJ2eICKlrjm4BrcoP63eoBTGKgcZp6EAOQu c0X5M2F2GcV4VwSmSuzKtsNlkjWlaD55meVWjGZGGUp4d0tk0BtmAWISAXf2NfFF WQyKQ9snXMzzF4SRA3cbWqFFluKDYyPx7Lh2jLB+KcrTRCtuMi+cAu3QQezRwIUD LnKzLbAbOO8Mu67aLjoBdW0IdCHbGpdK6I/aGi0eV029+tBdcn5UOfPIhGT9WDkQ tlDr5RCqWvc02F6e5SetIGRY1YGV6DWqo0U1h6cBdVgnx5g3aIZzXihATMV+4bxj Vijf8iDG5LsO4Bx8g1aekrn37OQnr7WuFHLZrHKZyQejn6IdOQ2fyzH43/0mLiE3 eaoGwghlFXhOpbUx26owjEkDuC5GgboctjefqtJ9Zu7yfSS2GDAq23Qp9IXy/Avf cIIB0bnz9Mk+2qrZ2GDZXBePacLoVSNvaBywyrs6MMANrsi3Ioq3xug8b8WnTozL lMrdAVr64+qTn0YTc6QwNs9golbRQh3z2U6Hk/niQXlWZilaK/s= =+zqK -----END PGP SIGNATURE-----

Trust: 2.7

sources: NVD: CVE-2020-9936 // JVNDB: JVNDB-2020-009682 // ZDI: ZDI-20-910 // VULHUB: VHN-188061 // VULMON: CVE-2020-9936 // PACKETSTORM: 158457 // PACKETSTORM: 158461 // PACKETSTORM: 158458

AFFECTED PRODUCTS

vendor:applemodel:icloudscope:ltversion:11.3

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:7.20

Trust: 1.0

vendor:applemodel:itunesscope:ltversion:12.10.8

Trust: 1.0

vendor:applemodel:safariscope:ltversion:13.1.2

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:13.4.8

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:6.2.8

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:13.6

Trust: 1.0

vendor:applemodel:icloudscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:13.6

Trust: 1.0

vendor:applemodel:icloudscope:eqversion:7.20 未満 (windows 7 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:13.6 未満 (iphone 6s 以降)

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.15.5

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:13.6 未満 (ipad mini 4 以降)

Trust: 0.8

vendor:applemodel:watchosscope:eqversion:6.2.8 未満 (apple watch series 1 以降)

Trust: 0.8

vendor:applemodel:icloudscope:eqversion:11.3 未満 (microsoft store から入手した windows 10 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:13.6 未満 (ipod touch 第 7 世代)

Trust: 0.8

vendor:applemodel:tvosscope:eqversion:13.4.8 未満 (apple tv hd)

Trust: 0.8

vendor:applemodel:ipadosscope:eqversion:13.6 未満 (ipad air 2 以降)

Trust: 0.8

vendor:applemodel:tvosscope:eqversion:13.4.8 未満 (apple tv 4k)

Trust: 0.8

vendor:applemodel:itunesscope:eqversion:for windows 12.10.8 未満 (windows 7 以降)

Trust: 0.8

vendor:applemodel:macosscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-20-910 // JVNDB: JVNDB-2020-009682 // NVD: CVE-2020-9936

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9936
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-009682
value: HIGH

Trust: 0.8

ZDI: CVE-2020-9936
value: HIGH

Trust: 0.7

CNNVD: CNNVD-202007-1096
value: HIGH

Trust: 0.6

VULHUB: VHN-188061
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-9936
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9936
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-009682
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-188061
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9936
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-009682
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2020-9936
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-910 // VULHUB: VHN-188061 // VULMON: CVE-2020-9936 // JVNDB: JVNDB-2020-009682 // CNNVD: CNNVD-202007-1096 // NVD: CVE-2020-9936

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.9

sources: VULHUB: VHN-188061 // JVNDB: JVNDB-2020-009682 // NVD: CVE-2020-9936

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202007-1096

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202007-1096

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-009682

PATCH

title:HT211291url:https://support.apple.com/en-us/HT211291

Trust: 0.8

title:HT211293url:https://support.apple.com/en-us/HT211293

Trust: 0.8

title:HT211294url:https://support.apple.com/en-us/HT211294

Trust: 0.8

title:HT211295url:https://support.apple.com/en-us/HT211295

Trust: 0.8

title:HT211288url:https://support.apple.com/en-us/HT211288

Trust: 0.8

title:HT211289url:https://support.apple.com/en-us/HT211289

Trust: 0.8

title:HT211290url:https://support.apple.com/en-us/HT211290

Trust: 0.8

title:HT211293url:https://support.apple.com/ja-jp/HT211293

Trust: 0.8

title:HT211294url:https://support.apple.com/ja-jp/HT211294

Trust: 0.8

title:HT211295url:https://support.apple.com/ja-jp/HT211295

Trust: 0.8

title:HT211288url:https://support.apple.com/ja-jp/HT211288

Trust: 0.8

title:HT211289url:https://support.apple.com/ja-jp/HT211289

Trust: 0.8

title:HT211290url:https://support.apple.com/ja-jp/HT211290

Trust: 0.8

title:HT211291url:https://support.apple.com/ja-jp/HT211291

Trust: 0.8

title:Apple has issued an update to correct this vulnerability.url:https://support.apple.com/en-gb/HT211289

Trust: 0.7

title:Multiple Apple product ImageIO Fixes for component security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=124779

Trust: 0.6

title:Apple: macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierraurl:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=aa30f53f014f01d7a0510a965599d2a9

Trust: 0.1

title:Apple: iCloud for Windows 7.20url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=50e6b35a047c9702f4cdebdf81483b05

Trust: 0.1

title:Apple: iCloud for Windows 11.3url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=947a08401ec7e5f309d5ae26f5006f48

Trust: 0.1

title:Apple: iOS 13.6 and iPadOS 13.6url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=a82d39d4c9a42fcf07757428b2f562b3

Trust: 0.1

title: - url:https://www.theregister.co.uk/2020/07/16/apple_july_updates/

Trust: 0.1

sources: ZDI: ZDI-20-910 // VULMON: CVE-2020-9936 // JVNDB: JVNDB-2020-009682 // CNNVD: CNNVD-202007-1096

EXTERNAL IDS

db:NVDid:CVE-2020-9936

Trust: 3.6

db:ZDIid:ZDI-20-910

Trust: 1.3

db:JVNid:JVNVU95491800

Trust: 0.8

db:JVNid:JVNVU94090210

Trust: 0.8

db:JVNDBid:JVNDB-2020-009682

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-11107

Trust: 0.7

db:CNNVDid:CNNVD-202007-1096

Trust: 0.7

db:PACKETSTORMid:158461

Trust: 0.7

db:NSFOCUSid:50005

Trust: 0.6

db:AUSCERTid:ESB-2020.2432

Trust: 0.6

db:CNVDid:CNVD-2020-49302

Trust: 0.1

db:VULHUBid:VHN-188061

Trust: 0.1

db:VULMONid:CVE-2020-9936

Trust: 0.1

db:PACKETSTORMid:158457

Trust: 0.1

db:PACKETSTORMid:158458

Trust: 0.1

sources: ZDI: ZDI-20-910 // VULHUB: VHN-188061 // VULMON: CVE-2020-9936 // JVNDB: JVNDB-2020-009682 // PACKETSTORM: 158457 // PACKETSTORM: 158461 // PACKETSTORM: 158458 // CNNVD: CNNVD-202007-1096 // NVD: CVE-2020-9936

REFERENCES

url:https://support.apple.com/ht211288

Trust: 1.8

url:https://support.apple.com/ht211289

Trust: 1.8

url:https://support.apple.com/ht211290

Trust: 1.8

url:https://support.apple.com/ht211291

Trust: 1.8

url:https://support.apple.com/ht211293

Trust: 1.8

url:https://support.apple.com/ht211294

Trust: 1.8

url:https://support.apple.com/ht211295

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-9936

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9936

Trust: 0.8

url:http://jvn.jp/vu/jvnvu94090210/index.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu95491800/index.html

Trust: 0.8

url:https://support.apple.com/en-gb/ht211289

Trust: 0.7

url:https://www.zerodayinitiative.com/advisories/zdi-20-910/

Trust: 0.6

url:https://support.apple.com/en-us/ht211291

Trust: 0.6

url:https://support.apple.com/kb/ht211288

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-32847

Trust: 0.6

url:http://www.nsfocus.net/vulndb/50005

Trust: 0.6

url:https://support.apple.com/en-us/ht211295

Trust: 0.6

url:https://support.apple.com/kb/ht211294

Trust: 0.6

url:https://support.apple.com/kb/ht211293

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2432/

Trust: 0.6

url:https://packetstormsecurity.com/files/158461/apple-security-advisory-2020-07-15-4.html

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-9918

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-9889

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-9888

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-9891

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-9890

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-9865

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-14899

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9885

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9915

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9925

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9894

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9909

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9916

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9933

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9910

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9895

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9893

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9862

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/185431

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9878

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19906

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9799

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9913

Trust: 0.1

url:https://support.apple.com/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9864

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9866

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9884

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9934

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9870

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20807

Trust: 0.1

url:https://support.apple.com/kb/ht204641

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9923

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9914

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9907

Trust: 0.1

sources: ZDI: ZDI-20-910 // VULHUB: VHN-188061 // VULMON: CVE-2020-9936 // JVNDB: JVNDB-2020-009682 // PACKETSTORM: 158457 // PACKETSTORM: 158461 // PACKETSTORM: 158458 // CNNVD: CNNVD-202007-1096 // NVD: CVE-2020-9936

CREDITS

Mickey Jin of Trend Micro Mobile Security Research Team

Trust: 0.7

sources: ZDI: ZDI-20-910

SOURCES

db:ZDIid:ZDI-20-910
db:VULHUBid:VHN-188061
db:VULMONid:CVE-2020-9936
db:JVNDBid:JVNDB-2020-009682
db:PACKETSTORMid:158457
db:PACKETSTORMid:158461
db:PACKETSTORMid:158458
db:CNNVDid:CNNVD-202007-1096
db:NVDid:CVE-2020-9936

LAST UPDATE DATE

2024-08-14T12:57:27.091000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-20-910date:2020-07-21T00:00:00
db:VULHUBid:VHN-188061date:2023-01-09T00:00:00
db:VULMONid:CVE-2020-9936date:2020-10-20T00:00:00
db:JVNDBid:JVNDB-2020-009682date:2020-11-27T06:28:37
db:CNNVDid:CNNVD-202007-1096date:2023-01-10T00:00:00
db:NVDid:CVE-2020-9936date:2023-01-09T16:41:59.350

SOURCES RELEASE DATE

db:ZDIid:ZDI-20-910date:2020-07-21T00:00:00
db:VULHUBid:VHN-188061date:2020-10-16T00:00:00
db:VULMONid:CVE-2020-9936date:2020-10-16T00:00:00
db:JVNDBid:JVNDB-2020-009682date:2020-11-27T06:28:37
db:PACKETSTORMid:158457date:2020-07-17T19:23:49
db:PACKETSTORMid:158461date:2020-07-17T19:28:19
db:PACKETSTORMid:158458date:2020-07-17T19:24:07
db:CNNVDid:CNNVD-202007-1096date:2020-07-15T00:00:00
db:NVDid:CVE-2020-9936date:2020-10-16T17:15:17.700