Apple Apple Software and Device Maker

stack.watch can notify you when security vulnerabilities are reported in any Apple product. You can add multiple products that you use with Apple to create your own personal software stack watcher.

Products by Apple Sorted by Most Security Vulnerabilities since 2018

Apple iOS582 vulnerabilities
The iOS Operating System used by iPhones.

Apple Mac OSX487 vulnerabilities
Macintosh Operating System

Apple TV OS364 vulnerabilities
Apple TV Operating System

Apple Watch OS320 vulnerabilities
Apple Watch Operating System

Apple Safari267 vulnerabilities

Apple iTunes152 vulnerabilities
Apple iTunes Software

Apple Icloud124 vulnerabilities

Apple iPad OS90 vulnerabilities
Apple iPad Operating System

Apple iPad OS44 vulnerabilities
Apple iPad Operating System

Apple Tv25 vulnerabilities

Apple Xcode10 vulnerabilities

Apple Tv Os7 vulnerabilities

Apple Shortcuts2 vulnerabilities

Apple Swiftnio Ssl1 vulnerability

Apple Shazam1 vulnerability

Apple Texture1 vulnerability

Apple Mac Os1 vulnerability

Apple Swift1 vulnerability

Apple Iphone 3gs1 vulnerability

Apple Nioextras1 vulnerability

Apple Cups1 vulnerability

Apple Swiftnio1 vulnerability

Apple Watch Os1 vulnerability

By the Year

In 2020 there have been 155 vulnerabilities in Apple with an average score of 6.9 out of ten. Last year Apple had 514 security vulnerabilities published. Right now, Apple is on track to have less security vulerabilities in 2020 than it did last year. Last year, the average CVE base score was greater by 0.51

Year Vulnerabilities Average Score
2020 155 6.93
2019 514 7.43
2018 144 7.39

It may take a day or so for new Apple vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Apple Security Vulnerabilities

A logic issue was addressed with improved restrictions

CVE-2020-9850 9.8 - Critical - June 09, 2020

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.

An input validation issue was addressed with improved input validation

CVE-2020-9843 6.1 - Medium - June 09, 2020

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack.

XSS

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2020-9789 8.8 - High - June 09, 2020

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.

Out-of-bounds Write

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2020-9790 8.8 - High - June 09, 2020

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.

Out-of-bounds Write

An out-of-bounds read was addressed with improved bounds checking

CVE-2020-9794 8.1 - High - June 09, 2020

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents.

Out-of-bounds Read

A type confusion issue was addressed with improved memory handling

CVE-2020-9800 8.8 - High - June 09, 2020

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

Object Type Confusion

A logic issue was addressed with improved restrictions

CVE-2020-9802 8.8 - High - June 09, 2020

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

A logic issue was addressed with improved restrictions

CVE-2020-9805 6.1 - Medium - June 09, 2020

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting.

XSS

A memory corruption issue was addressed with improved validation

CVE-2020-9803 8.8 - High - June 09, 2020

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

A memory corruption issue was addressed with improved state management

CVE-2020-9806 8.8 - High - June 09, 2020

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

A memory corruption issue was addressed with improved state management

CVE-2020-9807 8.8 - High - June 09, 2020

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

A logic issue was addressed with improved restrictions

CVE-2020-9801 5.3 - Medium - June 09, 2020

A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.1. A malicious process may cause Safari to launch an application.

An access issue was addressed with additional sandbox restrictions

CVE-2020-9825 7.8 - High - June 09, 2020

An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A malicious application may be able to bypass Privacy preferences.

A logic issue was addressed with improved restrictions

CVE-2020-9820 7.5 - High - June 09, 2020

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to modify the file system.

A use after free issue was addressed with improved memory management

CVE-2020-9795 7.8 - High - June 09, 2020

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to execute arbitrary code with kernel privileges.

Dangling pointer

A memory corruption issue was addressed with improved state management

CVE-2020-9808 7.1 - High - June 09, 2020

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to cause unexpected system termination or write kernel memory.

Memory Corruption

A logic issue existed resulting in memory corruption

CVE-2020-9813 7.8 - High - June 09, 2020

A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

A logic issue existed resulting in memory corruption

CVE-2020-9814 7.8 - High - June 09, 2020

A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

An out-of-bounds read was addressed with improved bounds checking

CVE-2020-9815 7.8 - High - June 09, 2020

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution.

Out-of-bounds Read

A memory consumption issue was addressed with improved memory handling

CVE-2020-9819 4.3 - Medium - June 09, 2020

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5, watchOS 5.3.7. Processing a maliciously crafted mail message may lead to heap corruption.

Memory Corruption

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2020-9818 8.8 - High - June 09, 2020

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination.

Out-of-bounds Write

An out-of-bounds read was addressed with improved bounds checking

CVE-2020-9837 7.5 - High - June 09, 2020

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. A remote attacker may be able to leak memory.

Out-of-bounds Read

An out-of-bounds read was addressed with improved bounds checking

CVE-2020-9838 9.8 - Critical - June 09, 2020

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to cause arbitrary code execution.

Out-of-bounds Read

A race condition was addressed with improved state handling

CVE-2020-9839 7 - High - June 09, 2020

A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges.

Race Condition

This issue was addressed with improved checks

CVE-2020-9842 5.5 - Medium - June 09, 2020

This issue was addressed with improved checks. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to use arbitrary entitlements.

An authorization issue was addressed with improved state management

CVE-2020-9848 2.4 - Low - June 09, 2020

An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5. A person with physical access to an iOS device may be able to view notification contents from the lockscreen.

Information Leak

An integer overflow was addressed through improved input validation

CVE-2020-9852 7.8 - High - June 09, 2020

An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.

Integer Overflow or Wraparound

A denial of service issue was addressed with improved input validation

CVE-2020-9827 7.5 - High - June 09, 2020

A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause a denial of service.

A validation issue was addressed with improved input sanitization

CVE-2020-9829 6.5 - Medium - June 09, 2020

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted text message may lead to application denial of service.

Improper Input Validation

An issue existed in the pausing of FaceTime video

CVE-2020-9835 5.3 - Medium - June 09, 2020

An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 13.5 and iPadOS 13.5. A users video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing.

Improper Input Validation

An out-of-bounds read was addressed with improved input validation

CVE-2020-9791 7.8 - High - June 09, 2020

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution.

Out-of-bounds Read

A memory corruption issue was addressed with improved state management

CVE-2020-9821 7.8 - High - June 09, 2020

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

A denial of service issue was addressed with improved input validation

CVE-2020-9826 7.5 - High - June 09, 2020

A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause a denial of service.

Improper Input Validation

This issue was addressed with improved checks

CVE-2020-9823 7.5 - High - June 09, 2020

This issue was addressed with improved checks. This issue is fixed in iOS 13.5 and iPadOS 13.5. Users removed from an iMessage conversation may still be able to alter state.

A memory corruption issue was addressed with improved input validation

CVE-2020-9793 7.8 - High - June 09, 2020

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause arbitrary code execution.

Memory Corruption

An information disclosure issue was addressed by removing the vulnerable code

CVE-2020-9797 5.5 - Medium - June 09, 2020

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine another application's memory layout.

Information Leak

An information disclosure issue was addressed with improved state management

CVE-2020-9809 5.5 - Medium - June 09, 2020

An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine kernel memory layout.

Information Leak

An information disclosure issue was addressed with improved state management

CVE-2020-9811 5.5 - Medium - June 09, 2020

An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory.

Information Leak

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2020-9816 7.8 - High - June 09, 2020

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.

Out-of-bounds Write

A double free issue was addressed with improved memory management

CVE-2020-9844 7.5 - High - June 09, 2020

A double free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.

Double-free

An information disclosure issue was addressed with improved state management

CVE-2020-9812 5.5 - Medium - June 09, 2020

An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory.

Information Leak

An integer overflow was addressed through improved input validation

CVE-2020-9841 7.8 - High - June 09, 2020

An integer overflow was addressed through improved input validation. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.

Integer Overflow or Wraparound

An out-of-bounds read was addressed with improved bounds checking

CVE-2020-9847 8.6 - High - June 09, 2020

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to break out of its sandbox.

Out-of-bounds Read

An access issue was addressed with improved access restrictions

CVE-2020-9851 5.5 - Medium - June 09, 2020

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to modify protected parts of the file system.

Incorrect Permission Assignment for Critical Resource

A memory corruption issue was addressed with improved state management

CVE-2020-9830 7.8 - High - June 09, 2020

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

An out-of-bounds read was addressed with improved bounds checking

CVE-2020-9831 5.5 - Medium - June 09, 2020

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to determine kernel memory layout.

Out-of-bounds Read

An out-of-bounds read was addressed with improved input validation

CVE-2020-9832 5.5 - Medium - June 09, 2020

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to determine kernel memory layout.

Out-of-bounds Read

A memory initialization issue was addressed with improved memory handling

CVE-2020-9833 5.5 - Medium - June 09, 2020

A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.5. A local user may be able to read kernel memory.

Memory Corruption

A memory corruption issue was addressed with improved input validation

CVE-2020-9834 7.8 - High - June 09, 2020

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2020-9822 7.8 - High - June 09, 2020

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to execute arbitrary code with kernel privileges.

Out-of-bounds Write

A logic issue was addressed with improved restrictions

CVE-2020-9824 7.5 - High - June 09, 2020

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. A non-privileged user may be able to modify restricted network settings.

A validation issue existed in the handling of symlinks

CVE-2020-9855 7.8 - High - June 09, 2020

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.5. A local attacker may be able to elevate their privileges.

Improper Input Validation

A validation issue was addressed with improved input sanitization

CVE-2020-9788 7.8 - High - June 09, 2020

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.5. A file may be incorrectly rendered to execute JavaScript.

Improper Input Validation

A logic issue was addressed with improved restrictions

CVE-2020-9804 4.6 - Medium - June 09, 2020

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. Inserting a USB device that sends invalid messages may cause a kernel panic.

This issue was addressed with improved checks

CVE-2020-9856 5.3 - Medium - June 09, 2020

This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. An application may be able to gain elevated privileges.

Memory Corruption

A permissions issue existed

CVE-2020-9817 7.8 - High - June 09, 2020

A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to gain root privileges.

Incorrect Default Permissions

A validation issue was addressed with improved input sanitization

CVE-2020-9792 4.6 - Medium - June 09, 2020

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A USB device may be able to cause a denial of service.

Improper Input Validation

This issue was addressed with improved checks

CVE-2020-3882 6.5 - Medium - June 09, 2020

This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. Importing a maliciously crafted calendar invitation may exfiltrate user information.

Information Leak

A memory consumption issue was addressed with improved memory handling

CVE-2020-9859 7.8 - High - June 05, 2020

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges.

Uncontrolled Resource Consumption ('Resource Exhaustion')

In SwiftNIO Extras before 1.4.1

CVE-2020-9840 7.5 - High - May 11, 2020

In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions.

A logic issue was addressed with improved state management

CVE-2019-6203 9.8 - Critical - April 17, 2020

A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. An attacker in a privileged network position may be able to intercept network traffic.

Improper Input Validation

An out-of-bounds read was addressed with improved input validation

CVE-2020-3847 9.8 - Critical - April 01, 2020

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to leak memory.

Out-of-bounds Read

A memory corruption issue was addressed with improved input validation

CVE-2020-3848 9.8 - Critical - April 01, 2020

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

Memory Corruption

A memory corruption issue was addressed with improved input validation

CVE-2020-3849 9.8 - Critical - April 01, 2020

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

Memory Corruption

A memory corruption issue was addressed with improved input validation

CVE-2020-3850 9.8 - Critical - April 01, 2020

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

Memory Corruption

A logic issue was addressed with improved restrictions

CVE-2020-3887 4.3 - Medium - April 01, 2020

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download's origin may be incorrectly associated.

A buffer overflow was addressed with improved bounds checking

CVE-2020-3909 9.8 - Critical - April 01, 2020

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.

buffer overrun

A buffer overflow was addressed with improved size validation

CVE-2020-3910 9.8 - Critical - April 01, 2020

A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.

buffer overrun

A buffer overflow was addressed with improved bounds checking

CVE-2020-3911 9.8 - Critical - April 01, 2020

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.

buffer overrun

A use after free issue was addressed with improved memory management

CVE-2020-9783 8.8 - High - April 01, 2020

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to code execution.

Dangling pointer

A logic issue was addressed with improved restrictions

CVE-2020-3885 4.3 - Medium - April 01, 2020

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed.

Always-Incorrect Control Flow Implementation

A race condition was addressed with additional validation

CVE-2020-3894 3.1 - Low - April 01, 2020

A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory.

Race Condition

A memory corruption issue was addressed with improved memory handling

CVE-2020-3895 8.8 - High - April 01, 2020

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

A type confusion issue was addressed with improved memory handling

CVE-2020-3897 8.8 - High - April 01, 2020

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.

Object Type Confusion

A memory consumption issue was addressed with improved memory handling

CVE-2020-3899 8.8 - High - April 01, 2020

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.

Uncontrolled Resource Consumption ('Resource Exhaustion')

A memory corruption issue was addressed with improved memory handling

CVE-2020-3900 8.8 - High - April 01, 2020

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

A type confusion issue was addressed with improved memory handling

CVE-2020-3901 8.8 - High - April 01, 2020

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.

Object Type Confusion

An input validation issue was addressed with improved input validation

CVE-2020-3902 6.1 - Medium - April 01, 2020

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack.

XSS

This issue was addressed with improved checks

CVE-2020-3883 8.8 - High - April 01, 2020

This issue was addressed with improved checks. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to use arbitrary entitlements.

A logic issue was addressed with improved restrictions

CVE-2020-9784 4.3 - Medium - April 01, 2020

A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1. A malicious iframe may use another websites download settings.

A permissions issue existed

CVE-2020-3913 7.8 - High - April 01, 2020

A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, watchOS 6.2. A malicious application may be able to elevate privileges.

Improper Privilege Management

A memory initialization issue was addressed with improved memory handling

CVE-2020-3914 5.5 - Medium - April 01, 2020

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to read restricted memory.

Memory Leak

An access issue was addressed with additional sandbox restrictions

CVE-2020-3916 5.3 - Medium - April 01, 2020

An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. Setting an alternate app icon may disclose a photo without needing permission to access photos.

Information Leak

This issue was addressed with a new entitlement

CVE-2020-3917 5.5 - Medium - April 01, 2020

This issue was addressed with a new entitlement. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to use an SSH client provided by private frameworks.

Exposure of Resource to Wrong Sphere

A memory initialization issue was addressed with improved memory handling

CVE-2020-3919 7.8 - High - April 01, 2020

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

A use after free issue was addressed with improved memory management

CVE-2020-9768 7.8 - High - April 01, 2020

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to execute arbitrary code with system privileges.

Dangling pointer

A logic issue was addressed with improved state management

CVE-2020-9770 6.5 - Medium - April 01, 2020

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to intercept Bluetooth traffic.

Inadequate Encryption Strength

The issue was addressed with improved handling of icon caches

CVE-2020-9773 3.3 - Low - April 01, 2020

The issue was addressed with improved handling of icon caches. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to identify what other applications a user has installed.

Information Leak

An issue existed in the handling of tabs displaying picture in picture video

CVE-2020-9775 5.3 - Medium - April 01, 2020

An issue existed in the handling of tabs displaying picture in picture video. The issue was corrected with improved state handling. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user's private browsing activity may be unexpectedly saved in Screen Time.

Improper Initialization

An issue existed in the selection of video file by Mail

CVE-2020-9777 5.3 - Medium - April 01, 2020

An issue existed in the selection of video file by Mail. The issue was fixed by selecting the latest version of a video. This issue is fixed in iOS 13.4 and iPadOS 13.4. Cropped videos may not be shared properly via Mail.

Improper Input Validation

The issue was resolved by clearing application previews when content is deleted

CVE-2020-9780 3.3 - Low - April 01, 2020

The issue was resolved by clearing application previews when content is deleted. This issue is fixed in iOS 13.4 and iPadOS 13.4. A local user may be able to view deleted content in the app switcher.

Information Leak

The issue was addressed by clearing website permission prompts after navigation

CVE-2020-9781 5.3 - Medium - April 01, 2020

The issue was addressed by clearing website permission prompts after navigation. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user may grant website permissions to a site they didn't intend to.

Improper Preservation of Permissions

Multiple memory corruption issues were addressed with improved state management

CVE-2020-9785 7.8 - High - April 01, 2020

Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

A logic issue was addressed with improved restrictions

CVE-2020-3888 4.3 - Medium - April 01, 2020

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4. A maliciously crafted page may interfere with other web contexts.

The issue was addressed with improved deletion

CVE-2020-3890 5.3 - Medium - April 01, 2020

The issue was addressed with improved deletion. This issue is fixed in iOS 13.4 and iPadOS 13.4. Deleted messages groups may still be suggested as an autocompletion.

Exposure of Resource to Wrong Sphere

A logic issue was addressed with improved state management

CVE-2020-3891 2.4 - Low - April 01, 2020

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. A person with physical access to a locked iOS device may be able to respond to messages even when replies are disabled.

AuthZ

A logic issue was addressed with improved state management

CVE-2020-3881 5.5 - Medium - April 01, 2020

A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to view sensitive user information.

Information Leak

An injection issue was addressed with improved validation

CVE-2020-3884 6.1 - Medium - April 01, 2020

An injection issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to cause arbitrary javascript code execution.

Downstream Injection

A logic issue was addressed with improved state management

CVE-2020-3889 5.5 - Medium - April 01, 2020

A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to read arbitrary files.

Information Leak

A memory corruption issue was addressed with improved input validation

CVE-2020-3892 7.8 - High - April 01, 2020

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8