PT-2020-4069 · Apple · Audiotoolbox+5
Yu Zhou
+1
·
Published
2020-05-26
·
Updated
2022-04-27
·
CVE-2020-9815
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
iOS versions prior to 13.5
iPadOS versions prior to 13.5
macOS Catalina versions prior to 10.15.5
tvOS versions prior to 13.4.5
watchOS versions prior to 6.2.5
Description:
The issue is related to an out-of-bounds read in the AudioToolbox library, which can be exploited by processing a maliciously crafted audio file, potentially leading to arbitrary code execution. This is a result of insufficient bounds checking, allowing an attacker to execute arbitrary code.
Recommendations:
For iOS versions prior to 13.5, update to iOS 13.5 or later.
For iPadOS versions prior to 13.5, update to iPadOS 13.5 or later.
For macOS Catalina versions prior to 10.15.5, update to macOS Catalina 10.15.5 or later.
For tvOS versions prior to 13.4.5, update to tvOS 13.4.5 or later.
For watchOS versions prior to 6.2.5, update to watchOS 6.2.5 or later.
As a temporary workaround, consider avoiding the use of potentially malicious audio files until the issue is resolved.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Audiotoolbox
Ios
Ipados
Macos Catalina
Tvos
Watchos