PT-2020-4291 · Apple+7 · Safari+8

Brendan Draper

Published

2020-09-21

Updated

2022-07-23

CVE-2020-9948

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Safari versions prior to 14.0

Description: A type confusion issue was addressed with improved memory handling, which may lead to arbitrary code execution when processing maliciously crafted web content. This issue is related to a buffer overflow in the WebKit component of Apple Safari, allowing a remote attacker to execute arbitrary code.

Recommendations: For versions prior to 14.0, update to Safari 14.0 to resolve the issue. As a temporary workaround, consider restricting the processing of maliciously crafted web content until a patch is available.

Exploit

Fix

Type Confusion

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-843CWE-787

Related Identifiers

ALSA-2021:1586

BDU:2020-04784

CESA-2021_1586

CVE-2020-9948

DSA-4797-1

DSA-4797-2

MGASA-2020-0441

OPENSUSE-SU-2020:2304-1

OPENSUSE-SU-2020:2310-1

OPENSUSE-SU-2020_2304-1

OPENSUSE-SU-2020_2310-1

OPENSUSE-SU-2022:0182-1

OPENSUSE-SU-2022_0182-1

OPENSUSE-SU-2022_0182-2

RHSA-2021:1586

RHSA-2021_1586

RHSA-2025:10364

RLSA-2021:1586

SUSE-SU-2020:3864-1

SUSE-SU-2020:3867-1

SUSE-SU-2021:1990-1

SUSE-SU-2022:0142-1

SUSE-SU-2022:0182-1

SUSE-SU-2022:0182-2

SUSE-SU-2022:0183-1

USN-4648-1

ZDI-20-1214

Affected Products

Almalinux

Centos

Linuxmint

Red Hat

Rocky Linux

Safari

Suse

Ubuntu

Webkit

PT-2020-4291 · Apple+7 · Safari+8

CVE-2020-9948

Weakness Enumeration

Related Identifiers

Affected Products

References · 207