PT-2020-4292 · Apple+7 · Safari+15
Marcin Noga
·
Published
2020-09-18
·
Updated
2022-07-23
·
CVE-2020-9951
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Safari versions prior to 14.0
macOS Big Sur versions prior to 11.0.1
watchOS versions prior to 7.1
iOS versions prior to 14.2
iPadOS versions prior to 14.2
iCloud for Windows versions prior to 11.5
Safari versions prior to 14.0.1
tvOS versions prior to 14.2
iTunes for Windows versions prior to 12.11
Description:
A use after free issue was addressed with improved memory management. Processing maliciously crafted web content may lead to arbitrary code execution. The issue is related to the
aboutBlankURL() function of the WebKit component.Recommendations:
For Safari versions prior to 14.0, update to Safari 14.0 or later.
For macOS Big Sur versions prior to 11.0.1, update to macOS Big Sur 11.0.1 or later.
For watchOS versions prior to 7.1, update to watchOS 7.1 or later.
For iOS versions prior to 14.2, update to iOS 14.2 or later.
For iPadOS versions prior to 14.2, update to iPadOS 14.2 or later.
For iCloud for Windows versions prior to 11.5, update to iCloud for Windows 11.5 or later.
For Safari versions prior to 14.0.1, update to Safari 14.0.1 or later.
For tvOS versions prior to 14.2, update to tvOS 14.2 or later.
For iTunes for Windows versions prior to 12.11, update to iTunes 12.11 or later.
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Almalinux
Centos
Linuxmint
Red Hat
Rocky Linux
Safari
Suse
Ubuntu
Icloud For Windows
Ios
Ipados
Itunes
Itunes For Windows
Macos Big Sur
Tvos
Watchos